Adobe Flash Player

kape · 10 februari 2012

Uitstekend ... dan lezen we het resultaat hier wel ;-)

Guy9910 · 10 februari 2012

Het resultaat .... Na een blue screen ( ander topic van mij ) terug flash player kwijt :-(

Ik vermoed dat ik eerst het andere probleem zal moeten zien op te lossen want dat het probleem daar ligt.

Ik voeg nog een log bij van Whocrashed

Welcome to WhoCrashed (HOME EDITION) v 3.03

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...

Home Edition Notice

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.

Click here to buy the the professional edition of WhoCrashed.

System Information (local)

computer name: GUY-LAPTOP

windows version: Windows 7 Service Pack 1, 6.1, build: 7601

windows dir: C:\Windows

CPU: GenuineIntel Pentium® Dual-Core CPU T4200 @ 2.00GHz Intel586, level: 6

2 logical processors, active mask: 3

RAM: 3184615424 total

VM: 2147352576, free: 1936244736

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Fri 10/02/2012 18:46:18 GMT your computer crashed

crash dump file: C:\Windows\Minidump\021012-29624-01.dmp

This was probably caused by the following module: cycpdxo.sys (cycpdxo+0x4CCB)

Bugcheck code: 0xD1 (0xFFFFFFFFBDC34000, 0x2, 0x0, 0xFFFFFFFF83B2DCCB)

Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL

file path: C:\Windows\System32\Drivers\cycpdxo.sys

This file could not be located on your computer, we suggest that you search on its name with Google.

Click here to do a Google search on cycpdxo.sys

Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cycpdxo.sys .

Google query: cycpdxo.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL

On Fri 10/02/2012 18:46:18 GMT your computer crashed

crash dump file: C:\Windows\memory.dmp

This was probably caused by the following module: cycpdxo.sys (cycpdxo+0x4CCB)

Bugcheck code: 0xD1 (0xFFFFFFFFBDC34000, 0x2, 0x0, 0xFFFFFFFF83B2DCCB)

Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL

file path: C:\Windows\System32\Drivers\cycpdxo.sys

This file could not be located on your computer, we suggest that you search on its name with Google.

Click here to do a Google search on cycpdxo.sys

Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cycpdxo.sys .

Google query: cycpdxo.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL

On Fri 10/02/2012 18:02:13 GMT your computer crashed

crash dump file: C:\Windows\Minidump\021012-30232-01.dmp

This was probably caused by the following module: cycpdxo.sys (cycpdxo+0x4CCB)

Bugcheck code: 0xD1 (0xFFFFFFFFD7E40000, 0x2, 0x0, 0xFFFFFFFF83B14CCB)

Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL

file path: C:\Windows\System32\Drivers\cycpdxo.sys

This file could not be located on your computer, we suggest that you search on its name with Google.

Click here to do a Google search on cycpdxo.sys

Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cycpdxo.sys .

Google query: cycpdxo.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL

On Fri 10/02/2012 7:05:50 GMT your computer crashed

crash dump file: C:\Windows\Minidump\021012-29250-01.dmp

This was probably caused by the following module: cycpdxo.sys (cycpdxo+0x4CCB)

Bugcheck code: 0xD1 (0xFFFFFFFFB9FD1000, 0x2, 0x0, 0xFFFFFFFF8B436CCB)

Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL

file path: C:\Windows\System32\Drivers\cycpdxo.sys

This file could not be located on your computer, we suggest that you search on its name with Google.

Click here to do a Google search on cycpdxo.sys

Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cycpdxo.sys .

Google query: cycpdxo.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL

Conclusion

4 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

cycpdxo.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

kape · 13 februari 2012

Op basis van dit crashrapport mag je dit nog even uitvoeren :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\cycpdxo]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht ... en dan mag je ons laten weten hoe het met de gemelde problemen staat.

