casc
-
Items
34 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door casc
-
-
Niets te vinden met zoekopdracht, het is nu al drie dagen zonder blauw scherm kan ik dat als oplost beschouwen
Mvg
-
We zijn nu 2 dagen verder en kan je melden dat ik nog geen blauw scherm heb gehad
-
oke ik ga het zo goed mogelijk bijhouden wat er gebeurd bij een crash en hou je op de hoogte en alvast bedankt voor de hulp die je me al aangeboden hebt
-
Ik heb het gedaan zoals je beschreven hebt en wat moet ik nu doen...afwachten!!!
Mvg
-
Sorry maar dat zegt me niet veel, komt me ook niet bekent voor maar heb nu folder defence verwijderd want had ergens op internet gelezen en die had ook een blauw scherm en naar het schijnt kwam het daar door, dus nu eventjes afwachten of het klopt
-
Via zoekopdracht vind ik niets daarover, maar denk dat het dit kan zijn (folder defence) ben er wel niet zeker van, of is er een andere manier dat ik het kan vinden
-
Mijn woorden waren nog niet koud of ik had een nieuw blauw scherm, dit is dan het laatste
==================================================
Dump File : Mini090111-01.dmp
Crash Time : 1/09/2011 12:47:10
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xc25c4000
Parameter 2 : 0x00000000
Parameter 3 : 0x9214e184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini090111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
-
Dit is het laatste blauw scherm sindsdien niet meer en heb de computer een tijd laten opstaan
Dump File : Mini082911-01.dmp
Crash Time : 29/08/2011 17:09:23
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xd3f3b000
Parameter 2 : 0x00000000
Parameter 3 : 0x90d13184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082911-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
-
[TABLE=class: top left]
[TR]
[TD][/TD]
[/TR]
[TR]
[TD=colspan: 2]
ik hoop dat ik het zo goed heb gedaan[/TD]
[/TR]
[TR]
[TD=width: 100] Bestandsnaam:[/TD]
[TD=width: *]FldSafe.sys[/TD]
[/TR]
[TR]
[TD] Status:[/TD]
[TD]Scan voltooid. 0 uit 19 scanners vonden malware.
[/TD]
[/TR]
[TR]
[TD]Scan genomen op: [/TD]
[TD]zo 27 mrt 2011 22:27:51 (CET) Permalink[/TD]
[/TR]
[TR]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[/TR]
[/TABLE]
[h=3]Extra informatie[/h][TABLE=class: scannertable]
[TR]
[TD=width: 100] Bestandsgrootte:[/TD]
[TD] 10240 bytes[/TD]
[/TR]
[TR]
[TD=width: 100] Bestandstype:[/TD]
[TD] PE32 executable for MS Windows (native) Intel 80386 32-bit[/TD]
[/TR]
[TR]
[TD] MD5:[/TD]
[TD] fc8d7576ce1d3d3a70f0feafa441ef8b[/TD]
[/TR]
[TR]
[TD] SHA1:[/TD]
[TD] 23982a568415230b72469fec27422bcb51161ed6[/TD]
[/TR]
[/TABLE]
-
ComboFix 11-08-30.01 - Walter 30/08/2011 16:34:30.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3071.1499 [GMT 2:00]
Gestart vanuit: c:\users\Walter\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\resycled
L:\autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 ))))))))))))))))))))))))))))))
.
.
