Alweer een trage pc met 100% cpu

bigbrabo · 9 okt 2011

PC van een kennis van mij is niet vooruit te branden, cpu gebruik 9 van de 10 keer > 90%. Naast dat dit je geduld ernstig op de proef stelt is het eigenlijk onwerkbaar. Onderstaand de HJT logs

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:23, on 9-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\explorer.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\malwarebytes' anti-malware\mbamservice.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\mysql\mysql server 5.1\bin\mysqld.exe
c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wuauclt.exe
c:\windows\system32\dllhost.exe
c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
c:\windows\ehome\ehtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\alcxmntr.exe
c:\program files\poweriso\pwrisovm.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\malwarebytes' anti-malware\mbamgui.exe
c:\windows\system32\ctfmon.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\windows desktop search\windowssearch.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\windows\system32\notepad.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\hp\digital imaging\bin\hpqbam08.exe
c:\program files\common files\ahead\lib\nmindexingservice.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\hp\digital imaging\bin\hpqgpc01.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.nu.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r3 - urlsearchhook: productivity 2.2 toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o2 - bho: hp print enhancer - {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxconduitengin0.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: symantec nco bho - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coieplg.dll
o2 - bho: symantec intrusion prevention - {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\ipsbho.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o2 - bho: hp smart bho class - {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
o3 - toolbar: productivity 2.2 toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o3 - toolbar: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxconduitengin0.dll
o3 - toolbar: norton toolbar - {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coieplg.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [ehtray] c:\windows\ehome\ehtray.exe
o4 - hklm\..\run: [aticcc] c:\program files\ati technologies\ati.ace\clistart.exe
o4 - hklm\..\run: [alcxmonitor] alcxmntr.exe
o4 - hklm\..\run: [pwrisovm.exe] c:\program files\poweriso\pwrisovm.exe
o4 - hklm\..\run: [groovemonitor] c:\program files\microsoft office\office12\groovemonitor.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [corelgadget] rundll32.exe c:\program files\common files\ulead systems\gadget\gadgeteb.dll,launchgadget
o4 - hklm\..\run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /starttray
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] c:\program files\common files\ahead\lib\nmbgmonitor.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: hp digital imaging monitor.lnk = c:\program files\hp\digital imaging\bin\hpqtra08.exe
o4 - global startup: windows search.lnk = c:\program files\windows desktop search\windowssearch.exe
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: toon of verberg hp smart web printing - {dde87865-83c5-48c4-8357-2f5b1aa84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1300046044953[/noparse]
o16 - dpf: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} (gmnrev class) - [noparse]http://h20270.www2.hp.com/ediags/gmn2/install/hpproductdetection2.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o22 - sharedtaskscheduler: browseui preloader - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: component categories cache daemon - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: mbamservice - malwarebytes corporation - c:\program files\malwarebytes' anti-malware\mbamservice.exe
o23 - service: mysql - unknown owner - c:\program files\mysql\mysql server 5.1\bin\mysqld.exe
o23 - service: norton 360 (n360) - symantec corporation - c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: protexis licensing v2 (psi_svc_2) - protexis inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
o23 - service: sony ericsson pccompanion - avanquest software - c:\program files\sony ericsson\sony ericsson pc companion\pccservice.exe
--
end of file - 13044 bytes
[/hjt]

***UNINSTALL.LOG***

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1) - Nederlands
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Hybrid Capture Device
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Conduit Engine
Contents
Corel Digital Studio 2010
Corel WinDVD 2010
DeviceIO
DVDF10
Gadget
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
ICA
IPM_SU
iTunes
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware versie 1.51.2.1300
Media Go
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MLE
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
Nedsoft Kasboek 2001
Nero 7 Essentials
Norton 360 Premier Edition
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerISO
Productivity 2.2 Toolbar
PSPH10
PureHD
QuickTime
Realtek AC'97 Audio
RegClean Pro
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Setup
Share
Shop for HP Supplies
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Companion 2.01.217
Spybot - Search & Destroy
Systweak PhotoStudio 2.1
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VDS10
Verzoek of wijziging voorlopige aanslag 2011
VIO
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

HELP!!!!!

Abraham54 · 9 okt 2011

Hoi bigbrabo, welkom terug.
Heb je zoveel haast om een en ander klaar te krijgen?

Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:

Lees alle instrukties goed door.
Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

Stap 1
Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop Fix checked klikt!

Start nu HijackThis en klik op de knop Do a Scan only,

r3 - urlsearchhook: productivity 2.2 toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o2 - bho: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxconduitengin0.dll
o2 - bho: productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o3 - toolbar: productivity 2.2 toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files\productivity_2.2\prxtbpro0.dll
o3 - toolbar: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxconduitengin0.dll

zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
Sluit nu de webbrowser en vervolgens klik je daarna op de knop Fix checked
Klik hierna HijackThis op uit.

Stap 2
Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.

Dowload de Microsoft Safety Scanner hier.

Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:

Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
Het scannen duurt wel even, dus wees geduldig.

Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:

Allereerst:

Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!

Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

Let op:
- Malwarebytes verstrekt nu de volledige versie van MBAM.
- Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
- Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
- Zodoende zal MBAM als gratis versie verder te gebruiken zijn

Doe ook nog het volgende:
- Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
- Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:

Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.

Infecties gevonden:

Klik nu eerst op OK om de melding weg te klikken
Klik vervolgens rechtsonder op de knop Bekijk resultaten.
Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

MBAM-Log:

Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.

Post aansluitend in je volgende bericht de inhoud van het MBAM-log.

Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:

een nieuw Hijackthis-log
MBAM scanlog

bigbrabo · 9 okt 2011

Hoi Abraham54,

Dank voor de snelle reactie, gezien de prestaties van de pc kost alles enige moeite, haast is dan ook een groot woord, maar bij deze de logjes van HJT en MBam

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:20:13, on 9-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\explorer.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\mysql\mysql server 5.1\bin\mysqld.exe
c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
c:\windows\ehome\ehtray.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\windows\alcxmntr.exe
c:\windows\system32\svchost.exe
c:\program files\poweriso\pwrisovm.exe
c:\windows\system32\searchindexer.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\windows\ehome\ehmsas.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\program files\common files\java\java update\jusched.exe
c:\windows\system32\ctfmon.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\windows desktop search\windowssearch.exe
c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\hp\digital imaging\bin\hpqbam08.exe
c:\program files\hp\digital imaging\bin\hpqgpc01.exe
c:\program files\common files\ahead\lib\nmindexingservice.exe
c:\program files\teamviewer\version6\teamviewer.exe
c:\program files\teamviewer\version6\teamviewer_desktop.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.nu.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
o2 - bho: hp print enhancer - {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: symantec nco bho - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coieplg.dll
o2 - bho: symantec intrusion prevention - {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\ipsbho.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: hp smart bho class - {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
o3 - toolbar: norton toolbar - {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coieplg.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [ehtray] c:\windows\ehome\ehtray.exe
o4 - hklm\..\run: [aticcc] c:\program files\ati technologies\ati.ace\clistart.exe
o4 - hklm\..\run: [alcxmonitor] alcxmntr.exe
o4 - hklm\..\run: [pwrisovm.exe] c:\program files\poweriso\pwrisovm.exe
o4 - hklm\..\run: [groovemonitor] c:\program files\microsoft office\office12\groovemonitor.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [corelgadget] rundll32.exe c:\program files\common files\ulead systems\gadget\gadgeteb.dll,launchgadget
o4 - hklm\..\run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\runonce: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] c:\program files\common files\ahead\lib\nmbgmonitor.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: hp digital imaging monitor.lnk = c:\program files\hp\digital imaging\bin\hpqtra08.exe
o4 - global startup: windows search.lnk = c:\program files\windows desktop search\windowssearch.exe
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: toon of verberg hp smart web printing - {dde87865-83c5-48c4-8357-2f5b1aa84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1300046044953[/noparse]
o16 - dpf: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} (gmnrev class) - [noparse]http://h20270.www2.hp.com/ediags/gmn2/install/hpproductdetection2.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o22 - sharedtaskscheduler: browseui preloader - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: component categories cache daemon - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: mysql - unknown owner - c:\program files\mysql\mysql server 5.1\bin\mysqld.exe
o23 - service: norton 360 (n360) - symantec corporation - c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: protexis licensing v2 (psi_svc_2) - protexis inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
o23 - service: sony ericsson pccompanion - avanquest software - c:\program files\sony ericsson\sony ericsson pc companion\pccservice.exe
o23 - service: teamviewer 6 (teamviewer6) - teamviewer gmbh - c:\program files\teamviewer\version6\teamviewer_service.exe
--
end of file - 12217 bytes

