Vraag & Antwoord

Beveiliging & privacy

kan eigenschappen van services en apparaatbeheer niet weerge

27 antwoorden
  • Ik kan de eigenschappen in apparaatbeheer en services niet meer weergeven(d.m.v. rechter muisklik of via het menu). Het systeem reageert dan niet meer en kan alleen via Taakbeheer de toepassingen sluiten. Gisteren kon ik niet internetbankieren via Mijn ING; er bleek een hack te zijn op hun site. Ik kon dus niet inloggen; ING "zegt" uit voorzorg de toegang afgesloten te hebben. Is dit misschien een gevolg daarvan? Reeds uitgevoerd: [list=]Avast! opstartscan: geen virus gevonden(geen logbestand). Hieronder HijackThis log en MBAM log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:07:41, on 12-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?t=0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe -- End of file - 4587 bytes Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6840 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 12-6-2011 15:14:35 mbam-log-2011-06-12 (15-14-35).txt Scantype: Snelle scan Objecten gescand: 144856 Verstreken tijd: 6 minuut/minuten, 14 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Wat te doen?[/list]
  • Hoi Jos - alles ziet er goed uit! Maar je mag het volgende doen: [b:0dee38df4d]Welk programma[/b:0dee38df4d]: ComboFix [b:0dee38df4d]Waarvoor/waarom[/b:0dee38df4d]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:0dee38df4d]Moeilijkheidsgraad[/b:0dee38df4d]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:0dee38df4d]Downloadlokatie[/b:0dee38df4d]: Dit programma absoluut naar het bureaublad downloaden! [b:0dee38df4d]Download ComboFix via één van deze locaties[/b:0dee38df4d]: [list:0dee38df4d][*:0dee38df4d][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:0dee38df4d]Bleepingcomputer[/b:0dee38df4d][/url] [*:0dee38df4d][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:0dee38df4d]ForoSpyware[/b:0dee38df4d][/url] [*:0dee38df4d][url=http://subs.geekstogo.com/ComboFix.exe][b:0dee38df4d]Geekstogo[/b:0dee38df4d][/url][/list:u:0dee38df4d] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:0dee38df4d]Hier[/b:0dee38df4d][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:0dee38df4d]Hier[/b:0dee38df4d][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:0dee38df4d]hier[/b:0dee38df4d][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:0dee38df4d]Voor alle duidelijkheid nogmaals[/b:0dee38df4d]: ComboFix dient vanaf het bureaublad gestart te worden. [b:0dee38df4d]Opmerkingen[/b:0dee38df4d]: [list:0dee38df4d][*:0dee38df4d] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:0dee38df4d]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:0dee38df4d]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:0dee38df4d] [b:0dee38df4d]ComboFix is opgestart[/b:0dee38df4d]: [list:0dee38df4d][*:0dee38df4d]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:0dee38df4d]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:0dee38df4d]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:0dee38df4d]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:0dee38df4d]Post de inhoud van dit logbestand in je volgende bericht. [*:0dee38df4d]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:0dee38df4d] [b:0dee38df4d]Belangrijke opmerking[/b:0dee38df4d]: [list:0dee38df4d][*:0dee38df4d][b:0dee38df4d][color=Red:0dee38df4d]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:0dee38df4d][/b:0dee38df4d] [*:0dee38df4d][b:0dee38df4d][color=blue:0dee38df4d]Illegal operation attempted on a registery key that has been marked for deletion.[/color:0dee38df4d][/b:0dee38df4d] [*:0dee38df4d][b:0dee38df4d][color=Red:0dee38df4d]Start dan de computer opnieuw op.[/color:0dee38df4d][/b:0dee38df4d][/list:u:0dee38df4d]
  • Hieronder het logfile van Combofix: ComboFix 11-06-11.01 - Jos 12-06-2011 16:45:40.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.976 [GMT 2:00] Gestart vanuit: c:\users\Jos\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\xp c:\programdata\xp\EBLib.dll c:\programdata\xp\TPwSav.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))) . . 2011-06-12 14:55 . 2011-06-12 14:55 -------- d-----w- c:\users\Jos\AppData\Local\temp 2011-06-10 06:07 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA5AA56-2079-40C2-90E3-CA70048DC1A3}\mpengine.dll 2011-06-08 19:25 . 2011-06-08 19:25 -------- d-----w- c:\program files\Common Files\Java 2011-05-20 10:29 . 2011-06-08 19:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-08 19:25 . 2010-07-17 03:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-29 07:11 . 2010-10-23 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-10-23 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2011-02-02 16:29 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-02 16:29 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-02-02 16:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-02-02 16:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-02-02 16:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-02-02 16:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-02 16:30 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-02-02 16:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-16 05:41 . 