Guy9910 · 13 februari 2012

ComboFix 12-02-09.04 - Eigenaar 13/02/2012 14:40:29.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3037.1828 [GMT 1:00]

Gestart vanuit: d:\users\Eigenaar\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\users\Eigenaar\Desktop\CFScript.txt.doc

AV: Telenet Security Pack 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Telenet Security Pack 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Telenet Security Pack 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Eigenaar\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

c:\users\Eigenaar\AppData\Roaming\inst.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-13 to 2012-02-13 ))))))))))))))))))))))))))))))

.

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Niels\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Mieke\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Inneke\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Gilles\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Elke\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Dieter\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-13 13:52 . 2012-02-13 13:52 -------- d-----w- c:\users\A***ine\AppData\Local\temp

2012-02-11 12:54 . 2012-02-11 12:55 -------- d-----w- c:\program files\Duplicate Music Files Finder

2012-02-11 12:07 . 2012-02-11 12:07 -------- d-----w- c:\program files\Pioneer

2012-02-11 09:46 . 2012-02-11 09:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-11 09:14 . 2012-02-11 09:14 -------- d-----w- c:\programdata\Easy Driver Pro

2012-02-10 11:57 . 2012-02-10 11:57 -------- d-----w- c:\users\Gast\AppData\Local\Google

2012-02-10 11:56 . 2012-02-13 13:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-02-09 11:29 . 2010-11-20 01:22 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2012-02-09 11:24 . 2012-02-09 11:24 -------- d-----w- c:\windows\system32\EventProviders

2012-02-08 19:02 . 2012-02-08 19:02 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-08 18:46 . 2012-02-08 18:46 -------- d-----w- c:\program files\NirSoft

2012-02-07 10:49 . 2012-02-07 10:49 -------- d-----w- c:\program files\Trend Micro

2012-02-02 09:06 . 2009-07-09 15:08 1066496 ----a-w- c:\windows\system32\drivers\viahduaa.sys

2012-01-27 14:17 . 2012-01-27 14:17 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Lite

2012-01-25 23:10 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-25 23:10 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-25 23:10 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-01-25 23:10 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-25 23:10 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-01-19 19:18 . 2002-04-11 23:00 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE

2012-01-19 19:18 . 2001-12-12 23:01 45056 ----a-w- c:\windows\system32\BRSS01A.EXE

2012-01-19 19:15 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2012-01-19 19:15 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2012-01-19 19:15 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2012-01-19 19:15 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2012-01-19 19:15 . 2004-04-18 22:36 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-01-19 19:15 . 2012-01-19 19:15 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2012-01-19 19:15 . 2012-01-19 19:15 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2012-01-19 19:15 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2012-01-15 11:53 . 2012-01-15 11:53 -------- d-----w- c:\programdata\McAfee

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-09 11:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-12-27 13:22 . 2011-12-27 13:22 4608 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{1636397E-519F-443C-9AF3-2FB044FA59DD}\Icon1636397E.exe

2011-12-10 14:24 . 2009-09-11 20:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 17:20 . 2011-12-01 17:20 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-01 17:20 . 2011-12-01 17:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-01 17:20 . 2011-12-01 17:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-01 17:20 . 2011-12-01 17:20 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-12-01 17:20 . 2011-12-01 17:20 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-12-01 17:20 . 2011-12-01 17:20 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-01 17:20 . 2011-12-01 17:20 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-12-01 17:20 . 2011-12-01 17:20 367104 ----a-w- c:\windows\system32\html.iec

2011-12-01 17:20 . 2011-12-01 17:20 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-12-01 17:20 . 2011-12-01 17:20 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-01 17:20 . 2011-12-01 17:20 161792 ----a-w- c:\windows\system32\msls31.dll

2011-12-01 17:20 . 2011-12-01 17:20 152064 ----a-w- c:\windows\system32\wextract.exe

2011-12-01 17:20 . 2011-12-01 17:20 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-12-01 17:20 . 2011-12-01 17:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-01 17:20 . 2011-12-01 17:20 11776 ----a-w- c:\windows\system32\mshta.exe