[/hjt]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9-10-2011 22:19:27
mbam-log-2011-10-09 (22-19-27).txt

Scantype: Snelle scan
Objecten gescand: 178743
Verstreken tijd: 40 minuut/minuten, 38 seconde

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 0
Registerdata genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0

Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Abraham54 · 9 okt 2011

Ok, we gaan door met hoofdtuk 2:

Stap 1
[Welk programma: Kaspersky TDSSKiller
Waarvoor/waarom: Rootkitscanner
Moeilijkheidsgraad: geen
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
Download TDSSKiller hier.

Installatie:

pak het bestand uit op je bureaublad.

TDSSKiller gebruiken:

Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor Als Administrator uitvoeren.
Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.

Klik vervolgens op de knop "Start Scan" en volg de instructies.
Nadat de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
- Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).
- Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Stap 2
Welk programma: "aswMBR.exe'
Waarvoor/waarom: MBR-Rootkitscanner
Moeilijkheidsgraad: geen
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
Download aswMBR.exe hier.

aswMBR.exe gebruiken:

Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor Als Administrator uitvoeren.

Klik nu in het zwarte scherm op de knop Scan
Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop Save log

Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
Tevens vindt je nu op het bureaublad ook het bestand MBR.dat!
MBR.dat is een backupbestand, bewaar dat dus voorlopig.
Ook op het bureaublad staat een kladbloktekst-document genaamd aswMBR.txt
Post de inhoud van aswMBR.txt in jouw volgende bericht.

Stap 3
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:

TDSSKiller-log
aswMBR.txt-log

bigbrabo · 12 okt 2011

Hoi Abraham,

Na 2 dagen laat thuis te zijn geweest ben ik weer in de lucht. Zoals verzocht heb ik beide programma's gedraaid. Bij TDSSKILLER geen probleem, log zie onder. Bij het draaien van aswMBR is de pc tot 2x toe na een dump (blauw scherm) opnieuw opgestart, vanuit mijn ooghoek zag ik dat dit tijdens het scannen van de file act.......sys was, errormessage uit systeemlog heb ik bijgevoegd, .dmp file is als bijlage geupload. Ik hoop dat je er iets mee kunt.

Alvast dank.

