Laptop sluit af en blauw scherm verschijnt

[Scweez]

Mag ik dat bestand zomaar verwijderen of wat ik ermee doen?

[kape]

Goed dat je het gevonden hebt. Had een sterk vermoeden dat het bij de drivers moest zitten.

We gaan dit een beetje anders aanpakken dan "gewoon" verwijderen

Download The Avenger en plaats het op je bureaublad.

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:

C:\Windows\System32\drivers\kdapxh.sys

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile.

[Scweez]

Blijkbaar heeft het niet gewerkt

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open file "C:\Windows\System32\drivers\kdapxh.sys"

Deletion of file "C:\Windows\System32\drivers\kdapxh.sys" failed!

Status: 0xc0000043 (STATUS_SHARING_VIOLATION)

Completed script processing.

*******************

Finished! Terminate.

[kape]

Voer hetzelfde eens uit in "veilige modus" ?

[Scweez]

Jammer genoeg hetzelfde resultaat...

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open file "C:\Windows\System32\drivers\kdapxh.sys"

Deletion of file "C:\Windows\System32\drivers\kdapxh.sys" failed!

Status: 0xc0000043 (STATUS_SHARING_VIOLATION)

Completed script processing.

*******************

Finished! Terminate.

[kape]

Andere poging :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\System32\drivers\kdapxh.sys

Driver::

kdapxh.sys

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Gast michel50]

waarom doe je is geen systeemherstel ofzo,probeer de datum te vinden voor dit allemaal begon,dan is het volgens mij allemaal voorbij.... ;-)

[Scweez]

Systeemherstel heb ik geprobeerd maar ook dat mislukte. Ik kreeg een foutmelding dat het herstel afgebroken was.

Maar om verder te gaan op jouw advies, Kape. Hier is het logje van ComboFix:

ComboFix 10-10-27.A3 - Sony 28/10/2010 22:38:24.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3038.1802 [GMT 2:00]

Gestart vanuit: d:\users\Sony\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\users\Sony\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\System32\drivers\kdapxh.sys"

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-09-28 to 2010-10-28 ))))))))))))))))))))))))))))))

.

2010-10-28 20:53 . 2010-10-28 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-28 07:51 . 2010-10-28 20:54 -------- d-----w- c:\users\Sony\AppData\Local\temp

2010-10-27 14:21 . 2010-10-27 14:21 -------- d-----w- c:\program files\NirSoft

2010-10-27 10:01 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-10-27 10:01 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-10-26 21:07 . 2010-10-26 21:07 388096 ----a-r- c:\users\Sony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-26 21:05 . 2010-10-26 21:05 -------- d-----w- c:\program files\Trend Micro

2010-10-25 20:14 . 2010-10-25 20:14 -------- d-----w- c:\users\Sony\AppData\Roaming\Malwarebytes

2010-10-25 20:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-25 20:13 . 2010-10-25 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-25 20:13 . 2010-10-25 20:13 -------- d-----w- c:\programdata\Malwarebytes

2010-10-25 20:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-25 20:05 . 2010-10-25 20:05 -------- d-----w- c:\program files\Enigma Software Group

2010-10-25 20:03 . 2010-10-26 20:24 -------- d-----w- c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP

2010-10-25 06:22 . 2010-10-25 06:22 -------- d-----w- c:\users\Sony\AppData\Roaming\Alien Skin

2010-10-15 11:23 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll

2010-10-14 07:32 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll

2010-10-14 07:32 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-14 07:32 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-14 07:32 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-14 07:32 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll

2010-10-14 07:32 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-14 07:31 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-10-14 07:31 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-13 07:12 . 2010-10-13 07:12 -------- d-----w- c:\users\Sony\AppData\Roaming\Electronic Arts

2010-09-29 16:19 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 16:19 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-26 16:01 . 2010-10-27 10:01 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2010-08-26 16:01 . 2010-10-27 10:01 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2010-08-26 16:01 . 2010-10-27 10:01 541696 ----a-w- c:\windows\apppatch\AcLayers.dll

2010-08-26 16:01 . 2010-10-27 10:01 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll

2010-08-17 13:32 . 2010-09-15 17:18 126464 ----a-w- c:\windows\system32\spoolsv.exe

2003-03-21 12:45 . 2009-11-16 21:59 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

2010-07-26 18:30 . 2009-11-26 14:56 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-22 270336]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"VMpTtray.exe"="c:\program files\sony\VAIO Media plus\VMpTtray.exe" [2008-10-23 95528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-07-16 24576]

"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]

"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-08-06 159744]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

c:\users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Audio Filter.lnk - c:\program files\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-7-16 4243232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-11-05 16:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 133104]

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-10-21 29736]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-26 30192]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-09-19 83232]

R3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-15 721904]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-11-22 303104]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 102400]

S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712]

S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752]

S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-10-17 415584]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-11 446464]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-10-01 369952]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]

S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-06-07 2941248]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - kdapxh

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 15:11]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 15:11]

2010-10-28 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporteren naar Microsoft Excel - d:\users\Sony\DOCUME~1\School\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

LSP: c:\windows\system32\HMIPCore.dll

FF - ProfilePath - c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\twyswa20.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-10-28 22:53

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kdapxh]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:0000007b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-10-28 23:03:34

ComboFix-quarantined-files.txt 2010-10-28 21:03

ComboFix2.txt 2010-10-28 07:51

Pre-Run: 127.051.341.312 bytes beschikbaar

Post-Run: 127.021.432.320 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 4E827CAD748B2303D04AF5F522263754

---------- Post toegevoegd om 23:21 ---------- Vorige post was om 23:14 ----------

Het bestand 'kdapxh.sys' bevindt zich nog steeds op dezelfde locatie.

[Scweez]

Laptop is inmiddels weer een aantal keren uitgevallen. Kan ik dat bestand niet "gewoon" verwijderen?

Het is echt vervelend als je al een ganse week niets kan uitvoeren.

[kape]

Laptop is inmiddels weer een aantal keren uitgevallen. Kan ik dat bestand niet "gewoon" verwijderen?

Het is echt vervelend als je al een ganse week niets kan uitvoeren.

Dat mag je uiteraard proberen ... maar heb sterk mijn twijfels of dit ook gaat lukken. Doe het maar even ... en dan lees ik het resultaat hier wel.