2011-03-16 05:41 161792 ----a-w- c:\windows\system32\msls31.dll 2011-03-16 05:41 . 2011-03-16 05:41 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-03-16 05:41 . 2011-03-16 05:41 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-03-16 05:41 . 2011-03-16 05:41 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-03-16 05:41 . 2011-03-16 05:41 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-03-16 05:41 . 2011-03-16 05:41 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-03-16 05:41 . 2011-03-16 05:41 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-03-16 05:41 . 2011-03-16 05:41 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-03-16 05:41 . 2011-03-16 05:41 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-16 05:41 . 2011-03-16 05:41 367104 ----a-w- c:\windows\system32\html.iec 2011-03-16 05:41 . 2011-03-16 05:41 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-03-16 05:41 . 2011-03-16 05:41 152064 ----a-w- c:\windows\system32\wextract.exe 2011-03-16 05:41 . 2011-03-16 05:41 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-03-16 05:41 . 2011-03-16 05:41 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-03-16 05:41 . 2011-03-16 05:41 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-03-16 05:41 . 2011-03-16 05:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-16 05:41 . 2011-03-16 05:41 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-03-16 05:41 . 2011-03-16 05:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-03-16 05:41 . 2011-03-16 05:41 11776 ----a-w- c:\windows\system32\mshta.exe 2011-03-16 05:41 . 2011-03-16 05:41 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-03-16 05:41 . 2011-03-16 05:41 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-14 16:41 . 2011-05-01 14:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-16 131072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ ¼Ñ¸ . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Jos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk] backup=c:\windows\pss\OpenOffice.org 3.0 .lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CASS] c:\program files\Compal Electronics [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidewalker] c:\program files\Compal Electronics [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog] -c:\program files\Compal Electronics [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote] 2006-07-20 08:44 61440 ----a-w- c:\program files\LifeView MVP\RemoteControl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2011-01-07 21:09 585728 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-01-13 01:40 7766016 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-01-13 01:40 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-01-13 01:40 90191 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-12-29 04:11 4317184 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 12:21 675840 ----a-w- c:\windows\vsnp2std.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-01-27 06:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager] 2010-11-29 09:41 39200 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2554491475-2388841559-3016712956-1000] "EnableNotificationsRef"=dword:00000004 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-15 267568] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jos\Documents\RealTemp_340[1]\WinRing0.sys [2010-01-29 06:01 14416] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-02 482176] S3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2007-11-28 159104] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 07:43] . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 07:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig?t=0 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 194.109.104.104 194.109.6.66 FF - ProfilePath - c:\users\Jos\AppData\Roaming\Mozilla\Firefox\Profiles\z1xx4irm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?t=0 FF - prefs.js: network.proxy.type - 0 . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-aawservice SafeBoot-Lavasoft Ad-Aware Service MSConfigStartUp-Google Update - c:\users\Jos\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\a67dc20b-71e8-4188-9009-abbdace921a2.exe MSConfigStartUp-TomTomHOME - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-12 16:55 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** "ImagePath"="\??\c:\users\Jos\Documents\RealTemp_340 [1]\WinRing0.sys" . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRing0_1_2_0] "ImagePath"="\??\c:\users\Jos\Documents\RealTemp_340 . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2011-06-12 16:58:57 ComboFix-quarantined-files.txt 2011-06-12 14:58 . Pre-Run: 43.912.990.720 bytes beschikbaar Post-Run: 43.815.481.344 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 2CDF2CC405473A1EFA02D362830E209C