LOG TDSSKILLER

19:28:17.0799 0248 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
19:28:19.0799 0248 ============================================================
19:28:19.0799 0248 Current date / time: 2011/10/12 19:28:19.0799
19:28:19.0799 0248 SystemInfo:
19:28:19.0799 0248
19:28:19.0799 0248 OS Version: 5.1.2600 ServicePack: 3.0
19:28:19.0799 0248 Product type: Workstation
19:28:19.0799 0248 ComputerName: JAN-DESKTOP
19:28:19.0799 0248 UserName: Jan
19:28:19.0799 0248 Windows directory: C:\WINDOWS
19:28:19.0799 0248 System windows directory: C:\WINDOWS
19:28:19.0799 0248 Processor architecture: Intel x86
19:28:19.0799 0248 Number of processors: 1
19:28:19.0799 0248 Page size: 0x1000
19:28:19.0799 0248 Boot type: Normal boot
19:28:19.0799 0248 ============================================================
19:28:27.0643 0248 Initialize success
19:29:27.0299 3980 ============================================================
19:29:27.0299 3980 Scan started
19:29:27.0299 3980 Mode: Manual;
19:29:27.0299 3980 ============================================================
19:29:32.0674 3980 3xHybrid (2ccbcee5c351a1cee31a086e8e3f9d74) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
19:29:35.0534 3980 3xHybrid - ok
19:29:36.0518 3980 Abiosdsk - ok
19:29:37.0221 3980 abp480n5 - ok
19:29:38.0252 3980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:29:38.0362 3980 ACPI - ok
19:29:39.0534 3980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:29:39.0549 3980 ACPIEC - ok
19:29:40.0424 3980 adpu160m - ok
19:29:41.0206 3980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:29:41.0268 3980 aec - ok
19:29:42.0784 3980 AegisP (b8a5ae35b5bbb8e0dbd6689bb3261feb) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:29:42.0799 3980 AegisP - ok
19:29:43.0893 3980 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:29:43.0971 3980 AFD - ok
19:29:44.0815 3980 Aha154x - ok
19:29:45.0378 3980 aic78u2 - ok
19:29:45.0940 3980 aic78xx - ok
19:29:49.0581 3980 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:29:52.0534 3980 ALCXWDM - ok
19:29:53.0299 3980 AliIde - ok
19:29:54.0018 3980 amsint - ok
19:29:54.0721 3980 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:29:54.0721 3980 Arp1394 - ok
19:29:55.0456 3980 asc - ok
19:29:56.0049 3980 asc3350p - ok
19:29:56.0612 3980 asc3550 - ok
19:29:57.0190 3980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:29:57.0190 3980 AsyncMac - ok
19:29:57.0846 3980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:29:57.0846 3980 atapi - ok
19:29:58.0581 3980 Atdisk - ok
19:30:00.0659 3980 ati2mtag (0a9918ecc189faab648a94d3ea9907c5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:30:02.0003 3980 ati2mtag - ok
19:30:03.0003 3980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:03.0003 3980 Atmarpc - ok
19:30:03.0628 3980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:03.0628 3980 audstub - ok
19:30:04.0487 3980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:30:04.0487 3980 Beep - ok
19:30:06.0143 3980 BHDrvx86 (163340a63f197c91d65ca9ce4b5811f7) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110929.001\BHDrvx86.sys
19:30:06.0784 3980 BHDrvx86 - ok
19:30:07.0659 3980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:07.0659 3980 cbidf2k - ok
19:30:08.0503 3980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:30:08.0503 3980 CCDECODE - ok
19:30:09.0237 3980 cd20xrnt - ok
19:30:09.0925 3980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:09.0940 3980 Cdaudio - ok
19:30:10.0628 3980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:10.0628 3980 Cdfs - ok
19:30:11.0503 3980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:30:11.0503 3980 Cdrom - ok
19:30:12.0284 3980 Changer - ok
19:30:13.0050 3980 CmdIde - ok
19:30:20.0534 3980 Cpqarray - ok
19:30:22.0487 3980 dac2w2k - ok
19:30:23.0659 3980 dac960nt - ok
19:30:26.0206 3980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:26.0268 3980 Disk - ok
19:30:29.0612 3980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:30:30.0237 3980 dmboot - ok
19:30:32.0612 3980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:30:32.0909 3980 dmio - ok
19:30:34.0347 3980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:30:34.0472 3980 dmload - ok
19:30:37.0143 3980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:30:37.0159 3980 DMusic - ok
19:30:40.0034 3980 dpti2o - ok
19:30:42.0487 3980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:42.0925 3980 drmkaud - ok
19:30:44.0034 3980 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:30:44.0362 3980 eeCtrl - ok
19:30:45.0081 3980 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:30:45.0159 3980 EraserUtilRebootDrv - ok
19:30:47.0050 3980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:47.0112 3980 Fastfat - ok
19:30:47.0909 3980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:30:47.0925 3980 Fdc - ok
19:30:48.0753 3980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:30:48.0769 3980 Fips - ok
19:30:49.0472 3980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:30:49.0487 3980 Flpydisk - ok
19:30:50.0519 3980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:30:50.0565 3980 FltMgr - ok
19:30:51.0909 3980 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:30:52.0034 3980 fssfltr - ok
19:30:53.0144 3980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:53.0144 3980 Fs_Rec - ok
19:30:53.0909 3980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:53.0956 3980 Ftdisk - ok
19:30:54.0862 3980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:30:54.0862 3980 GEARAspiWDM - ok
19:30:55.0722 3980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:55.0722 3980 Gpc - ok
19:30:56.0409 3980 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:56.0409 3980 hidusb - ok
19:30:57.0253 3980 hpn - ok
19:30:57.0956 3980 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:30:57.0956 3980 HPZid412 - ok
19:30:58.0769 3980 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:30:58.0769 3980 HPZipr12 - ok
19:30:59.0394 3980 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:30:59.0394 3980 HPZius12 - ok
19:31:00.0487 3980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:31:00.0675 3980 HTTP - ok
19:31:01.0425 3980 i2omgmt - ok
19:31:02.0034 3980 i2omp - ok
19:31:02.0706 3980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:31:02.0706 3980 i8042prt - ok
19:31:03.0472 3980 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111011.030\IDSxpx86.sys
19:31:03.0472 3980 IDSxpx86 - ok
19:31:04.0331 3980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:31:04.0331 3980 Imapi - ok
19:31:05.0144 3980 ini910u - ok
19:31:05.0722 3980 IntelIde - ok
19:31:06.0519 3980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:31:06.0519 3980 Ip6Fw - ok
19:31:07.0206 3980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:31:07.0222 3980 IpFilterDriver - ok
19:31:08.0128 3980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:31:08.0128 3980 IpInIp - ok
19:31:09.0128 3980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:31:09.0300 3980 IpNat - ok
19:31:10.0222 3980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:31:10.0269 3980 IPSec - ok
19:31:10.0956 3980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:31:10.0956 3980 IRENUM - ok
19:31:11.0925 3980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:31:11.0941 3980 isapnp - ok
19:31:12.0925 3980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:31:12.0925 3980 Kbdclass - ok
19:31:13.0628 3980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:31:13.0628 3980 kbdhid - ok
19:31:14.0519 3980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:31:14.0519 3980 kmixer - ok
19:31:15.0284 3980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:31:15.0347 3980 KSecDD - ok
19:31:15.0941 3980 lbrtfdc - ok
19:31:16.0659 3980 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:31:16.0659 3980 MBAMProtector - ok
19:31:17.0550 3980 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:31:17.0550 3980 MHNDRV - ok
19:31:18.0316 3980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:31:18.0316 3980 mnmdd - ok
19:31:19.0050 3980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:31:19.0081 3980 Modem - ok
19:31:19.0909 3980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:31:19.0909 3980 Mouclass - ok
19:31:20.0644 3980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:31:20.0644 3980 mouhid - ok
19:31:21.0316 3980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:31:21.0316 3980 MountMgr - ok
19:31:22.0253 3980 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:31:22.0253 3980 MPE - ok
19:31:22.0894 3980 mraid35x - ok
19:31:23.0691 3980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:31:23.0784 3980 MRxDAV - ok
19:31:24.0909 3980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:31:25.0363 3980 MRxSmb - ok
19:31:26.0066 3980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:31:26.0066 3980 Msfs - ok
19:31:26.0784 3980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:31:26.0784 3980 MSKSSRV - ok
19:31:27.0456 3980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:31:27.0456 3980 MSPCLOCK - ok
19:31:28.0331 3980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:31:28.0331 3980 MSPQM - ok
19:31:29.0034 3980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:31:29.0034 3980 mssmbios - ok
19:31:29.0706 3980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:31:29.0706 3980 MSTEE - ok
19:31:30.0894 3980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:31:30.0956 3980 Mup - ok
19:31:31.0691 3980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:31:31.0706 3980 NABTSFEC - ok
19:31:32.0644 3980 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111011.024\NAVENG.SYS
19:31:32.0644 3980 NAVENG - ok
19:31:34.0378 3980 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111011.024\NAVEX15.SYS
19:31:34.0394 3980 NAVEX15 - ok
19:31:39.0956 3980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:31:40.0144 3980 NDIS - ok
19:31:41.0581 3980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:31:41.0581 3980 NdisIP - ok
19:31:42.0503 3980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:31:42.0503 3980 NdisTapi - ok
