Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

BSOD als gevolg van???? Hijackthis log

Abraham54
14 antwoorden
  • Sinds vorige week doet m'n PC vreemd. Krijg in één keer na een 2 jaar probleemloos gebruik, de BSOD met foutmeldingen zoals PFN-List_corrupt. Opstarten duurt minuten met de kans op een BSOD.

    Mogelijk iets met een automatische windows update of doordat ik m'n Panda heb aangegeven geen toestemming te geven voor lezen schrijven van localhost.

    Om jullie te betrekken in m'n probleem dacht ik ff een hijack this te maken. Bij het maken krijg ik echter bijgaande fout:

    [b:3866885f93]For some Reason your system denied write access to the Host file. If any Hijacked domains are in this file, HijackThis may not be able to fix this.

    If that happens you need to edit the file yourself. To do this click Start, Run and type

    Notepad c:\windows\system32\drivers\etc\hosts[/b:3866885f93]


    Waarschijnlijk heeft dit iets te doen met
    O1 - Hosts: :: 1Localhost

    Toch uiteindelijk gelukt. Bijgaand m'n logje:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:35:46, on 29-4-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\CyberLink\Shared Files\brs.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
    C:\WINDOWS\WindowsMobile\wmdcBase.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&tab=iw
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Mediacontrole PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://thebenet.thebe.nl/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
    O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32
    vSCPAPISvr.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe


    End of file - 8976 bytes


    Wie heeft er advies?
  • Hallo PSL, ik ben benieuwd of je straks geen last meer hebt van BSODS?

    [b:74c20e823a]Stap •1•[/b:74c20e823a][/color:74c20e823a]
    sluit alle openstaande vensters en start dan HijackThis en klik op de knop [b:74c20e823a]Do a Scan only,

    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe[/b:74c20e823a]
    •zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    •vervolgens klik je daarna op de knop [b:74c20e823a]Fix checked[/b:74c20e823a]
    [b:74c20e823a] Start de computer na de fix opnieuw op[/b:74c20e823a]


    [b:74c20e823a]Stap •2•[/b:74c20e823a][/color:74c20e823a]
    [b:74c20e823a]Download, installeer en blijf MBAM gebruiken (KLIK)[/b:74c20e823a]
    • Al meteen na de installatie wil [b:74c20e823a]MBAM[/b:74c20e823a] zijn database opwaarderen – toestaan dus.
    • Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:74c20e823a]Update[/b:74c20e823a]!

    • Start [b:74c20e823a]MBAM[/b:74c20e823a] en kies voor [b:74c20e823a]Snelle Scan[/b:74c20e823a]

    • [b:74c20e823a]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:74c20e823a]

    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Indien de scan voltooid is, klik dan op de knop [b:74c20e823a]OK[/b:74c20e823a]
    • Klik daarna op de knop [b:74c20e823a]Bekijk Resultaten[/b:74c20e823a] om de resultaten te zien.
    • Zorg ervoor, dat alles aangevinkt is.
    • Vervolgens klik je op: [b:74c20e823a]Verwijder geselecteerde[/b:74c20e823a] .
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    • Het log wordt automatisch bewaard door [b:74c20e823a]MBAM[/b:74c20e823a] en dat kan je terugvinden door op de tab [b:74c20e823a]Logs[/b:74c20e823a] te klikken in [b:74c20e823a]MBAM[/b:74c20e823a] .

    • Indien [b:74c20e823a]MBAM[/b:74c20e823a] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven –
    dan telkens op [b:74c20e823a]OK[/b:74c20e823a] klikken!
    • Daarna zal [b:74c20e823a]MBAM[/b:74c20e823a] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

    Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
    MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.


