Last van een virus, malware, spam of storende pop-ups tijdens het internetten? HijackThis helpt je graag verder.

Welkom op HijackThis, op dit forum kan je terecht voor gratis hulp bij het verwijderen van virussen, malware en andere schadelijke software. Als gast kan je alleen het forum bekijken en meelezen met de verschillende discussies. Klik op de onderstaande link om geheel gratis een gebruikersaccount op ons forum te registreren.

Klik hier om een gratis account te registreren!

Donaties

Ben je tevreden over de manier waarop onze medewerkers je geholpen hebben op HijackThis.nl? Of wil je HijackThis.nl een hart onder de riem steken om dit vrijwilligerswerk verder te kunnen blijven doen? Overweeg dan eens of je een (vrijblijvende) donatie aan ons forum kan doen. Met dank bij voorbaat voor de donatie die je aan HijackThis.nl hebt gedaan!

donaties

BSOD Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL/BAD_POOL_HEADER

Vragen over hardware-problemen
Forumregels
Plaats hier a.u.b. geen FRST/RSIT/DDS/HijackThis logjes!
Deze sectie is alleen bestemd voor algemene computerproblemen.
Problemen die veroorzaakt worden door infecties zullen worden behandeld in de daarvoor bestemde sectie van het forum.
Gesloten
snel0026
Lid
Berichten: 2
Lid geworden op: 09 feb 2013 01:11
Besturingssysteem: Windows 10
Bescherming: Norton security

BSOD Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL/BAD_POOL_HEADER

Bericht door snel0026 » 09 feb 2013 10:49

Ik krijg de laatste tijd steeds een BSOD met als fout: Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL

Nadat ik jullie schoonmaakprogramma en allerlei scans heb uitgevoerd: krijg ik de foutmelding: BAD_POOL_HEADER

Het progje BlueScreenView geeft het volgende aan:

020913-32713-01.dmp 9-2-2013 10:12:07 BAD_POOL_HEADER 0x00000019 0x00000003 0xcb04d8b8 0xcb04d8b8 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+121c6b NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17944 (win7sp1_gdr.120830-0333) 32-bit C:\Windows\Minidump\020913-32713-01.dmp 2 15 7601 145.560

met als Driver found in Crash Stack:

ntkrnlpa.exe ntkrnlpa.exe+1376c0 0x83c00000 0x84013000 0x00413000 0x503f7f43 30-8-2012 15:57:07 Microsoft® Windows® Operating System NT Kernel & System 6.1.7601.17944 (win7sp1_gdr.120830-0333) Microsoft Corporation C:\Windows\system32\ntkrnlpa.exe