19:31:43.0706 3980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:31:43.0706 3980 Ndisuio - ok
19:31:44.0394 3980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:31:44.0425 3980 NdisWan - ok
19:31:45.0175 3980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:31:45.0191 3980 NDProxy - ok
19:31:46.0066 3980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:31:46.0066 3980 NetBIOS - ok
19:31:46.0894 3980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:31:46.0988 3980 NetBT - ok
19:31:48.0035 3980 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:31:48.0050 3980 NIC1394 - ok
19:31:48.0769 3980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:31:48.0769 3980 Npfs - ok
19:31:49.0925 3980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:31:50.0410 3980 Ntfs - ok
19:31:51.0238 3980 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:31:51.0238 3980 NuidFltr - ok
19:31:51.0847 3980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:31:51.0847 3980 Null - ok
19:31:52.0503 3980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:31:52.0503 3980 NwlnkFlt - ok
19:31:53.0378 3980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:31:53.0378 3980 NwlnkFwd - ok
19:31:54.0191 3980 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:31:54.0191 3980 ohci1394 - ok
19:31:54.0894 3980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:31:54.0910 3980 Parport - ok
19:31:56.0003 3980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:31:56.0003 3980 PartMgr - ok
19:31:56.0581 3980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:31:56.0581 3980 ParVdm - ok
19:31:57.0441 3980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:31:57.0441 3980 PCI - ok
19:31:58.0191 3980 PCIDump - ok
19:31:58.0738 3980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:31:58.0738 3980 PCIIde - ok
19:31:59.0457 3980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:31:59.0566 3980 Pcmcia - ok
19:32:00.0769 3980 PDCOMP - ok
19:32:01.0800 3980 PDFRAME - ok
19:32:02.0363 3980 PDRELI - ok
19:32:02.0925 3980 PDRFRAME - ok
19:32:03.0472 3980 perc2 - ok
19:32:04.0050 3980 perc2hib - ok
19:32:04.0753 3980 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
19:32:04.0753 3980 Point32 - ok
19:32:05.0425 3980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:32:05.0425 3980 PptpMiniport - ok
19:32:06.0285 3980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:32:06.0285 3980 Processor - ok
19:32:07.0238 3980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:32:07.0238 3980 PSched - ok
19:32:07.0832 3980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:32:07.0832 3980 Ptilink - ok
19:32:08.0660 3980 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:32:08.0660 3980 PxHelp20 - ok
19:32:09.0410 3980 ql1080 - ok
19:32:10.0160 3980 Ql10wnt - ok
19:32:10.0769 3980 ql12160 - ok
19:32:11.0660 3980 ql1240 - ok
19:32:12.0503 3980 ql1280 - ok
19:32:13.0113 3980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:32:13.0113 3980 RasAcd - ok
19:32:13.0800 3980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:32:13.0800 3980 Rasl2tp - ok
19:32:14.0597 3980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:32:14.0597 3980 RasPppoe - ok
19:32:15.0207 3980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:32:15.0207 3980 Raspti - ok
19:32:16.0300 3980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:32:16.0425 3980 Rdbss - ok
19:32:17.0222 3980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:32:17.0222 3980 RDPCDD - ok
19:32:18.0113 3980 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:32:18.0238 3980 rdpdr - ok
19:32:19.0191 3980 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:32:19.0332 3980 RDPWD - ok
19:32:20.0222 3980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:32:20.0222 3980 redbook - ok
19:32:21.0082 3980 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:32:21.0113 3980 rtl8139 - ok
19:32:21.0925 3980 RTL8192su - ok
19:32:22.0629 3980 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
19:32:22.0660 3980 s1018bus - ok
19:32:23.0300 3980 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
19:32:23.0300 3980 s1018mdfl - ok
19:32:24.0207 3980 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
19:32:24.0254 3980 s1018mdm - ok
19:32:25.0113 3980 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
19:32:25.0144 3980 s1018mgmt - ok
19:32:25.0972 3980 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
19:32:25.0972 3980 s1018nd5 - ok
19:32:26.0894 3980 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
19:32:26.0925 3980 s1018obex - ok
19:32:27.0738 3980 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
19:32:27.0769 3980 s1018unic - ok
19:32:28.0722 3980 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
19:32:28.0754 3980 SCDEmu - ok
19:32:29.0566 3980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:32:29.0566 3980 Secdrv - ok
19:32:30.0410 3980 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
19:32:30.0410 3980 seehcri - ok
19:32:31.0379 3980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:32:31.0441 3980 Serial - ok
19:32:32.0957 3980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:32:32.0972 3980 Sfloppy - ok
19:32:33.0629 3980 Simbad - ok
19:32:34.0254 3980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:32:34.0254 3980 SLIP - ok
19:32:35.0004 3980 Sparrow - ok
19:32:35.0675 3980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:32:35.0691 3980 splitter - ok
19:32:36.0504 3980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:36.0519 3980 sr - ok
19:32:37.0738 3980 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
19:32:38.0129 3980 SRTSP - ok
19:32:39.0129 3980 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
19:32:39.0144 3980 SRTSPX - ok
19:32:40.0285 3980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:40.0566 3980 Srv - ok
19:32:41.0394 3980 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:32:41.0410 3980 StillCam - ok
19:32:42.0035 3980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:32:42.0035 3980 streamip - ok
19:32:42.0644 3980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:42.0644 3980 swenum - ok
19:32:43.0504 3980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:43.0504 3980 swmidi - ok
19:32:44.0238 3980 symc810 - ok
19:32:44.0863 3980 symc8xx - ok
19:32:45.0910 3980 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
19:32:46.0129 3980 SymDS - ok
19:32:48.0269 3980 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
19:32:48.0972 3980 SymEFA - ok
19:32:49.0910 3980 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:32:49.0988 3980 SymEvent - ok
19:32:51.0051 3980 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
19:32:51.0160 3980 SymIRON - ok
19:32:52.0457 3980 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
19:32:52.0738 3980 SYMTDI - ok
19:32:58.0801 3980 sym_hi - ok
19:33:00.0035 3980 sym_u3 - ok
19:33:00.0738 3980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:33:00.0738 3980 sysaudio - ok
19:33:01.0660 3980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:33:01.0926 3980 Tcpip - ok
19:33:02.0863 3980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:33:02.0879 3980 TDPIPE - ok
19:33:03.0707 3980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:33:03.0723 3980 TDTCP - ok
19:33:04.0613 3980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:33:04.0613 3980 TermDD - ok
19:33:05.0223 3980 TosIde - ok
19:33:05.0973 3980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:33:05.0988 3980 Udfs - ok
19:33:06.0676 3980 ultra - ok
19:33:07.0894 3980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:33:08.0160 3980 Update - ok
19:33:08.0848 3980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:33:08.0863 3980 usbccgp - ok
19:33:09.0566 3980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:33:09.0566 3980 usbehci - ok
19:33:10.0941 3980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:33:10.0941 3980 usbhub - ok
19:33:11.0676 3980 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:33:11.0676 3980 usbohci - ok
19:33:12.0332 3980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:33:12.0348 3980 usbprint - ok
19:33:13.0254 3980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:33:13.0254 3980 usbscan - ok
19:33:14.0082 3980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:33:14.0082 3980 usbstor - ok
19:33:14.0910 3980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:33:14.0910 3980 VgaSave - ok
19:33:15.0488 3980 ViaIde - ok
19:33:16.0332 3980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:33:16.0332 3980 VolSnap - ok
19:33:16.0941 3980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:33:16.0941 3980 Wanarp - ok
19:33:18.0441 3980 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:33:18.0816 3980 Wdf01000 - ok
19:33:19.0613 3980 WDICA - ok
19:33:20.0535 3980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:33:20.0551 3980 wdmaud - ok
19:33:22.0004 3980 WN5301 (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys
19:33:22.0348 3980 WN5301 - ok
19:33:23.0207 3980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:33:23.0207 3980 WpdUsb - ok
19:33:24.0176 3980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:33:24.0176 3980 WSTCODEC - ok
19:33:25.0066 3980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:33:25.0082 3980 WudfPf - ok
19:33:25.0723 3980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:33:25.0738 3980 WudfRd - ok
19:33:25.0816 3980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:33:26.0270 3980 \Device\Harddisk0\DR0 - ok
19:33:26.0348 3980 Boot (0x1200) (c40563b9e162a15f95e940b07cd659c5) \Device\Harddisk0\DR0\Partition0
19:33:26.0348 3980 \Device\Harddisk0\DR0\Partition0 - ok
19:33:26.0379 3980 Boot (0x1200) (a283c2fe6e431e1f527dbff6230e4a96) \Device\Harddisk0\DR0\Partition1
19:33:26.0379 3980 \Device\Harddisk0\DR0\Partition1 - ok
19:33:26.0379 3980 ============================================================
19:33:26.0379 3980 Scan finished
19:33:26.0379 3980 ============================================================
19:33:26.0395 3800 Detected object count: 0
19:33:26.0395 3800 Actual detected object count: 0

