Vraag & Antwoord

Beveiliging & privacy

BSOD als gevolg van???? Hijackthis log

14 antwoorden
  • Sinds vorige week doet m'n PC vreemd. Krijg in één keer na een 2 jaar probleemloos gebruik, de BSOD met foutmeldingen zoals PFN-List_corrupt. Opstarten duurt minuten met de kans op een BSOD. Mogelijk iets met een automatische windows update of doordat ik m'n Panda heb aangegeven geen toestemming te geven voor lezen schrijven van localhost. Om jullie te betrekken in m'n probleem dacht ik ff een hijack this te maken. Bij het maken krijg ik echter bijgaande fout: [b:3866885f93]For some Reason your system denied write access to the Host file. If any Hijacked domains are in this file, HijackThis may not be able to fix this. If that happens you need to edit the file yourself. To do this click Start, Run and type Notepad c:\windows\system32\drivers\etc\hosts[/b:3866885f93] Waarschijnlijk heeft dit iets te doen met O1 - Hosts: :: 1Localhost Toch uiteindelijk gelukt. Bijgaand m'n logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:35:46, on 29-4-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe C:\WINDOWS\WindowsMobile\wmdcBase.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&tab=iw R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Mediacontrole PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://thebenet.thebe.nl/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 8976 bytes Wie heeft er advies?
  • Hallo PSL, ik ben benieuwd of je straks geen last meer hebt van BSODS? [color=#FF0000:74c20e823a][b:74c20e823a]Stap •1•[/b:74c20e823a][/color:74c20e823a] sluit alle openstaande vensters en start dan HijackThis en klik op de knop [b:74c20e823a]Do a Scan only, O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe[/b:74c20e823a] •zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen •vervolgens klik je daarna op de knop [b:74c20e823a]Fix checked[/b:74c20e823a][/list] [b:74c20e823a] Start de computer na de fix opnieuw op[/b:74c20e823a] [color=#FF0000:74c20e823a][b:74c20e823a]Stap •2•[/b:74c20e823a][/color:74c20e823a] [b:74c20e823a][url=http://www.idealsoftware.nl/MBAM/]Download, installeer en blijf MBAM gebruiken (KLIK)[/url][/b:74c20e823a] • Al meteen na de installatie wil [b:74c20e823a]MBAM[/b:74c20e823a] zijn database opwaarderen – toestaan dus. • Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:74c20e823a]Update[/b:74c20e823a]! • Start [b:74c20e823a]MBAM[/b:74c20e823a] en kies voor [b:74c20e823a]Snelle Scan[/b:74c20e823a] • [b:74c20e823a]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:74c20e823a] • Het scannen kan een tijdje duren, dus wees geduldig. • Indien de scan voltooid is, klik dan op de knop [b:74c20e823a]OK[/b:74c20e823a] • Klik daarna op de knop [b:74c20e823a]Bekijk Resultaten[/b:74c20e823a] om de resultaten te zien. • Zorg ervoor, dat alles aangevinkt is. • Vervolgens klik je op: [b:74c20e823a]Verwijder geselecteerde[/b:74c20e823a] . • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. • Het log wordt automatisch bewaard door [b:74c20e823a]MBAM[/b:74c20e823a] en dat kan je terugvinden door op de tab [b:74c20e823a]Logs[/b:74c20e823a] te klikken in [b:74c20e823a]MBAM[/b:74c20e823a] . • Indien [b:74c20e823a]MBAM[/b:74c20e823a] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:74c20e823a]OK[/b:74c20e823a] klikken! • Daarna zal [b:74c20e823a]MBAM[/b:74c20e823a] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list] Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook. MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen. [color=#FF0000:74c20e823a][b:74c20e823a]Stap •3•[/b:74c20e823a][/color:74c20e823a] [b:74c20e823a]Hierna post je de inhoud van de volgende logs:[/b:74c20e823a] • een nieuw Hijackthis-log • MBAM scanlog [b:74c20e823a]Tevens een Uninstall-lijst posten:[/b:74c20e823a] • start HijackThis, • klik op de knop [b:74c20e823a]Open the Misc Tools section[/b:74c20e823a], • klik op de knop [b:74c20e823a]Open Uninstall Manager[/b:74c20e823a] • Klik op de knop [b:74c20e823a]Save[/b:74c20e823a].[/list]
  • Weet je ook of ik [b:3bc0f0ccc6]O1 - Hosts: :: 1Localhost[/b:3bc0f0ccc6] kan fixen?
  • Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4057 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 1-5-2010 23:28:36 mbam-log-2010-05-01 (23-28-36).txt Scantype: Snelle scan Objecten gescand: 120224 Verstreken tijd: 5 minuut/minuten, 5 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\BIT783D.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
  • Opvallend. In veilige modus doet ie het meteen goed. In normale windows krijg ik nog steeds foutmelding zodra hij bij regel O1 - Hosts: ::1 localhost is. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:50:41, on 1-5-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&tab=iw R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Mediacontrole PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://thebenet.thebe.nl/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 8262 bytes
  • Aangifte inkomstenbelasting 2009 Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Reader 8.2.2 - Nederlands Advanced SystemCare 3 CCleaner (remove only) ChangeBrowserSettingsOffice2007 Citrix Presentation Server Client - Web Only dBpowerAMP Mp4 Codec dBpowerAMP Music Converter File Signature Verification Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) K-Lite Codec Pack 4.7.0 (Basic) Kruidvat fotoservice Magic ISO Maker v5.4 (build 0239) Magic ISO Maker v5.5 (build 0276) Malwarebytes' Anti-Malware MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight MSVC80_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Transfer Nero 7 Essentials neroxml Nokia Connectivity Cable Driver NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OGA Notifier 2.0.0048.0 Panda Global Protection 2009 PC Connectivity Solution Phototools Creator Pinnacle Instant DVD Recorder Pinnacle Studio 12 Pinnacle videodriver PowerDVD proDAD Mercalli 1.0 Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Sony Picture Utility Spelling Dictionaries Support For Adobe Reader 8 System Requirements Lab Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Three Ships Browser Plugin Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981433) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0) WinRAR archiver
  • wat is Skytel.exe? :roll:
  • Hallo PSl, met je Host-bestand is niks mis! O1 - Hosts: :: 1Localhost - die tweede melding staat er omdat bij jou IPv6 is ingeschakeld! Wat ik veel erger vind - MBAM zegt dus een rootkit te hebben verwijderd! Dus nu kijken of dat kreng echt uit je computer is en wat er zoal nog meer verborgen zit! [color=#FF0000:7050b0989e][b:7050b0989e]Stap •1•[/b:7050b0989e][/color:7050b0989e] [b:7050b0989e]Download [url=http://oldtimer.geekstogo.com/TFC.exe]TFC (klick)[/url] naar je bureaublad.[/b:7050b0989e] N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren![list:7050b0989e] • Klik/dubbelklik op [b:7050b0989e]TFC.exe[/b:7050b0989e] om het programma te starten. • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! • Vervolgens klik je op de knop [b:7050b0989e]Start[/b:7050b0989e] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. • Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. • Noot: TFC vertoont geen log![/list:u:7050b0989e] [color=#FF0000:7050b0989e][b:7050b0989e]Stap •2•[/b:7050b0989e][/color:7050b0989e] Download TDSSKiller.zip en plaats het op je bureaublad. Pak de bestanden uit. Info en download: http://support.kaspersky.com/viruses/solutions?qid=208280684 Open een kladblokbestand. Kopieer onderstaande code (Blauw - vetgedrukt) in dit kladblokbestand. [b:7050b0989e][color=darkblue:7050b0989e]@ECHO OFF TDSSKiller.exe -l report.txt -v DEL %0[/color:7050b0989e][/b:7050b0989e] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat. Bij "Bestandsnaam" zet je: start.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op start.bat Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map. Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt. [color=#FF0000:7050b0989e][b:7050b0989e]Stap •3•[/b:7050b0989e][/color:7050b0989e] [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:7050b0989e]Laat Combofix jouw Windows scannen[/b:7050b0989e] (klik)[/url]. [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:7050b0989e]Hoe Combofix goed te gebruiken[/b:7050b0989e] (klik)[/url] [b:7050b0989e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: [color=red:7050b0989e]• er mogen geen webbrowsers openstaan • antivirus moet geheel gedeaktiveerd zijn • actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:7050b0989e][/color:7050b0989e] Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen! Combofix sluit de internet verbinding – probeer deze tussentijds niet te [b:7050b0989e]• [color=darkblue:7050b0989e]Indien de Recovery Console niet geïnstalleerd is, dan wordt je gevraagd om dit alsnog te doen door op 'JA' te klikken in het "Query - Recovery Console" venster. Klik daarom op 'OK' en 'Ja' om automatisch de Recovery Console te laten installeren. Klik na afloop hiervan wederom op 'Ja', om het scannen op malware te starten. • De recovery Console maakt het makkelijker problemen op te lossen, indien Windows om de een of andere reden opstartproblemen heeft! [/color:7050b0989e][/b:7050b0989e] [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:7050b0989e]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:7050b0989e] (klik)[/url]