    [b:74c20e823a]Stap •3•[/b:74c20e823a][/color:74c20e823a]
    [b:74c20e823a]Hierna post je de inhoud van de volgende logs:[/b:74c20e823a]
    • een nieuw Hijackthis-log
    • MBAM scanlog
    [b:74c20e823a]Tevens een Uninstall-lijst posten:[/b:74c20e823a]
    • start HijackThis,
    • klik op de knop [b:74c20e823a]Open the Misc Tools section[/b:74c20e823a],
    • klik op de knop [b:74c20e823a]Open Uninstall Manager[/b:74c20e823a]
    • Klik op de knop [b:74c20e823a]Save[/b:74c20e823a].
  • Weet je ook of ik [b:3bc0f0ccc6]O1 - Hosts: :: 1Localhost[/b:3bc0f0ccc6] kan fixen?
  • Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4057

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904

    1-5-2010 23:28:36
    mbam-log-2010-05-01 (23-28-36).txt

    Scantype: Snelle scan
    Objecten gescand: 120224
    Verstreken tijd: 5 minuut/minuten, 5 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    C:\WINDOWS\BIT783D.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
  • Opvallend. In veilige modus doet ie het meteen goed. In normale windows krijg ik nog steeds foutmelding zodra hij bij regel O1 - Hosts: ::1 localhost is.




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:50:41, on 1-5-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&tab=iw
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Mediacontrole PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://thebenet.thebe.nl/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
    O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32
    vSCPAPISvr.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe


    End of file - 8262 bytes
  • Aangifte inkomstenbelasting 2009
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.2.2 - Nederlands
    Advanced SystemCare 3
    CCleaner (remove only)
    ChangeBrowserSettingsOffice2007
    Citrix Presentation Server Client - Web Only
    dBpowerAMP Mp4 Codec
    dBpowerAMP Music Converter
    File Signature Verification
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    K-Lite Codec Pack 4.7.0 (Basic)
    Kruidvat fotoservice
    Magic ISO Maker v5.4 (build 0239)
    Magic ISO Maker v5.5 (build 0276)
    Malwarebytes' Anti-Malware
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Silverlight
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    Nero 7 Essentials
    neroxml
    Nokia Connectivity Cable Driver
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    Panda Global Protection 2009
    PC Connectivity Solution
    Phototools Creator
    Pinnacle Instant DVD Recorder
    Pinnacle Studio 12
    Pinnacle videodriver
    PowerDVD
    proDAD Mercalli 1.0
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Sony Picture Utility
    Spelling Dictionaries Support For Adobe Reader 8
    System Requirements Lab
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Three Ships Browser Plugin
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Outlook 2007 Junk Email Filter (kb981433)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinRAR archiver
  • wat is Skytel.exe? :roll:
  • Hallo PSl, met je Host-bestand is niks mis!
    O1 - Hosts: :: 1Localhost - die tweede melding staat er omdat bij jou IPv6 is ingeschakeld!

    Wat ik veel erger vind - MBAM zegt dus een rootkit te hebben verwijderd!

    Dus nu kijken of dat kreng echt uit je computer is en wat er zoal nog meer verborgen zit!

    [b:7050b0989e]Stap •1•[/b:7050b0989e][/color:7050b0989e]
    [b:7050b0989e]Download TFC (klick) naar je bureaublad.[/b:7050b0989e]
    N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren![list:7050b0989e]
    • Klik/dubbelklik op [b:7050b0989e]TFC.exe[/b:7050b0989e] om het programma te starten.
    • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    • Vervolgens klik je op de knop [b:7050b0989e]Start[/b:7050b0989e] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    • Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    • Noot: TFC vertoont geen log![/list:u:7050b0989e]

    [b:7050b0989e]Stap •2•[/b:7050b0989e][/color:7050b0989e]
    Download TDSSKiller.zip en plaats het op je bureaublad.
    Pak de bestanden uit.
    Info en download: http://support.kaspersky.com/viruses/solutions?qid=208280684

    Open een kladblokbestand.
    Kopieer onderstaande code (Blauw - vetgedrukt) in dit kladblokbestand.

    [b:7050b0989e]@ECHO OFF
    TDSSKiller.exe -l report.txt -v
    DEL %0[/color:7050b0989e][/b:7050b0989e]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
    Bij "Bestandsnaam" zet je: start.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op start.bat
    Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
    Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.


    [b:7050b0989e]Stap •3•[/b:7050b0989e][/color:7050b0989e]
    [b:7050b0989e]Laat Combofix jouw Windows scannen[/b:7050b0989e] (klik).

    [b:7050b0989e]Hoe Combofix goed te gebruiken[/b:7050b0989e] (klik)

    [b:7050b0989e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
    • er mogen geen webbrowsers openstaan
    • antivirus moet geheel gedeaktiveerd zijn
    • actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:7050b0989e][/color:7050b0989e]


    Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!