***ERROR SYSLOG***
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 12-10-2011
Time: 19:52:51
User: N/A
Computer: JAN-DESKTOP
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0x00000260, 0x00000007, 0x00000000, 0xb9f136ab). A dump was saved in: C:\WINDOWS\Minidump\Mini101211-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Abraham54 · 12 okt 2011

Doe maar het volgende i.v.m. die BSOD's:

WhoCrashed introductie

WhoCrashed beschrijving

Download de free home edition van WhoCrashed naar je bureaublad via klik hier

en installeer het tool via klikken/dubbelklikken op "whocrashedSetup.exe"

Nadat 'WhoCrashed' is opgestart, klik je op de "Analyze" knop.

Selekteer nu de inhoud van het venster, kopieer dit en post het resultaat in je volgende post.

bigbrabo · 12 okt 2011

Bij deze:

System Information (local)
--------------------------------------------------------------------------------

computer name: JAN-DESKTOP
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: AuthenticAMD AMD Athlon(tm) 64 Processor 3700+ AMD586, level: 15
1 logical processors, active mask: 1
RAM: 3219636224 total
VM: 2147352576, free: 2028851200

--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Wed 12-10-2011 18:26:44 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini101211-02.dmp
This was probably caused by the following module: atapi.sys (atapi+0x590A)
Bugcheck code: 0x100000D1 (0x1C072B, 0x7, 0x0, 0xFFFFFFFFB9F1090A)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

On Wed 12-10-2011 17:49:32 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini101211-01.dmp
This was probably caused by the following module: atapi.sys (atapi+0x86AB)
Bugcheck code: 0x100000D1 (0x260, 0x7, 0x0, 0xFFFFFFFFB9F136AB)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

On Mon 10-10-2011 21:12:45 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini101011-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x21CC5)
Bugcheck code: 0x77 (0xFFFFFFFFC0000015, 0xFFFFFFFFC0000015, 0x0, 0x1AE1000)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

3 crash dumps have been found and analyzed.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Abraham54 · 12 okt 2011

Heb jij een echte Windows installatiedisk?

bigbrabo · 12 okt 2011

Het is een OEM versie maar windows is wel vaker voorzien van een clean install dus ik ga er wel van uit..... ben al bang waar dit naar toe gaat. Normaal is mijn motto "no risk, no fun" maar nu is "no risk, be sure you hav an installation cd" waarschijnlijk beter...

***Update: ik hoor net dat het waarschijnlijk een recovery-cd betreft***

Abraham54 · 12 okt 2011

We hebben voor de reparatie een echte Windows XP-CD nodig.

Want ik wil dat Atapi.sys laten repareren.

Edit, misschien dat ComboFix iets kan:

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:

Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier
vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:

Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

ComboFix opstarten:

Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".

ComboFix is opgestart:

Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

Belangrijke opmerking:

Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
Illegal operation attempted on a registery key that has been marked for deletion.
Start dan de computer opnieuw op.