  • Inhoud TDS-killer: 21:38:23:650 5872 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 21:38:23:650 5872 ================================================================================ 21:38:23:650 5872 SystemInfo: 21:38:23:650 5872 OS Version: 6.0.6002 ServicePack: 2.0 21:38:23:650 5872 Product type: Workstation 21:38:23:650 5872 ComputerName: PCTHUIS 21:38:23:650 5872 UserName: Patrick en Esther 21:38:23:650 5872 Windows directory: C:\Windows 21:38:23:650 5872 Processor architecture: Intel x86 21:38:23:650 5872 Number of processors: 4 21:38:23:650 5872 Page size: 0x1000 21:38:23:650 5872 Boot type: Normal boot 21:38:23:650 5872 ================================================================================ 21:38:23:666 5872 UnloadDriverW: NtUnloadDriver error 2 21:38:23:666 5872 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 21:38:46:056 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\system 21:38:46:056 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:38:46:056 5872 wfopen_ex: Trying to KLMD file open 21:38:46:056 5872 wfopen_ex: File opened ok (Flags 2) 21:38:46:072 5872 wfopen_ex: Trying to open file C:\Windows\system32\config\software 21:38:46:072 5872 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:38:46:072 5872 wfopen_ex: Trying to KLMD file open 21:38:46:072 5872 wfopen_ex: File opened ok (Flags 2) 21:38:46:072 5872 Initialize success 21:38:46:072 5872 21:38:46:072 5872 Scanning Services ... 21:38:46:853 5872 Raw services enum returned 439 services 21:38:46:853 5872 21:38:46:853 5872 Scanning Kernel memory ... 21:38:46:853 5872 Devices to scan: 6 21:38:46:853 5872 21:38:46:853 5872 Driver Name: USBSTOR 21:38:46:853 5872 IRP_MJ_CREATE : 8FE35FC8 21:38:46:853 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:853 5872 IRP_MJ_CLOSE : 8FE36040 21:38:46:853 5872 IRP_MJ_READ : 8FE360B8 21:38:46:853 5872 IRP_MJ_WRITE : 8FE360B8 21:38:46:853 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:853 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:853 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:853 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:853 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:853 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:853 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:853 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:853 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:853 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4 21:38:46:853 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4 21:38:46:853 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:853 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:853 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:853 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:853 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:853 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:853 5872 IRP_MJ_POWER : 8FE3459C 21:38:46:853 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2 21:38:46:853 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:853 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:853 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:46:869 5872 21:38:46:869 5872 Driver Name: USBSTOR 21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8 21:38:46:869 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:869 5872 IRP_MJ_CLOSE : 8FE36040 21:38:46:869 5872 IRP_MJ_READ : 8FE360B8 21:38:46:869 5872 IRP_MJ_WRITE : 8FE360B8 21:38:46:869 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:869 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:869 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4 21:38:46:869 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4 21:38:46:869 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:869 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:869 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:869 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:869 5872 IRP_MJ_POWER : 8FE3459C 21:38:46:869 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2 21:38:46:869 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:869 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:46:869 5872 21:38:46:869 5872 Driver Name: USBSTOR 21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8 21:38:46:869 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:869 5872 IRP_MJ_CLOSE : 8FE36040 21:38:46:869 5872 IRP_MJ_READ : 8FE360B8 21:38:46:869 5872 IRP_MJ_WRITE : 8FE360B8 21:38:46:869 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:869 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:869 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:869 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4 21:38:46:869 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4 21:38:46:869 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:869 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:869 