2011-08-30 14:43 . 2011-08-30 14:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-08-30 14:43 . 2011-08-30 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 20:47 . 2011-08-29 20:47 388096 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-29 20:47 . 2011-08-29 20:47 -------- d-----w- c:\program files\Trend Micro
2011-08-28 17:03 . 2011-08-28 17:03 -------- d-----w- c:\program files\iPod
2011-08-28 17:03 . 2011-08-28 17:03 -------- d-----w- c:\program files\iTunes
2011-08-28 13:38 . 2011-08-28 13:38 -------- d-----w- c:\program files\NirSoft
2011-08-24 11:43 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\users\Walter\AppData\Roaming\Malwarebytes
2011-08-18 22:01 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\programdata\Malwarebytes
2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-18 22:01 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 12:02 . 2011-08-15 12:02 -------- d-----w- c:\program files\MSBuild
2011-08-15 11:59 . 2011-08-15 11:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-14 11:16 . 2011-08-14 11:15 8192 ----a-w- c:\windows\system32\srvany.exe
2011-08-12 22:19 . 2011-08-12 22:19 10240 ----a-w- c:\windows\system32\drivers\FldSafe.sys
2011-08-12 22:19 . 2011-08-12 22:19 -------- d-----w- c:\program files\FolderDefence
2011-08-10 13:27 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 13:27 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 13:27 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 13:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 13:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 13:27 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 11:54 . 2011-07-13 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 13:15 . 2011-07-13 19:56 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-30 20:32 . 2011-07-13 09:46 6656 ----a-w- c:\windows\system32\lpcio.dll
2011-07-22 16:13 . 2011-07-22 16:13 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-19 09:16 . 2011-07-19 09:16 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-07-14 13:18 . 2011-07-14 13:18 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2011-07-14 13:18 . 2011-07-14 13:18 1829992 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-14 13:18 . 2011-07-14 13:18 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2011-07-14 13:18 . 2011-07-14 13:18 367208 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-07-14 13:18 . 2011-07-12 00:03 141928 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2011-07-14 13:18 . 2011-07-12 00:02 64616 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-14 13:18 . 2011-07-14 13:18 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2011-07-14 13:18 . 2011-07-14 13:18 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2011-07-14 13:18 . 2011-07-14 13:18 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2011-07-14 13:18 . 2011-07-14 13:18 3154920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-14 13:18 . 2011-07-14 13:18 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2011-07-14 13:18 . 2011-07-14 13:18 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2011-07-14 13:18 . 2011-07-14 13:18 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2011-07-14 13:18 . 2011-07-14 13:18 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-07-14 13:18 . 2011-07-12 00:02 3604584 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-14 13:18 . 2011-07-14 13:18 96160 ----a-w- c:\windows\system32\AERTARen.dll
2011-07-14 13:18 . 2011-07-14 13:18 299424 ----a-w- c:\windows\system32\FMAPO.dll
2011-07-14 13:18 . 2011-07-14 13:18 175200 ----a-w- c:\windows\system32\AERTACap.dll
2011-07-14 13:13 . 2011-07-14 13:13 1426304 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2011-07-14 13:13 . 2011-07-14 13:13 140800 ----a-w- c:\windows\system32\hcw85enc.ax
2011-07-14 13:13 . 2011-07-14 13:13 115712 ----a-w- c:\windows\system32\hcw85prop.ax
2011-07-14 12:58 . 2011-07-14 12:58 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-07-14 12:58 . 2011-07-14 12:58 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2011-07-14 12:58 . 2011-07-14 12:58 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-07-12 19:35 . 2011-07-12 19:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-12 12:40 . 2011-07-12 12:40 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-12 12:40 . 2011-07-12 12:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-12 12:40 . 2011-07-12 12:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-12 12:40 . 2011-07-12 12:40 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-07-12 12:40 . 2011-07-12 12:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-12 12:40 . 2011-07-12 12:40 367104 ----a-w- c:\windows\system32\html.iec
2011-07-12 12:40 . 2011-07-12 12:40 161792 ----a-w- c:\windows\system32\msls31.dll
2011-07-12 12:40 . 2011-07-12 12:40 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-07-12 12:40 . 2011-07-12 12:40 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-12 12:40 . 2011-07-12 12:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-12 12:40 . 2011-07-12 12:40 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-12 12:40 . 2011-07-12 12:40 152064 ----a-w- c:\windows\system32\wextract.exe
2011-07-12 12:40 . 2011-07-12 12:40 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-07-12 12:40 . 2011-07-12 12:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-12 12:40 . 2011-07-12 12:40 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-12 12:40 . 2011-07-12 12:40 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-12 12:40 . 2011-07-12 12:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-12 12:40 . 2011-07-12 12:40 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-12 12:39 . 2011-07-12 12:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-07-12 12:39 . 2011-07-12 12:39 98816 ----a-w- c:\windows\system32\mfps.dll
2011-07-12 12:39 . 2011-07-12 12:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-07-12 12:39 . 2011-07-12 12:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-07-12 12:39 . 2011-07-12 12:39 2873344 ----a-w- c:\windows\system32\mf.dll