bigbrabo · 13 okt 2011

[hjt]
combofix 11-10-12.03 - jan 12-10-2011 22:50:09.1.1 - x86
microsoft windows xp professional 5.1.2600.3.1252.1.1033.18.3070.2175 [gmt 2:00]
running from: c:\documents and settings\jan\desktop\combofix.exe
av: norton 360 premier edition *disabled/updated* {e10a9785-9598-4754-b552-92431c1c35f8}
fw: norton 360 premier edition *disabled* {7c21a4c9-f61f-4ac4-b722-a6e19c16f220}
.
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jan\application data\pricegong
c:\documents and settings\jan\application data\pricegong\data\1.xml
c:\documents and settings\jan\application data\pricegong\data\a.xml
c:\documents and settings\jan\application data\pricegong\data\b.xml
c:\documents and settings\jan\application data\pricegong\data\c.xml
c:\documents and settings\jan\application data\pricegong\data\d.xml
c:\documents and settings\jan\application data\pricegong\data\e.xml
c:\documents and settings\jan\application data\pricegong\data\f.xml
c:\documents and settings\jan\application data\pricegong\data\g.xml
c:\documents and settings\jan\application data\pricegong\data\h.xml
c:\documents and settings\jan\application data\pricegong\data\i.xml
c:\documents and settings\jan\application data\pricegong\data\j.xml
c:\documents and settings\jan\application data\pricegong\data\k.xml
c:\documents and settings\jan\application data\pricegong\data\l.xml
c:\documents and settings\jan\application data\pricegong\data\m.xml
c:\documents and settings\jan\application data\pricegong\data\mru.xml
c:\documents and settings\jan\application data\pricegong\data\n.xml
c:\documents and settings\jan\application data\pricegong\data\o.xml
c:\documents and settings\jan\application data\pricegong\data\p.xml
c:\documents and settings\jan\application data\pricegong\data\q.xml
c:\documents and settings\jan\application data\pricegong\data\r.xml
c:\documents and settings\jan\application data\pricegong\data\s.xml
c:\documents and settings\jan\application data\pricegong\data\t.xml
c:\documents and settings\jan\application data\pricegong\data\u.xml
c:\documents and settings\jan\application data\pricegong\data\v.xml
c:\documents and settings\jan\application data\pricegong\data\w.xml
c:\documents and settings\jan\application data\pricegong\data\x.xml
c:\documents and settings\jan\application data\pricegong\data\y.xml
c:\documents and settings\jan\application data\pricegong\data\z.xml
c:\documents and settings\jan\windows
c:\windows\unin0413.exe
h:\autorun.inf
.
.
((((((((((((((((((((((((( files created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:50 . 2011-10-12 19:58 -------- d-----w- c:\program files\whocrashed
2011-10-09 19:33 . 2011-10-09 19:35 -------- d-----w- c:\program files\malwarebytes' anti-malware
2011-10-09 19:33 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 17:56 . 2011-10-09 17:56 -------- d-----w- c:\documents and settings\jan\application data\teamviewer
2011-10-09 17:55 . 2011-10-09 17:55 -------- d-----w- c:\program files\teamviewer
2011-10-09 13:52 . 2011-10-09 15:34 -------- d-----w- c:\documents and settings\all users\application data\spybot - search & destroy
2011-10-09 13:52 . 2011-10-09 14:02 -------- d-----w- c:\program files\spybot - search & destroy
2011-10-09 12:50 . 2011-10-09 12:50 388096 ----a-r- c:\documents and settings\jan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-10-09 12:49 . 2011-10-09 12:49 -------- d-----w- c:\program files\trend micro
2011-10-09 12:48 . 2011-10-09 12:48 -------- d-----w- c:\documents and settings\jan\application data\malwarebytes
2011-10-09 12:46 . 2011-10-09 12:46 -------- d-----w- c:\documents and settings\all users\application data\malwarebytes
2011-10-05 19:11 . 2011-10-09 12:05 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-05 19:11 . 2011-10-05 19:11 -------- d-----w- c:\program files\hitman pro 3.5
2011-10-05 19:10 . 2011-10-05 19:10 -------- d-----w- c:\documents and settings\all users\application data\hitman pro
2011-10-05 18:35 . 2011-10-05 19:11 -------- d-----w- c:\program files\hitman pro
2011-10-05 18:26 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\tweakui.exe
2011-10-05 18:12 . 2011-10-05 18:12 -------- d-----w- c:\perflogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-18 13:10 . 2011-06-26 21:05 404640 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 14:14 . 2011-08-31 15:02 17280 ----a-w- c:\windows\system32\roboot.exe
2011-07-15 13:29 . 2004-08-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"=c:\program files\common files\ahead\lib\nmbgmonitor.exe [2007-05-04 149040]
"lightscribe control panel"=c:\program files\common files\lightscribe\lightscribecontrolpanel.exe [2007-04-19 484904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"ehtray"=c:\windows\ehome\ehtray.exe [2005-08-05 64512]
"aticcc"=c:\program files\ati technologies\ati.ace\clistart.exe [2006-05-10 90112]
"alcxmonitor"="alcxmntr.exe" [2004-09-07 57344]
"pwrisovm.exe"=c:\program files\poweriso\pwrisovm.exe [2010-04-12 180224]
"groovemonitor"=c:\program files\microsoft office\office12\groovemonitor.exe [2008-10-25 31072]
"itype"=c:\program files\microsoft intellitype pro\itype.exe [2008-06-10 1442888]
"intellipoint"=c:\program files\microsoft intellipoint\ipoint.exe [2008-06-10 1406024]
"corelgadget"=c:\program files\common files\ulead systems\gadget\gadgeteb.dll [2009-11-10 154272]
"hp software update"=c:\program files\hp\hp software update\hpwuschd2.exe [2011-01-12 49208]
"quicktime task"=c:\program files\quicktime\qttask.exe [2010-11-29 421888]
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe [2011-04-08 254696]
"malwarebytes' anti-malware"=c:\program files\malwarebytes' anti-malware\mbamgui.exe [2011-08-31 449608]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
c:\documents and settings\all users\start menu\programs\startup\
hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe [2009-11-18 275072]
windows search.lnk - c:\program files\windows desktop search\windowssearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-06-06 10:55 937920 ----a-w- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
2011-04-26 23:22 421160 ----a-w- c:\program files\itunes\ituneshelper.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2007-05-04 08:59 161328 ----a-w- c:\program files\common files\ahead\lib\nerocheck.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sony ericsson pc companion]
2011-07-25 09:41 433360 ----a-w- c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\standby]
2009-11-10 13:24 105632 ----a-w- c:\program files\common files\corel\standby\standby.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-22 17:50 39408 ----a-w- c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\microsoft office\\office12\\outlook.exe=
c:\\program files\\microsoft office\\office12\\groove.exe=
c:\\program files\\microsoft office\\office12\\onenote.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqtra08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqcopy2.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpiscnapp.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqgplgtupl.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqgpc01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqusgm.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqusgh.exe=
c:\\program files\\hp\\hp software update\\hpwucli.exe=
c:\\program files\\hp\\digital imaging\\smart web printing\\smartwebprintexe.exe=
c:\\program files\\sony ericsson\\sony ericsson media manager\\mediamanager.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
c:\\program files\\bonjour\\mdnsresponder.exe=
c:\\program files\\itunes\\itunes.exe=
c:\\program files\\teamviewer\\version6\\teamviewer.exe=
c:\\program files\\teamviewer\\version6\\teamviewer_service.exe=
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3306:tcp"= 3306:tcp:mysql
"1542:tcp"= 1542:tcp:realtek wps tcp prot
"1542:udp"= 1542:udp:realtek wps udp prot
"53:udp"= 53:udp:realtek ap udp prot
"3736:tcp"= 3736:tcp:akamai netsession interface
"5000:udp"= 5000:udp:akamai netsession interface
.
r0 symds;symantec data store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [10-5-2011 7:33 340088]
r0 symefa;symantec extended file attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [10-5-2011 7:33 744568]
r1 bhdrvx86;bhdrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110929.001\bhdrvx86.sys [29-9-2011 23:35 816760]
r1 symiron;symantec iron driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [10-5-2011 7:33 136312]
r2 akamai;akamai netsession interface;c:\windows\system32\svchost.exe -k akamai [10-8-2004 14:00 14336]
r2 mbamservice;mbamservice;c:\program files\malwarebytes' anti-malware\mbamservice.exe [9-10-2011 21:34 366152]
r2 n360;norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe [10-5-2011 7:30 130008]
r2 teamviewer6;teamviewer 6;c:\program files\teamviewer\version6\teamviewer_service.exe [9-10-2011 19:55 2358656]
r3 3xhybrid;3xhybrid service;c:\windows\system32\drivers\3xhybrid.sys [14-2-2006 19:07 2825088]
r3 eraserutilrebootdrv;eraserutilrebootdrv;c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys [31-8-2011 21:28 105592]
r3 idsxpx86;idsxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111011.030\idsxpx86.sys [12-10-2011 15:11 356280]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [9-10-2011 21:33 22216]
r3 seehcri;sony ericsson seehcri device driver;c:\windows\system32\drivers\seehcri.sys [22-1-2011 19:25 27632]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
s2 gupdate;google updateservice (gupdate);c:\program files\google\update\googleupdate.exe [22-1-2011 19:50 136176]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [22-1-2011 19:50 136176]
s3 rtl8192su;realtek rtl8192su wireless lan 802.11n usb 2.0 network adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\rtl8192su.sys [?]
s3 s1018bus;sony ericsson device 1018 driver (wdm);c:\windows\system32\drivers\s1018bus.sys [22-1-2011 19:20 86824]
s3 s1018mdfl;sony ericsson device 1018 usb wmc modem filter;c:\windows\system32\drivers\s1018mdfl.sys [22-1-2011 19:20 15016]
s3 s1018mdm;sony ericsson device 1018 usb wmc modem driver;c:\windows\system32\drivers\s1018mdm.sys [22-1-2011 19:20 114728]
s3 s1018mgmt;sony ericsson device 1018 usb wmc device management drivers (wdm);c:\windows\system32\drivers\s1018mgmt.sys [22-1-2011 19:20 106208]
s3 s1018nd5;sony ericsson device 1018 usb ethernet emulation (ndis);c:\windows\system32\drivers\s1018nd5.sys [22-1-2011 19:20 26024]
s3 s1018obex;sony ericsson device 1018 usb wmc obex interface;c:\windows\system32\drivers\s1018obex.sys [22-1-2011 19:20 104744]
s3 s1018unic;sony ericsson device 1018 usb ethernet emulation (wdm);c:\windows\system32\drivers\s1018unic.sys [22-1-2011 19:20 109864]
s3 sony ericsson pccompanion;sony ericsson pccompanion;c:\program files\sony ericsson\sony ericsson pc companion\pccservice.exe [1-3-2011 23:03 155344]
s3 wn5301;liteon wireless pci network adapter service;c:\windows\system32\drivers\wn5301.sys [2-1-2005 10:32 468768]
s3 wpffontcache_v0400;windows presentation foundation font cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [18-3-2010 14:16 753504]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
hpz12 reg_multi_sz pml driver hpz12 net driver hpz12
hpservice reg_multi_sz hpslpsvc
hpdevmgmt reg_multi_sz hpqcxs08 hpqddsvc
akamai reg_multi_sz akamai
.
[hkey_local_machine\software\microsoft\active setup\installed components\{10880d85-aad9-4558-abdc-2ab1552d831f}]
2007-04-19 11:23 452136 ----a-w- c:\program files\common files\lightscribe\lsrunonce.exe
.
contents of the 'scheduled tasks' folder
.
2011-10-10 c:\windows\tasks\applesoftwareupdate.job
- c:\program files\apple software update\softwareupdate.exe [2008-07-30 11:34]
.
2011-10-12 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-01-22 17:50]
.
2011-10-12 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-01-22 17:50]
.
2011-10-12 c:\windows\tasks\regclean pro_default.job
- c:\program files\regclean pro\regcleanpro.exe [2011-08-31 14:14]
.
2011-10-12 c:\windows\tasks\regclean pro_updates.job
- c:\program files\regclean pro\regcleanpro.exe [2011-08-31 14:14]
.
.
------- supplementary scan -------
.
ustart page = hxxp://www.nu.nl/
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~1\micros~2\office12\excel.exe/3000
ie: google sidewiki... - c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.2.254
.
- - - - orphans removed - - - -
.
webbrowser-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
addremove-nedsoft kasboek 2001 - c:\windows\unin0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2011-10-12 23:12
windows 5.1.2600 service pack 3 ntfs
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[hkey_local_machine\system\controlset001\services\n360]
"imagepath"="\c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe\" /s \"n360\" /m \c:\program files\norton 360 premier edition\engine\5.1.0.29\dimaster.dll\" /prefetch:1"
.
--------------------- dlls loaded under running processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\ati2evxx.dll
.
completion time: 2011-10-12 23:20:19
combofix-quarantined-files.txt 2011-10-12 21:20
.
pre-run: 264.073.138.176 bytes free
post-run: 264.264.601.600 bytes free
.
windowsxp-kb310994-sp2-pro-bootdisk-enu.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\windows
[operating systems]
c:\cmdcons\bootsect.dat="microsoft windows recovery console" /cmdcons
unsupporteddebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\windows="windows xp media center edition" /noexecute=optin /fastdetect
.
- - end of file - - f4368954ab51d1aa68b2fb9df3fb6743

[/hjt]

Abraham54 · 13 okt 2011

Hoi - je mag nu het volgende gaan doen:

open een nieuw kladblok bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok".

Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster

KILLALL::

File::
c:\windows\system32\roboot.exe

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus deaktiveren!

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!

bigbrabo · 13 okt 2011

Duurt ff maar dan heb je ook wat, hoop ik......

[hjt]
combofix 11-10-13.04 - jan 13-10-2011 19:58:55.2.1 - x86
running from: c:\documents and settings\jan\desktop\combofix.exe
command switches used :: c:\documents and settings\jan\desktop\cfscript.txt
av: norton 360 premier edition *disabled/updated* {e10a9785-9598-4754-b552-92431c1c35f8}
fw: norton 360 premier edition *disabled* {7c21a4c9-f61f-4ac4-b722-a6e19c16f220}
.
file ::
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( files created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:50 . 2011-10-12 19:58 -------- d-----w- c:\program files\whocrashed
2011-10-09 19:33 . 2011-10-09 19:35 -------- d-----w- c:\program files\malwarebytes' anti-malware
2011-10-09 19:33 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 17:56 . 2011-10-09 17:56 -------- d-----w- c:\documents and settings\jan\application data\teamviewer
2011-10-09 17:55 . 2011-10-09 17:55 -------- d-----w- c:\program files\teamviewer
2011-10-09 13:52 . 2011-10-09 15:34 -------- d-----w- c:\documents and settings\all users\application data\spybot - search & destroy
2011-10-09 13:52 . 2011-10-09 14:02 -------- d-----w- c:\program files\spybot - search & destroy
2011-10-09 12:49 . 2011-10-09 12:49 -------- d-----w- c:\program files\trend micro
2011-10-09 12:48 . 2011-10-09 12:48 -------- d-----w- c:\documents and settings\jan\application data\malwarebytes
2011-10-09 12:46 . 2011-10-09 12:46 -------- d-----w- c:\documents and settings\all users\application data\malwarebytes
2011-10-05 19:11 . 2011-10-09 12:05 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-05 19:11 . 2011-10-05 19:11 -------- d-----w- c:\program files\hitman pro 3.5
2011-10-05 19:10 . 2011-10-05 19:10 -------- d-----w- c:\documents and settings\all users\application data\hitman pro
2011-10-05 18:35 . 2011-10-05 19:11 -------- d-----w- c:\program files\hitman pro
2011-10-05 18:12 . 2011-10-05 18:12 -------- d-----w- c:\perflogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 12:50 . 2011-10-09 12:50 388096 ----a-r- c:\documents and settings\jan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-09-18 13:10 . 2011-06-26 21:05 404640 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 14:14 . 2011-08-31 15:02 17280 ----a-w- c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((( snapshot@2011-10-12_21.12.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-13 18:27 . 2011-10-13 18:27 16384 c:\windows\temp\perflib_perfdata_c4.dat
+ 2011-10-13 18:27 . 2011-10-13 18:27 16384 c:\windows\temp\perflib_perfdata_62c.dat
+ 2011-10-13 18:30 . 2011-10-13 18:30 16384 c:\windows\temp\perflib_perfdata_5cc.dat
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"=c:\program files\common files\ahead\lib\nmbgmonitor.exe [2007-05-04 149040]
"lightscribe control panel"=c:\program files\common files\lightscribe\lightscribecontrolpanel.exe [2007-04-19 484904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"ehtray"=c:\windows\ehome\ehtray.exe [2005-08-05 64512]
"aticcc"=c:\program files\ati technologies\ati.ace\clistart.exe [2006-05-10 90112]
"alcxmonitor"="alcxmntr.exe" [2004-09-07 57344]
"pwrisovm.exe"=c:\program files\poweriso\pwrisovm.exe [2010-04-12 180224]
"groovemonitor"=c:\program files\microsoft office\office12\groovemonitor.exe [2008-10-25 31072]
"itype"=c:\program files\microsoft intellitype pro\itype.exe [2008-06-10 1442888]
"intellipoint"=c:\program files\microsoft intellipoint\ipoint.exe [2008-06-10 1406024]
"corelgadget"=c:\program files\common files\ulead systems\gadget\gadgeteb.dll [2009-11-10 154272]
"hp software update"=c:\program files\hp\hp software update\hpwuschd2.exe [2011-01-12 49208]
"quicktime task"=c:\program files\quicktime\qttask.exe [2010-11-29 421888]
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe [2011-04-08 254696]
"malwarebytes' anti-malware"=c:\program files\malwarebytes' anti-malware\mbamgui.exe [2011-08-31 449608]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
c:\documents and settings\all users\start menu\programs\startup\
hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe [2009-11-18 275072]
windows search.lnk - c:\program files\windows desktop search\windowssearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-06-06 10:55 937920 ----a-w- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
2011-04-26 23:22 421160 ----a-w- c:\program files\itunes\ituneshelper.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2007-05-04 08:59 161328 ----a-w- c:\program files\common files\ahead\lib\nerocheck.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sony ericsson pc companion]
2011-07-25 09:41 433360 ----a-w- c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\standby]
2009-11-10 13:24 105632 ----a-w- c:\program files\common files\corel\standby\standby.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-22 17:50 39408 ----a-w- c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\microsoft office\\office12\\outlook.exe=
c:\\program files\\microsoft office\\office12\\groove.exe=
c:\\program files\\microsoft office\\office12\\onenote.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqtra08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqcopy2.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpiscnapp.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqgplgtupl.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqgpc01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqusgm.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqusgh.exe=
c:\\program files\\hp\\hp software update\\hpwucli.exe=
c:\\program files\\hp\\digital imaging\\smart web printing\\smartwebprintexe.exe=
c:\\program files\\sony ericsson\\sony ericsson media manager\\mediamanager.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
c:\\program files\\bonjour\\mdnsresponder.exe=
c:\\program files\\itunes\\itunes.exe=
c:\\program files\\teamviewer\\version6\\teamviewer.exe=
c:\\program files\\teamviewer\\version6\\teamviewer_service.exe=
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3306:tcp"= 3306:tcp:mysql
"1542:tcp"= 1542:tcp:realtek wps tcp prot
"1542:udp"= 1542:udp:realtek wps udp prot
"53:udp"= 53:udp:realtek ap udp prot
"1037:tcp"= 1037:tcp:akamai netsession interface
"5000:udp"= 5000:udp:akamai netsession interface
.
r0 symds;symantec data store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [10-5-2011 7:33 340088]
r0 symefa;symantec extended file attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [10-5-2011 7:33 744568]
r1 bhdrvx86;bhdrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110929.001\bhdrvx86.sys [29-9-2011 23:35 816760]
r1 symiron;symantec iron driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [10-5-2011 7:33 136312]
r2 akamai;akamai netsession interface;c:\windows\system32\svchost.exe -k akamai [10-8-2004 14:00 14336]
r2 mbamservice;mbamservice;c:\program files\malwarebytes' anti-malware\mbamservice.exe [9-10-2011 21:34 366152]
r2 n360;norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe [10-5-2011 7:30 130008]
r2 teamviewer6;teamviewer 6;c:\program files\teamviewer\version6\teamviewer_service.exe [9-10-2011 19:55 2358656]
r3 3xhybrid;3xhybrid service;c:\windows\system32\drivers\3xhybrid.sys [14-2-2006 19:07 2825088]
r3 eraserutilrebootdrv;eraserutilrebootdrv;c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys [31-8-2011 21:28 105592]
r3 idsxpx86;idsxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111011.030\idsxpx86.sys [12-10-2011 15:11 356280]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [9-10-2011 21:33 22216]
r3 seehcri;sony ericsson seehcri device driver;c:\windows\system32\drivers\seehcri.sys [22-1-2011 19:25 27632]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
s2 gupdate;google updateservice (gupdate);c:\program files\google\update\googleupdate.exe [22-1-2011 19:50 136176]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [22-1-2011 19:50 136176]
s3 rtl8192su;realtek rtl8192su wireless lan 802.11n usb 2.0 network adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\rtl8192su.sys [?]
s3 s1018bus;sony ericsson device 1018 driver (wdm);c:\windows\system32\drivers\s1018bus.sys [22-1-2011 19:20 86824]
s3 s1018mdfl;sony ericsson device 1018 usb wmc modem filter;c:\windows\system32\drivers\s1018mdfl.sys [22-1-2011 19:20 15016]
s3 s1018mdm;sony ericsson device 1018 usb wmc modem driver;c:\windows\system32\drivers\s1018mdm.sys [22-1-2011 19:20 114728]
s3 s1018mgmt;sony ericsson device 1018 usb wmc device management drivers (wdm);c:\windows\system32\drivers\s1018mgmt.sys [22-1-2011 19:20 106208]
s3 s1018nd5;sony ericsson device 1018 usb ethernet emulation (ndis);c:\windows\system32\drivers\s1018nd5.sys [22-1-2011 19:20 26024]
s3 s1018obex;sony ericsson device 1018 usb wmc obex interface;c:\windows\system32\drivers\s1018obex.sys [22-1-2011 19:20 104744]
s3 s1018unic;sony ericsson device 1018 usb ethernet emulation (wdm);c:\windows\system32\drivers\s1018unic.sys [22-1-2011 19:20 109864]
s3 sony ericsson pccompanion;sony ericsson pccompanion;c:\program files\sony ericsson\sony ericsson pc companion\pccservice.exe [1-3-2011 23:03 155344]
s3 wn5301;liteon wireless pci network adapter service;c:\windows\system32\drivers\wn5301.sys [2-1-2005 10:32 468768]
s3 wpffontcache_v0400;windows presentation foundation font cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [18-3-2010 14:16 753504]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
hpz12 reg_multi_sz pml driver hpz12 net driver hpz12
hpservice reg_multi_sz hpslpsvc
hpdevmgmt reg_multi_sz hpqcxs08 hpqddsvc
akamai reg_multi_sz akamai
.
[hkey_local_machine\software\microsoft\active setup\installed components\{10880d85-aad9-4558-abdc-2ab1552d831f}]
2007-04-19 11:23 452136 ----a-w- c:\program files\common files\lightscribe\lsrunonce.exe
.
contents of the 'scheduled tasks' folder
.
2011-10-10 c:\windows\tasks\applesoftwareupdate.job
- c:\program files\apple software update\softwareupdate.exe [2008-07-30 11:34]
.
2011-10-13 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-01-22 17:50]
.
2011-10-13 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-01-22 17:50]
.
2011-10-13 c:\windows\tasks\regclean pro_default.job
- c:\program files\regclean pro\regcleanpro.exe [2011-08-31 14:14]
.
2011-10-12 c:\windows\tasks\regclean pro_updates.job
- c:\program files\regclean pro\regcleanpro.exe [2011-08-31 14:14]
.
.
------- supplementary scan -------
.
ustart page = hxxp://www.nu.nl/
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~1\micros~2\office12\excel.exe/3000
ie: google sidewiki... - c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.2.254
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2011-10-13 20:32
windows 5.1.2600 service pack 3 ntfs
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[hkey_local_machine\system\controlset001\services\n360]
"imagepath"="\c:\program files\norton 360 premier edition\engine\5.1.0.29\ccsvchst.exe\" /s \"n360\" /m \c:\program files\norton 360 premier edition\engine\5.1.0.29\dimaster.dll\" /prefetch:1"
.
--------------------- dlls loaded under running processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5940)
c:\windows\system32\wininet.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ other running processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\mysql\mysql server 5.1\bin\mysqld.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\teamviewer\version6\teamviewer.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\alcxmntr.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\teamviewer\version6\teamviewer_desktop.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\hp\digital imaging\bin\hpqbam08.exe
c:\program files\hp\digital imaging\bin\hpqgpc01.exe
c:\program files\common files\ahead\lib\nmindexingservice.exe
c:\windows\system32\searchprotocolhost.exe
.
**************************************************************************
.
completion time: 2011-10-13 20:58:30 - machine was rebooted
combofix-quarantined-files.txt 2011-10-13 18:58
combofix2.txt 2011-10-12 21:20
.
pre-run: 265.299.296.256 bytes free
post-run: 265.286.946.816 bytes free
.
- - end of file - - 2ff7077e95d062dfcdb136753fcce40e