2011-12-01 17:20 . 2011-12-01 17:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-01 17:20 . 2011-12-01 17:20 101888 ----a-w- c:\windows\system32\admparse.dll

2011-11-24 21:23 . 2011-11-24 21:23 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2011-11-24 21:23 . 2011-11-24 21:23 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2011-11-24 04:25 . 2011-12-15 08:26 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-22 10:56 . 2011-07-19 09:23 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-11-22 10:56 . 2011-07-19 09:23 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-11-19 14:01 . 2012-01-11 11:32 67072 ----a-w- c:\windows\system32\packager.dll

2011-11-17 05:38 . 2012-01-11 11:32 1288472 ----a-w- c:\windows\system32\ntdll.dll

2011-11-17 05:35 . 2012-01-25 23:10 314880 ----a-w- c:\windows\system32\webio.dll

2011-11-17 05:34 . 2012-01-25 23:10 100352 ----a-w- c:\windows\system32\sspicli.dll

2011-11-17 05:34 . 2012-01-25 23:10 15872 ----a-w- c:\windows\system32\sspisrv.dll

2011-11-17 05:34 . 2012-01-25 23:10 224768 ----a-w- c:\windows\system32\schannel.dll

2011-11-17 05:34 . 2012-01-25 23:10 22016 ----a-w- c:\windows\system32\secur32.dll

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll

2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-07-09 3417336]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-01 39408]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]

"Seedonk"="c:\program files\Seedonk\seedonk.exe" [2011-12-20 3465216]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-29 107000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 497536]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-03 237568]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-08-23 72248]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-08-23 3054136]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]

"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-06-10 8568832]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-02 98304]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-01-17 941320]

"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-08-03 828944]

"IsaKbcCertUpdate"="c:\program files\Common Files\Isabel\isa_kbc_certupdate.exe" [2010-07-06 1023576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]

"MIXTRAXSystemTray.exe"="c:\program files\Pioneer\MIXTRAX\MIXTRAXSystemTray.exe" [2011-10-12 26912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, schannel.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-10 136176]

R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-03-07 6656]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 80184]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-10 136176]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-24 181432]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672]

S0 ***laby;***laby;c:\windows\system32\DRIVERS\***laby.sys [2009-06-18 15416]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-08-05 68064]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-12-17 36792]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-12-17 73160]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-09 107744]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2011-08-03 828944]

S2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 90624]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2011-09-08 148632]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [2011-05-23 61088]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-05-18 233512]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - cycpdxo

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-10 05:54]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-10 05:54]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Formulieren Invullen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

Trusted Zone: kbc.be

Trusted Zone: kbcgroup.eu

Trusted Zone: cbc.be\*

Trusted Zone: cbc.be\cbc-pdf

Trusted Zone: cbc.be\cbconline

Trusted Zone: cbc.be\static

Trusted Zone: cbc.be\www

Trusted Zone: cbc.eu\*

Trusted Zone: cbc.eu\www

Trusted Zone: isabel.be\*.IBS6

Trusted Zone: isabel.be\gotoIBS6

Trusted Zone: isabel.be\pki

Trusted Zone: isabel.be\www

Trusted Zone: isabel.eu

Trusted Zone: isabel.eu\ugrade

Trusted Zone: isabel.eu\upgrade

Trusted Zone: isabel.eu\www

Trusted Zone: kbc.be\*

Trusted Zone: kbc.be\kbc-pdf

Trusted Zone: kbc.be\kbconline

Trusted Zone: kbc.be\static

Trusted Zone: kbc.be\www

Trusted Zone: kbc.com\*

Trusted Zone: kbc.com\www

Trusted Zone: kbc.eu\*

Trusted Zone: kbc.eu\www

Trusted Zone: kbcam.be\www

Trusted Zone: kbcam.com\www

Trusted Zone: kbcbankingforbusiness.com\*

Trusted Zone: kbcbankingforbusiness.com\www

Trusted Zone: kbcgroup.eu\*

Trusted Zone: kbcgroup.eu\multimediafiles

Trusted Zone: kbcgroup.eu\www

Trusted Zone: kbcmerchantbanking.com\*

Trusted Zone: kbcmerchantbanking.com\www

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cycpdxo]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5904)