2011-07-12 12:39 . 2011-07-12 12:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-07-12 12:39 . 2011-07-12 12:39 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-07-12 12:39 . 2011-07-12 12:39 586240 ----a-w- c:\windows\system32\stobject.dll
2011-07-12 12:39 . 2011-07-12 12:39 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-07-12 12:39 . 2011-07-12 12:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-07-12 12:39 . 2011-07-12 12:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-07-12 12:39 . 2011-07-12 12:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-12 12:39 . 2011-07-12 12:39 37376 ----a-w- c:\windows\system32\cdd.dll
2011-07-12 12:39 . 2011-07-12 12:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-07-12 12:39 . 2011-07-12 12:39 258048 ----a-w- c:\windows\system32\winspool.drv
2011-07-12 12:38 . 2011-07-12 12:38 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui
2011-07-12 12:38 . 2011-07-12 12:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-07-12 12:38 . 2011-07-12 12:38 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-07-12 12:38 . 2011-07-12 12:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-07-12 12:38 . 2011-07-12 12:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-12 12:38 . 2011-07-12 12:38 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-07-12 12:38 . 2011-07-12 12:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-07-12 12:38 . 2011-07-12 12:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 00:02 . 2007-09-12 19:22 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-11 23:14 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-07-11 23:14 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-07-11 22:02 . 2011-07-11 22:02 81920 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut2_6DD9963C271A4A1482B04DC148C52E58_2.exe
2011-07-11 22:02 . 2011-07-11 22:02 81920 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut1_6DD9963C271A4A1482B04DC148C52E58_2.exe
2011-07-11 22:02 . 2011-07-11 22:02 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-07-11 21:59 . 2011-07-11 21:59 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-07-11 21:59 . 2011-07-11 21:59 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-07-11 21:59 . 2011-07-11 21:59 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-07-11 21:59 . 2011-07-11 21:59 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-07-11 21:59 . 2011-07-11 21:59 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-07-11 21:59 . 2011-07-11 21:59 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-07-11 21:59 . 2011-07-11 21:59 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-07-11 21:59 . 2011-07-11 21:59 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-07-11 21:59 . 2011-07-11 21:59 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-07-11 21:59 . 2011-07-11 21:59 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-07-11 21:59 . 2011-07-11 21:59 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-07-11 21:59 . 2011-07-11 21:59 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-07-11 21:59 . 2011-07-11 21:59 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-07-11 21:59 . 2011-07-11 21:59 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-07-11 21:59 . 2011-07-11 21:59 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-07-11 21:59 . 2011-07-11 21:59 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-07-11 21:59 . 2011-07-11 21:59 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2011-07-11 21:59 . 2011-07-11 21:59 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2011-07-11 21:59 . 2011-07-11 21:59 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2011-06-16 04:50 . 2011-07-11 21:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2011-07-05 13283456]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2011-01-27 67448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Z Cinema.lnk - c:\users\Walter\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe [2011-7-11 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]
path=c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk
backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
path=c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 15:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-22 23:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 06:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-08-14 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-01 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-01 15856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-19 717296]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-22 233024]
S1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys [2011-08-12 10240]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110828.030\IDSvix86.sys [2011-08-22 368248]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-01 25584]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2011-07-14 1426304]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-14 197224]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-08-22 18448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\w1mii9uh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.bnpparibasfortis.be/private/Start.asp
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-30 16:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
Voltooingstijd: 2011-08-30 16:46:35
ComboFix-quarantined-files.txt 2011-08-30 14:46
.
Pre-Run: 308.488.114.176 bytes beschikbaar
Post-Run: 308.499.308.544 bytes beschikbaar
.
- - End Of File - - 6D9193FE7DC3C38698F2B6A935B5C83D
-
Malwarebytes' Anti-Malware 1.51.1.1800
Databaseversie: 7609
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
30/08/2011 15:06:26
mbam-log-2011-08-30 (15-06-26).txt
Scantype: Volledige scan (C:\|D:\|L:\|)
Objecten gescand: 402619