[/hjt]

Abraham54 · 14 okt 2011

Mooi - die malware is verwijderd.
Hoe draait Windows nu?

bigbrabo · 14 okt 2011

Hoi Abraham,

Toch wat bereikt, dank! PC is wel iets sneller maar opstarten duurt nog steeds een eeuwigheid, ben vandaag weer op de plaats delict en de HD maakt ook redelijk wat herrie bij belasting (indexing etc.)

Gr Bigbrabo

Abraham54 · 14 okt 2011

We gaan eerst eens wat zoekwerk verrichten!

Download SystemLook.exe en plaats het bestand op het Bureaublad.

SystemLook.exe opstarten:

Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".

In het venster dat opent kopieer je onderstaande code:

Code:

[color=#0000FF][b][SIZE="4"]:filefind
atapi.sys[/SIZE][/b][/color]

Klik op de knop "Look" om de scan te activeren.
Als de scan klaar is opent een tekstbestand (SystemLook.txt).
Post de inhoud van dit logbestand.

En doe ook het volgende:

Welk programma: CrystalDiskInfo
Waarvoor/waarom: controle van van SMART-gegevens van de harddisk(s)
Moeilijkheidsgraad: geen.
Download CrystalDiskInfo hier

Installeer het tool en start vervolgens CrystalDiskInfo

Het tool leest daarop de SMART-gegevens van de aangesloteen harddisks.
Is de kleur Blauw - dan volledig gezond.
Is de kleur Geel - dan zijn er problemen.
Is de kleur Rood - dan de HD z.s.m. vervangen.

bigbrabo · 14 okt 2011

Hierbij de log, Screenshot van crystaldisk in bijlage, tis al een oudje.....

SystemLook 30.07.11 by jpshortstuff
Log created at 22:33 on 14/10/2011 by Jan
Administrator - Elevation successful
========== filefind ==========
Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [20:04 31/12/2010] [12:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a---- 96512 bytes [21:14 12/10/2011] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [12:00 10/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
-= EOF =-

Abraham54 · 14 okt 2011

Laat Windows een volledige schijfcontrole doen!

klik deze computer open en klik met rechts op C en kies Eigenschappen.
Ga naar de tab Extra.

Klik nu op de eerste knop Nu controleren.
Vink beide opties aan en herstart je computer.

Tip: let op het scherm.

bigbrabo · 15 okt 2011

Hoi Abraham,

Schijfcontrole, van afstand, uitgevoerd, Na reboot bijgevoegde foutmeldingen ontvangen

Abraham54 · 16 okt 2011

Mogelijk dat de foutmeldingen komen doordat deze bestanden inmiddels verminkt zijn.

Ik denk dat je het best over een nieuwe harddisk gaat nadenken.

Alweer een trage pc met 100% cpu

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Bijlagen

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Abraham54

Gast

Bekend gezicht

Bijlagen

Abraham54

Gast

Bekend gezicht

Bijlagen

Abraham54

Gast

Wij waarderen jouw privacy