Hieronder plaats ik de inhoud van de DDS.txt-file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.9.2
Run by Wim at 8:42:47 on 2013-02-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.2038.949 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Nuria\Nuria.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symbaloo.com/
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uURLSearchHooks: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - <orphaned>
uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>
uURLSearchHooks: {2d8d9acc-f6d7-4362-8876-a275ca929591} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.1.22\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: PanelClix Software: {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - c:\users\wim\appdata\local\wakoopa shared\WakoopaBHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Nuria] c:\program files\nuria\Nuria.exe
uRun: [Screenshot Captor] "c:\program files\screenshotcaptor\ScreenshotCaptor.exe" /autorun
uRun: [TouchpadBlocker.exe] "c:\program files\touchpad blocker\TouchpadBlocker.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SupportAgent_HCC] "c:\program files\smartfix\supportagent_hcc\SupportAgent.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-131 reva\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: DisableCAD = dword:1
IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{54121B09-8E8F-49A3-982C-CDD411C1EAEA} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{54121B09-8E8F-49A3-982C-CDD411C1EAEA}\3416D60796E6764456F4F63747562776163747 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{AA932A2E-ABAD-4DB1-8EE1-D7E3491B5D73} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{AA932A2E-ABAD-4DB1-8EE1-D7E3491B5D73}\350756564645F6573686932373530314 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AA932A2E-ABAD-4DB1-8EE1-D7E3491B5D73}\6596B696E676F524573796E6563737 : DHCPNameServer = 148.122.161.3 148.122.208.99
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-4 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-4 12464]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402010.016\symds.sys [2013-1-23 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402010.016\symefa.sys [2013-1-23 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130116.013\BHDrvx86.sys [2013-1-16 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys [2013-1-23 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130207.001\IDSvix86.sys [2013-2-8 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402010.016\ironx86.sys [2013-1-23 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1402010.016\symnets.sys [2013-1-23 338592]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-1-9 509440]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.1.22\ccsvchst.exe [2013-1-23 143928]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.4.155\SymcPCCULaunchSvc.exe [2011-6-24 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.4.155\ccSvcHst.exe [2011-6-24 126392]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-2-26 2324752]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;c:\windows\system32\drivers\amppal.sys [2012-1-9 141312]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-10-18 971752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-30 106656]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2011-1-30 181704]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-1-17 104208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.sys [2012-6-8 855808]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\amppal.sys [2012-1-9 141312]
S3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [2011-1-31 44544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-28 83168]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-9 8576]
S3 PhilCap;NXP service;c:\windows\system32\drivers\PhilCap.sys [2010-2-1 908896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-24 14848]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2012-12-11 573440]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra tech support (engineer) 2012.sp4a\RpcAgentSrv.exe [2013-1-28 95896]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-28 181344]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-24 49664]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-6 1343400]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
S3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2012-11-5 13720]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-5 3467768]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-12-5 92632]
S4 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2012-5-7 118784]
S4 WlanWpsSvc;WlanWpsSvc;c:\program files\d-link\dwa-131 reva\WlanWpsSvc.exe [2012-12-11 167936]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-02-08 23:55:37 -------- d-----w- c:\program files\Speccy
2013-02-05 13:16:48 -------- d-----w- c:\program files\AuthenTec
2013-02-04 09:06:40 -------- d-----w- c:\users\wim\appdata\local\NokiaAccount
2013-02-03 11:45:07 -------- d-----w- c:\users\wim\appdata\roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2013-01-30 16:38:43 -------- d-----w- c:\users\wim\appdata\local\Wakoopa Shared
2013-01-30 16:38:42 -------- d-----w- c:\users\wim\appdata\local\PanelClix Software
2013-01-28 22:23:22 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-28 22:23:21 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-01-28 21:03:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-28 20:51:07 -------- d-----w- c:\program files\SpeedFan
2013-01-28 17:10:42 -------- d-----w- c:\program files\SiSoftware
2013-01-28 15:09:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-27 09:47:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-27 09:47:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-01-24 12:38:44 311296 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-01-24 12:37:31 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-01-24 12:37:29 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-24 12:37:29 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-24 12:37:29 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-24 12:37:29 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-23 07:46:33 927904 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symefa.sys
2013-01-23 07:46:33 586400 ----a-w- c:\windows\system32\drivers\n360\1402010.016\srtsp.sys
2013-01-23 07:46:33 368288 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symds.sys
2013-01-23 07:46:33 338592 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symnets.sys
2013-01-23 07:46:33 32888 ----a-r- c:\windows\system32\drivers\n360\1402010.016\srtspx.sys
2013-01-23 07:46:33 21400 ----a-r- c:\windows\system32\drivers\n360\1402010.016\symelam.sys
2013-01-23 07:46:33 175264 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ironx86.sys
2013-01-23 07:46:33 134304 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys
2013-01-23 07:46:09 9103 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symvtcer.dat
2013-01-23 07:46:08 -------- d-----w- c:\windows\system32\drivers\n360\1402010.016
2013-01-22 15:07:03 -------- d-----w- c:\users\wim\appdata\local\LogMeIn Rescue Applet
2013-01-19 12:57:12 -------- d-sh--w- C:\found.001
2013-01-19 00:56:14 -------- d-sh--w- C:\found.000
2013-01-18 21:54:49 -------- d-----w- C:\hotfix
2013-01-16 12:39:40 -------- d-----w- c:\users\wim\appdata\roaming\NCH Software
.
==================== Find3M ====================
.
2013-01-28 15:09:01 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-14 07:46:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-14 07:46:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-18 09:06:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-18 09:06:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 23:33:05 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_MK3276GSX rev.GS001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83C00000]<< >>UNKNOWN [0x86200000]<< >>UNKNOWN [0x86609000]<< >>UNKNOWN [0x843CA000]<< >>UNKNOWN [0x84013000]<< >>UNKNOWN [0x861BF000]<< >>UNKNOWN [0x86000000]<< >>UNKNOWN [0x9B14C000]<< >>UNKNOWN [0x8E993000]<< >>UNKNOWN [0x8632F000]<< >>UNKNOWN [0x86139000]<< >>UNKNOWN [0x8615D000]<< >>UNKNOWN [0x863C0000]<< >>UNKNOWN [0x86995000]<< >>UNKNOWN [0x86624000]<< >>UNKNOWN [0x86393000]<< >>UNKNOWN [0x86547000]<< >>UNKNOWN [0x9F801000]<< >>UNKNOWN [0x8680F000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83C36BC5] -> \Device\Harddisk0\DR0[0x8B3D7560]
\Driver\Disk[0x8B3D6730] -> IRP_MJ_CREATE -> 0x8620439F
3 [0x8620459E] -> ntkrnlpa!IofCallDriver[0x83C36BC5] -> \Device\Ide\IdeDeviceP2T0L0-4[0x8B2BE030]
\Driver\atapi[0x88BF2E30] -> IRP_MJ_CREATE -> 0x843E48CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:51:57,51 ===============