    Combofix sluit de internet verbinding – probeer deze tussentijds niet te

    [b:7050b0989e]• Indien de Recovery Console niet geïnstalleerd is,
    dan wordt je gevraagd om dit alsnog te doen door op 'JA' te klikken in het "Query - Recovery Console" venster.
    Klik daarom op 'OK' en 'Ja' om automatisch de Recovery Console te laten installeren.
    Klik na afloop hiervan wederom op 'Ja', om het scannen op malware te starten.


    • De recovery Console maakt het makkelijker problemen op te lossen, indien Windows om de een of andere reden opstartproblemen heeft! [/color:7050b0989e][/b:7050b0989e]


    [b:7050b0989e]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:7050b0989e] (klik)
  • Inhoud TDS-killer:

    21:38:23:650 5872 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
    21:38:23:650 5872 ================================================================================
    21:38:23:650 5872 SystemInfo:

    21:38:23:650 5872 OS Version: 6.0.6002 ServicePack: 2.0
    21:38:23:650 5872 Product type: Workstation
    21:38:23:650 5872 ComputerName: PCTHUIS
    21:38:23:650 5872 UserName: Patrick en Esther
    21:38:23:650 5872 Windows directory: C:\Windows
    21:38:23:650 5872 Processor architecture: Intel x86
    21:38:23:650 5872 Number of processors: 4
    21:38:23:650 5872 Page size: 0x1000
    21:38:23:650 5872 Boot type: Normal boot
    21:38:23:650 5872 ================================================================================
    21:38:23:666 5872 UnloadDriverW: NtUnloadDriver error 2
    21:38:23:666 5872 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    21:38:46:056 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\system
    21:38:46:056 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:38:46:056 5872 wfopen_ex: Trying to KLMD file open
    21:38:46:056 5872 wfopen_ex: File opened ok (Flags 2)
    21:38:46:072 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\software
    21:38:46:072 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:38:46:072 5872 wfopen_ex: Trying to KLMD file open
    21:38:46:072 5872 wfopen_ex: File opened ok (Flags 2)
    21:38:46:072 5872 Initialize success
    21:38:46:072 5872
    21:38:46:072 5872 Scanning Services …
    21:38:46:853 5872 Raw services enum returned 439 services
    21:38:46:853 5872
    21:38:46:853 5872 Scanning Kernel memory …
    21:38:46:853 5872 Devices to scan: 6
    21:38:46:853 5872
    21:38:46:853 5872 Driver Name: USBSTOR
    21:38:46:853 5872 IRP_MJ_CREATE : 8FE35FC8
    21:38:46:853 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:853 5872 IRP_MJ_CLOSE : 8FE36040
    21:38:46:853 5872 IRP_MJ_READ : 8FE360B8
    21:38:46:853 5872 IRP_MJ_WRITE : 8FE360B8
    21:38:46:853 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:853 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:853 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:853 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:853 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:853 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:853 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:853 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:853 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:853 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4
    21:38:46:853 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4
    21:38:46:853 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:853 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:853 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:853 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:853 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:853 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:853 5872 IRP_MJ_POWER : 8FE3459C
    21:38:46:853 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2
    21:38:46:853 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:853 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:853 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    21:38:46:869 5872
    21:38:46:869 5872 Driver Name: USBSTOR
    21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8
    21:38:46:869 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:869 5872 IRP_MJ_CLOSE : 8FE36040
    21:38:46:869 5872 IRP_MJ_READ : 8FE360B8
    21:38:46:869 5872 IRP_MJ_WRITE : 8FE360B8
    21:38:46:869 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:869 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4
    21:38:46:869 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4
    21:38:46:869 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:869 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:869 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:869 5872 IRP_MJ_POWER : 8FE3459C
    21:38:46:869 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2
    21:38:46:869 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    21:38:46:869 5872
    21:38:46:869 5872 Driver Name: USBSTOR
    21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8
    21:38:46:869 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:869 5872 IRP_MJ_CLOSE : 8FE36040
    21:38:46:869 5872 IRP_MJ_READ : 8FE360B8
    21:38:46:869 5872 IRP_MJ_WRITE : 8FE360B8
    21:38:46:869 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:869 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:869 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4
    21:38:46:869 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4
    21:38:46:869 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:869 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:869 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:869 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:869 5872 IRP_MJ_POWER : 8FE3459C
    21:38:46:869 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2
    21:38:46:869 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:869 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:869 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    21:38:46:869 5872
    21:38:46:869 5872 Driver Name: USBSTOR
    21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8
    21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:884 5872 IRP_MJ_CLOSE : 8FE36040
    21:38:46:884 5872 IRP_MJ_READ : 8FE360B8
    21:38:46:884 5872 IRP_MJ_WRITE : 8FE360B8
    21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4
    21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4
    21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_POWER : 8FE3459C
    21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2
    21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:884 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    21:38:46:884 5872
    21:38:46:884 5872 Driver Name: USBSTOR
    21:38:46:884 5872 IRP_MJ_CREATE : 8FE35FC8
    21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:884 5872 IRP_MJ_CLOSE : 8FE36040
    21:38:46:884 5872 IRP_MJ_READ : 8FE360B8
    21:38:46:884 5872 IRP_MJ_WRITE : 8FE360B8
    21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4
    21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4
    21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_POWER : 8FE3459C
    21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2
    21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:884 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    21:38:46:884 5872
    21:38:46:884 5872 Driver Name: atapi
    21:38:46:884 5872 IRP_MJ_CREATE : 807BE140
    21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22
    21:38:46:884 5872 IRP_MJ_CLOSE : 807BE140
    21:38:46:884 5872 IRP_MJ_READ : 82428A22
    21:38:46:884 5872 IRP_MJ_WRITE : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22
    21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22
    21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 807ACA5A
    21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807ACA2C
    21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22
    21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22
    21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22
    21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22
    21:38:46:884 5872 IRP_MJ_POWER : 807ACA88
    21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 807B9B70
    21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22
    21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22
    21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22
    21:38:46:900 5872 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
    21:38:46:900 5872
    21:38:46:900 5872 Completed
    21:38:46:900 5872
    21:38:46:900 5872 Results:
    21:38:46:900 5872 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    21:38:46:900 5872 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:38:46:900 5872 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:38:46:900 5872
    21:38:46:900 5872 fclose_ex: Trying to close file C:\Windows\system32\config\system
    21:38:46:900 5872 fclose_ex: Trying to close file C:\Windows\system32\config\software
    21:38:46:900 5872 KLMD(ARK) unloaded successfully
  • Hallo PSL, het kan een heel goed teken zijn, dat het Kasperskytool niks gevonden heeft!
    Want dat zou dan inderdaad betekenen dat MBAM TDDS al verwijderd heeft.