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:869 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:869 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:869 5872 IRP_MJ_POWER : 8FE3459C 21:38:46:869 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2 21:38:46:869 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:869 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:869 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:869 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:46:869 5872 21:38:46:869 5872 Driver Name: USBSTOR 21:38:46:869 5872 IRP_MJ_CREATE : 8FE35FC8 21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:884 5872 IRP_MJ_CLOSE : 8FE36040 21:38:46:884 5872 IRP_MJ_READ : 8FE360B8 21:38:46:884 5872 IRP_MJ_WRITE : 8FE360B8 21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4 21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4 21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_POWER : 8FE3459C 21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2 21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:884 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:46:884 5872 21:38:46:884 5872 Driver Name: USBSTOR 21:38:46:884 5872 IRP_MJ_CREATE : 8FE35FC8 21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:884 5872 IRP_MJ_CLOSE : 8FE36040 21:38:46:884 5872 IRP_MJ_READ : 8FE360B8 21:38:46:884 5872 IRP_MJ_WRITE : 8FE360B8 21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 8FE35BC4 21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8FE297E4 21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_POWER : 8FE3459C 21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 8FE317A2 21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:884 5872 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:46:884 5872 21:38:46:884 5872 Driver Name: atapi 21:38:46:884 5872 IRP_MJ_CREATE : 807BE140 21:38:46:884 5872 IRP_MJ_CREATE_NAMED_PIPE : 82428A22 21:38:46:884 5872 IRP_MJ_CLOSE : 807BE140 21:38:46:884 5872 IRP_MJ_READ : 82428A22 21:38:46:884 5872 IRP_MJ_WRITE : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_EA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_EA : 82428A22 21:38:46:884 5872 IRP_MJ_FLUSH_BUFFERS : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_SET_VOLUME_INFORMATION : 82428A22 21:38:46:884 5872 IRP_MJ_DIRECTORY_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_FILE_SYSTEM_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_DEVICE_CONTROL : 807ACA5A 21:38:46:884 5872 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807ACA2C 21:38:46:884 5872 IRP_MJ_SHUTDOWN : 82428A22 21:38:46:884 5872 IRP_MJ_LOCK_CONTROL : 82428A22 21:38:46:884 5872 IRP_MJ_CLEANUP : 82428A22 21:38:46:884 5872 IRP_MJ_CREATE_MAILSLOT : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_SET_SECURITY : 82428A22 21:38:46:884 5872 IRP_MJ_POWER : 807ACA88 21:38:46:884 5872 IRP_MJ_SYSTEM_CONTROL : 807B9B70 21:38:46:884 5872 IRP_MJ_DEVICE_CHANGE : 82428A22 21:38:46:884 5872 IRP_MJ_QUERY_QUOTA : 82428A22 21:38:46:884 5872 IRP_MJ_SET_QUOTA : 82428A22 21:38:46:900 5872 C:\Windows\system32\drivers\atapi.sys - Verdict: 1 21:38:46:900 5872 21:38:46:900 5872 Completed 21:38:46:900 5872 21:38:46:900 5872 Results: 21:38:46:900 5872 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:46:900 5872 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:46:900 5872 File objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:46:900 5872 21:38:46:900 5872 fclose_ex: Trying to close file C:\Windows\system32\config\system 21:38:46:900 5872 fclose_ex: Trying to close file C:\Windows\system32\config\software 21:38:46:900 5872 KLMD(ARK) unloaded successfully
  • Hallo PSL, het kan een heel goed teken zijn, dat het Kasperskytool niks gevonden heeft! Want dat zou dan inderdaad betekenen dat MBAM TDDS al verwijderd heeft. Desalnietemin acht ik het hoog noodzakelijk, dat je Combofix ook nog doet en daarvan dan het log post.
  • Hallo PSL, is dit de computer waarmee je nu ook BSODS enz. hebt?
  • Ik krijg nog steeds IRQL en PFN- BSOD's. De laatste stap vind ik wel spannend. Ik heb het gevoel dat er een geheugenbank o.i.d. kapot is. Daarnaast heb ik nog garantie. Alternatief is dat ik hem weg breng en na 2 werkdagen weer ophaal. Dan zou het probleem ook opgelost moeten zijn.
  • Je hebt nog garantie - daar dan gebruik van maken. De fouten kunnen inderdaad hardwarematig liggen. Maar het kan ook zijn, dat dat er drivers in jouw Windows gecorrumpeerd zijn geraakt en je daardoor die foutmeldingen en BSODS krijgt! Breng je de PC weg - back-up dan we eerstl al datgene, wat je niet kwijt wil raken, want er wordt gegarandeerd een herinstallatie gedaan!
  • Ik heb afgelopen week alles al zitten back-uppen, dus dat zit wel goed. Ik heb diverse malen de PC teruggezet naar een oudere datum, maar dat hielp niet echt. BSOD's bleven komen. Daarnaast ben ik nu Nero plotseling kwijt, doen m'n kaartlezers het niet meer, en kan er geen hersteldatum meer worden gekozen. Vrijdag nog een dagje thuiswerken achter de PC voor zover mogelijk en dan snel inleveren... Dank je wel alvast voor alle hulp!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.