En de inhoud van de GMER.log-file:

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-09 10:05:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK3276GSX rev.GS001A 298,09GB
Running: gmer.exe; Driver: C:\Users\Wim\AppData\Local\Temp\ugldapow.sys


---- System - GMER 2.0 ----

SSDT 995F64D8 ZwAlertResumeThread
SSDT 995F65D8 ZwAlertThread
SSDT 9949A548 ZwAllocateVirtualMemory
SSDT 99485490 ZwAssignProcessToJobObject
SSDT 99485B90 ZwCreateMutant
SSDT 99485150 ZwCreateSymbolicLinkObject
SSDT 9949AAF0 ZwCreateThread
SSDT 99485260 ZwCreateThreadEx
SSDT 99485590 ZwDebugActiveProcess
SSDT 9949A758 ZwDuplicateObject
SSDT 995F6E08 ZwFreeVirtualMemory
SSDT 99485CA0 ZwImpersonateAnonymousToken
SSDT 99485DA0 ZwImpersonateThread
SSDT 99485790 ZwLoadDriver
SSDT 995F6CE8 ZwMapViewOfSection
SSDT 99485A90 ZwOpenEvent
SSDT 9949A978 ZwOpenProcess
SSDT 9949A658 ZwOpenProcessToken
SSDT 99485890 ZwOpenSection
SSDT 9949A868 ZwOpenThread
SSDT 99485380 ZwProtectVirtualMemory
SSDT 995F66D8 ZwResumeThread
SSDT 995F69D8 ZwSetContextThread
SSDT 995F6AD8 ZwSetInformationProcess
SSDT 99485690 ZwSetSystemInformation
SSDT 99485990 ZwSuspendProcess
SSDT 995F67D8 ZwSuspendThread
SSDT 9949AC10 ZwTerminateProcess
SSDT 995F68D8 ZwTerminateThread
SSDT 995F6BE8 ZwUnmapViewOfSection
SSDT 995F6F18 ZwWriteVirtualMemory

INT 0x61 ? 9EFCCCD8

Code \SystemRoot\system32\ntkrnlpa.exe[PAGEVRFY] [83F32A2D] pIofCompleteRequest

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83C3DA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83C774D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 83C7E510 8 Bytes [D8, 64, 5F, 99, D8, 65, 5F, ...] {FSUB DWORD [EDI+EBX*2-0x67]; FSUB DWORD [EBP+0x5f]; CDQ }
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83C7E528 4 Bytes [48, A5, 49, 99] {DEC EAX; MOVSD ; DEC ECX; CDQ }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83C7E588 4 Bytes [90, 54, 48, 99] {NOP ; PUSH ESP; DEC EAX; CDQ }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83C7E604 4 Bytes [90, 5B, 48, 99] {NOP ; POP EBX; DEC EAX; CDQ }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 83C7E634 12 Bytes [50, 51, 48, 99, F0, AA, 49, ...] {PUSH EAX; PUSH ECX; DEC EAX; CDQ ; STOSB ; DEC ECX; CDQ ; PUSHA ; PUSH EDX; DEC EAX; CDQ }
.text ...
? C:\Users\Wim\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !
.text user32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes [E9, 69, 02, 3A, 8A, EB, F9] {JMP 0x8a3a026e; JMP 0x0}
.text sechost.dll!LsaLookupGetDomainInfo 758D4D57 7 Bytes [E9, B4, B4, 91, 8A, EB, F9] {JMP 0x8a91b4b9; JMP 0x0}
.text sechost.dll!SetServiceObjectSecurity + CE 758D524F 7 Bytes [E9, 84, B1, 91, 8A, EB, F9] {JMP 0x8a91b189; JMP 0x0}
.text sechost.dll!ChangeServiceConfigA + 17C 758D53D0 7 Bytes [E9, AF, B2, 91, 8A, EB, F9] {JMP 0x8a91b2b4; JMP 0x0}
.text sechost.dll!ChangeServiceConfig2W + 95 758D5677 7 Bytes [E9, 40, AE, 91, 8A, EB, F9] {JMP 0x8a91ae45; JMP 0x0}
.text sechost.dll!CreateServiceA + 21E 758D589A 7 Bytes [E9, 8D, A8, 91, 8A, EB, F9] {JMP 0x8a91a892; JMP 0x0}
.text sechost.dll!CreateServiceW + 17E 758D5A1D 7 Bytes [E9, 2A, AE, 91, 8A, EB, F9] {JMP 0x8a91ae2f; JMP 0x0}
.text sechost.dll!QueryServiceConfigW + 172 758D5C9B 7 Bytes [E9, 00, A9, 91, 8A, EB, F9] {JMP 0x8a91a905; JMP 0x0}
.text sechost.dll!ControlServiceExA + E7 758D5D87 7 Bytes [E9, DC, A9, 91, 8A, EB, F9] {JMP 0x8a91a9e1; JMP 0x0}
.text sechost.dll!I_ScValidatePnPService + 5A9 758D7146 7 Bytes [E9, FD, 8E, 91, 8A, EB, F9] {JMP 0x8a918f02; JMP 0x0}
.text sechost.dll!I_ScBroadcastServiceControlMessage + 7B 758D7240 7 Bytes [E9, AF, 90, 91, 8A, EB, F9] {JMP 0x8a9190b4; JMP 0x0}