Verstreken tijd: 1 uur/uren, 24 minuut/minuten, 26 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:14, on 30/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winstep\Nexus.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Logitech\Z Cinema\Z Cinema.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Uniblue\PowerSuite\powersuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Z Cinema.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
--
End of file - 8817 bytes
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:46, on 30/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winstep\Nexus.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Logitech\Z Cinema\Z Cinema.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Uniblue\PowerSuite\powersuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Z Cinema.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
--
End of file - 9194 bytes
-
hier de laatste 5 foutmeldingen
Dump File : Mini082811-02.dmp
Crash Time : 28/08/2011 16:52:50
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xc4602000
Parameter 2 : 0x00000000
Parameter 3 : 0x96a01184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082811-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
Dump File : Mini082811-01.dmp
Crash Time : 28/08/2011 13:21:01
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xc114f000
Parameter 2 : 0x00000000
Parameter 3 : 0x95fdd184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082811-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
Dump File : Mini082711-02.dmp
Crash Time : 27/08/2011 20:47:22
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xbfe82000
Parameter 2 : 0x00000000
Parameter 3 : 0x91325184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082711-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
==================================================
Dump File : Mini082711-01.dmp
Crash Time : 27/08/2011 16:31:52
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xc56b4000
Parameter 2 : 0x00000000
Parameter 3 : 0x90d59184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082711-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.181
==================================================
Dump File : Mini082611-02.dmp
Crash Time : 26/08/2011 21:02:39
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe8a0b000
Parameter 2 : 0x00000000
Parameter 3 : 0x92304184
Parameter 4 : 0x00000000
Caused By Driver : FldSafe.sys
Caused By Address : FldSafe.sys+17ba
File Description : Scanner Filter
Product Name : Windows ® Win 7 DDK driver
Company : Windows ® Win 7 DDK provider
File Version : 6.1.7600.16385 built by: WinDDK
Processor : 32-bit
Crash Address : FldSafe.sys+1184
Stack Address 1 : FldSafe.sys+17ba
Stack Address 2 : FldSafe.sys+1872
Stack Address 3 : FldSafe.sys+1a00
Computer Name :
Full Path : C:\Windows\Minidump\Mini082611-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 144.213
==================================================
-
Hallo
ik zit met een vervelend probleem, als ik een tijdje op mijn pc werk (een tijd staat er niet op) krijg ik plots een blauw scherm en herstart mijn pc vanzelf. kan iemand me helpen om dat probleem op te lossen
Ps: mijn besturing is vista
Mvg
-
bedankt Angel voor deze tip, ik ga het zeker uitproberen
---------- Post toegevoegd om 21:08 ---------- Vorige post was om 20:58 ----------
nog een vraagje Angel, ik het nog 2 schijven worden die dan ook gedefragmenteerd of is dat enkel de C schijf
mvg
-
heb al verschillende keren geplande defragmentetie ingevuld maar wat blijkt nu, dat werk niet en als ik kijk naar de instelling staat er bij volgende keer uivoeren: nooit uur (zie bijlage). wat is daar de reden voor en kan er mij iemand mij helpen zodat er toch automatisch gedeframenteerd word
mvg
-
Kape ik heb de map leeg gemaakt en een scan uitgevoerd met WD en bij wonder kwam er geen foutmelding meer dus ik denk dat het opgelost is.
mijn dank voor deze tip
Grtz
-
Hier is de inhoud van de eerste foutmelding van Windows Defender
Logboeknaam: System
Bron: Microsoft-Windows-Windows Defender
Datum: 2/05/2008 16:50:54
Gebeurtenis-id:5008
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_walter
Beschrijving:
Windows Defender engine is beëindigd als gevolg van een onverwachte fout.
Type fout: Crash
Uitzonderingscode: 0xc0000005
Bron: file:C:\Users\walter\AppData\Roaming\Microsoft\Windows\Cookies\Low\walter@search.yahoo[1].txt
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" EventSourceName="WinDefend" />
<EventID Qualifiers="0">5008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-02T14:50:54.000Z" />
<EventRecordID>41278</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC_van_walter</Computer>
<Security />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">1.1.1600.0</Data>
<Data Name="Resource">file:C:\Users\walter\AppData\Roaming\Microsoft\Windows\Cookies\Low\walter@search.yahoo[1].txt</Data>
<Data Name="Failure Type Index">2</Data>
<Data Name="Failure Type">%%830</Data>
<Data Name="Exception code">0xc0000005</Data>
</EventData>
</Event>
-
de pc is nieuw van december 2007, ik werk met vista dus windows Defender stond daar al op en heb dan ook meteen norton geinstaleerd en nooit last gehad tot over enkele dagen
Grtz
-
heb de pc al van december is het dan normaal dat er nu foutmeldingen komt met Windows Defender
Grtz
-
Versie windows Defender is 1.1.1600.0 en heb maar 1 anti-virusprogramma en dat is Norton
Grtz
-
wie kan me helpen met de volgende problemen
als ik een scan uitvoer met windows defender krijg ik de volgende foutmelding: er is een fout in windows defender opgetreden: 0x800703eb. Kan deze functie niet voltooien
daarna: Hostproces voor windows services werkt niet meer en is gesloten
dank bij voorbaat
casc
-
ik gebruik het pragramma niet en heb het dus verwijderd, en het lijkt wel dat het probleem opgelost is.
nog eens bedankt voor alle hulp
mvg
casc
-
dit krijg ik te zien als ik het met unlocker wil verwijderen
mvg
Blauw scherm
in Archief Windows Algemeen
Geplaatst:
Nogmaals hartelijk dank voor de hulp
Mvg