c:\program files\Telenet Security Pack\Spam Control\fsscoepl.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\brss01a.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Telenet Security Pack\Anti-Virus\fsgk32st.exe

c:\program files\Telenet Security Pack\Common\FSMA32.EXE

c:\program files\Telenet Security Pack\Anti-Virus\FSGK32.EXE

c:\program files\Telenet Security Pack\Common\FSHDLL32.EXE

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\taskhost.exe

c:\program files\ASUS\SmartLogon\sensorsrv.exe

c:\program files\ASUS\ASUS CopyProtect\aspg.exe

c:\program files\P4G\BatteryLife.exe

c:\program files\ASUS\Splendid\ACMON.exe

c:\program files\ASUS\ATK Hotkey\HControl.exe

c:\program files\ASUS\Wireless Console 3\wcourier.exe

c:\windows\System32\ACEngSvr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\Telenet Security Pack\FWES\Program\fsdfwd.exe

c:\program files\Telenet Security Pack\Anti-Virus\fssm32.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\Brother\Brmfcmon\BrMfimon.exe

c:\program files\Telenet Security Pack\Anti-Virus\fsav32.exe

c:\program files\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\ASUS\ATK Hotkey\WDC.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\TechSmith\Snagit 9\TSCHelp.exe

c:\program files\TechSmith\Snagit 9\SnagPriv.exe

c:\program files\TechSmith\Snagit 9\snagiteditor.exe

c:\windows\system32\sppsvc.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-13 15:04:50 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-13 14:04

ComboFix2.txt 2012-02-09 20:05

.

Pre-Run: 66.421.473.280 bytes beschikbaar

Post-Run: 66.636.840.960 bytes beschikbaar

.

- - End Of File - - 1A25AA6D5480BD3E360183E7B16E40D7

Heb voor de eerste keer een pdf kunnen afdrukken zonder blue screen

kape · 13 februari 2012

Op deze manier heeft de opdracht niet gewerkt. Je hebt het bestand opgeslagen als .doc-bestand d:\users\Eigenaar\Desktop\CFScript.txt.doc, terwijl het als .txt-bestand d:\users\Eigenaar\Desktop\CFScript.txt Combofix opnieuw moet aansturen. Wil je dat a.u.b. nog eens op die manier proberen en daarna een nieuw logje van Combofix plaatsen.

Guy9910 · 13 februari 2012

Hopelijk nu juist ?

ComboFix 12-02-09.04 - Eigenaar 13/02/2012 16:39:26.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3037.1719 [GMT 1:00]

Gestart vanuit: d:\users\Eigenaar\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\users\Eigenaar\Desktop\CFScript.txt

AV: Telenet Security Pack 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Telenet Security Pack 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Telenet Security Pack 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Eigenaar\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-13 to 2012-02-13 ))))))))))))))))))))))))))))))

.

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Niels\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Mieke\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Inneke\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Gilles\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Elke\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Dieter\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-13 15:48 . 2012-02-13 15:48 -------- d-----w- c:\users\A***ine\AppData\Local\temp

2012-02-11 12:54 . 2012-02-11 12:55 -------- d-----w- c:\program files\Duplicate Music Files Finder

2012-02-11 12:07 . 2012-02-11 12:07 -------- d-----w- c:\program files\Pioneer

2012-02-11 09:46 . 2012-02-11 09:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-11 09:14 . 2012-02-11 09:14 -------- d-----w- c:\programdata\Easy Driver Pro

2012-02-10 11:57 . 2012-02-10 11:57 -------- d-----w- c:\users\Gast\AppData\Local\Google

2012-02-10 11:56 . 2012-02-13 15:50 45056 ----a-w- c:\windows\system32\acovcnt.exe