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe[716] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe[716] user32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe[1016] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0068004C
.text C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe[1016] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 007A0930
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2000] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 001E004C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2000] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00300930
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2676] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2676] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00080930
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2748] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 000E004C
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2748] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00100930
.text C:\Windows\System32\igfxpers.exe[2888] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Windows\System32\igfxpers.exe[2888] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00180930
.text C:\Windows\System32\igfxtray.exe[2956] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0017004C
.text C:\Windows\System32\igfxtray.exe[2956] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00190930
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3036] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 000F004C
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3036] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00110930
.text C:\Windows\System32\hkcmd.exe[3124] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 001E004C
.text C:\Windows\System32\hkcmd.exe[3124] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00200930
.text C:\Program Files\Launch Manager\LaunchAp.exe[3136] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Launch Manager\LaunchAp.exe[3136] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\Launch Manager\HotkeyApp.exe[3144] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Launch Manager\HotkeyApp.exe[3144] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\Launch Manager\OSD.exe[3164] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Launch Manager\OSD.exe[3164] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 002E0930
.text C:\Windows\system32\igfxsrvc.exe[3172] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\Launch Manager\WButton.exe[3228] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Launch Manager\WButton.exe[3228] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe[3684] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe[3684] user32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001E0930
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3740] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3740] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\Nuria\Nuria.exe[3876] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Nuria\Nuria.exe[3876] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe[4084] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 001D004C
.text C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe[4084] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Users\Wim\Desktop\gmer.exe[4304] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Users\Wim\Desktop\gmer.exe[4304] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 001F0930
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[5936] ntdll.dll!NtTerminateThread 76F268D8 5 Bytes JMP 0002004C
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[5936] USER32.dll!RecordShutdownReason + 372 75E506C2 7 Bytes JMP 00180930

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0009dd5025f6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0009dd5025f6@00164e7c9b54 0x36 0x79 0x30 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5025f6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5025f6@3c363df64d1b 0xA4 0x72 0x34 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0009dd5025f6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0009dd5025f6@3c363df64d1b 0xA4 0x72 0x34 0x04 ...

---- EOF - GMER 2.0 ----

Ik hoop dat jullie er uit kunnen halen wat het probleem is.

Bij voorbaat dank.

Gebruikersavatar
Abraham54
Collega Helper
Berichten: 3165
Lid geworden op: 15 feb 2010 21:00
Besturingssysteem: Windows 10 Professional x64
Bescherming: Windows Defender
Locatie: Grootste stad vanTwente
Contacteer:

Re: BSOD Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL/BAD_POOL_HEAD

Bericht door Abraham54 » 10 feb 2013 17:41

Je had de logs in DDS/HijackThis logfiles moeten posten en niet in dit forumdeel.
Domheid is ook een gave God's, maar men mag haar niet misbruiken.

snel0026
Lid
Berichten: 2
Lid geworden op: 09 feb 2013 01:11
Besturingssysteem: Windows 10
Bescherming: Norton security

Re: BSOD Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL/BAD_POOL_HEAD

Bericht door snel0026 » 10 feb 2013 20:15

OK, ik zal ze verplaatsen. Sorry!

Gesloten