    Desalnietemin acht ik het hoog noodzakelijk, dat je Combofix ook nog doet en daarvan dan het log post.
  • Hallo PSL, is dit de computer waarmee je nu ook BSODS enz. hebt?
  • Ik krijg nog steeds IRQL en PFN- BSOD's. De laatste stap vind ik wel spannend. Ik heb het gevoel dat er een geheugenbank o.i.d. kapot is. Daarnaast heb ik nog garantie. Alternatief is dat ik hem weg breng en na 2 werkdagen weer ophaal. Dan zou het probleem ook opgelost moeten zijn.
  • Je hebt nog garantie - daar dan gebruik van maken.

    De fouten kunnen inderdaad hardwarematig liggen.
    Maar het kan ook zijn, dat dat er drivers in jouw Windows gecorrumpeerd zijn geraakt en je daardoor die foutmeldingen en BSODS krijgt!

    Breng je de PC weg - back-up dan we eerstl al datgene, wat je niet kwijt wil raken, want er wordt gegarandeerd een herinstallatie gedaan!
  • Ik heb afgelopen week alles al zitten back-uppen, dus dat zit wel goed. Ik heb diverse malen de PC teruggezet naar een oudere datum, maar dat hielp niet echt. BSOD's bleven komen. Daarnaast ben ik nu Nero plotseling kwijt, doen m'n kaartlezers het niet meer, en kan er geen hersteldatum meer worden gekozen. Vrijdag nog een dagje thuiswerken achter de PC voor zover mogelijk en dan snel inleveren…

    Dank je wel alvast voor alle hulp!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.