  • Hoi Jos, hoe gaat het nu na de scan? Doe nu onderstaande: 1) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: MBRCheck.exe [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: speciale scan op mbr-rootkits [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen. [b:ff8b3e4043]Download [url=http://ad13.geekstogo.com/MBRCheck.exe]MBRCheck.exe[/url][/b:ff8b3e4043] [b:ff8b3e4043]MBRCheck.exe opstarten[/b:ff8b3e4043]: Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe". Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren". [list:ff8b3e4043][*:ff8b3e4043]een zwart scherm toont zich met enkele data erin. [*:ff8b3e4043]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen. [*:ff8b3e4043]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:ff8b3e4043] 2) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: Kaspersky [b:ff8b3e4043]TDSSKiller[/b:ff8b3e4043] [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: Rootkitscanner [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen [b:ff8b3e4043]Downloadlokatie[/b:ff8b3e4043]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:ff8b3e4043]Download[/b:ff8b3e4043] [b:ff8b3e4043]TDSSKiller[/b:ff8b3e4043] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:ff8b3e4043]hier[/b:ff8b3e4043][/url]. [b:ff8b3e4043]Installatie[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043] pak het bestand uit op je bureaublad.[/list:u:ff8b3e4043] [b:ff8b3e4043]TDSSKiller gebruiken[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:ff8b3e4043]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:ff8b3e4043]Als Administrator uitvoeren[/b:ff8b3e4043]. [*:ff8b3e4043] Nadat de scan klaar is, vindt je het log in de C:\ partitie [*:ff8b3e4043] Post de inhoud van dat log[/list:u:ff8b3e4043] 3) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: Malwarebytes MBAM [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen. [b:ff8b3e4043]Download Malwarebytes MBAM via één van deze locaties[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:ff8b3e4043]Download.com[/b:ff8b3e4043][/url] [*:ff8b3e4043][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:ff8b3e4043]Softpedia.com[/b:ff8b3e4043][/url][*:ff8b3e4043][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:ff8b3e4043]Majorgeeks.com[/b:ff8b3e4043][/url][/list:u:ff8b3e4043] [b:ff8b3e4043]Allereerst[/b:ff8b3e4043]:[list:ff8b3e4043][*:ff8b3e4043] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:ff8b3e4043] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:ff8b3e4043] [b:ff8b3e4043]Malwarebytes MBAM opstarten[/b:ff8b3e4043]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [b:ff8b3e4043]Scannen[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:ff8b3e4043]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:ff8b3e4043]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:ff8b3e4043] [b:ff8b3e4043]Infecties gevonden[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043]Klik nu eerst op OK om de melding weg te klikken [*:ff8b3e4043]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:ff8b3e4043]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:ff8b3e4043]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:ff8b3e4043]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:ff8b3e4043]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:ff8b3e4043] [b:ff8b3e4043]MBAM-Log[/b:ff8b3e4043]: [list:ff8b3e4043][*:ff8b3e4043] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:ff8b3e4043] [b:ff8b3e4043]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:ff8b3e4043] [b:ff8b3e4043]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:ff8b3e4043] [list:ff8b3e4043][*:ff8b3e4043] MBRCheck-log [*:ff8b3e4043] TDSSKiller-log [*:ff8b3e4043] MBAM scanlog [*:ff8b3e4043] laat weten wanneer je ergens een probleem mee hebt[/list:u:ff8b3e4043]
  • Status op dit moment --> onveranderd sinds start topic dus kan nog geen eigenschappen openen en alleen afsluiten m.b.v. Taakbeheer. Hierbij de logs: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: COMPAL BIOS Manufacturer: COMPAL System Manufacturer: COMPAL System Product Name: HEL80C Logical Drives Mask: 0x0000000c Kernel Drivers (total 167): 0x82C50000 \SystemRoot\system32\ntkrnlpa.exe 0x82C1D000 \SystemRoot\system32\hal.dll 0x8040B000 \SystemRoot\system32\kdcom.dll 0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80482000 \SystemRoot\system32\PSHED.dll 0x80493000 \SystemRoot\system32\BOOTVID.dll 0x8049B000 \SystemRoot\system32\CLFS.SYS 0x804DC000 \SystemRoot\system32\CI.dll 0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068B000 \SystemRoot\system32\drivers\acpi.sys 0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E2000 \SystemRoot\system32\drivers\pci.sys 0x80709000 \SystemRoot\system32\DRIVERS\LPCFilter.sys 0x80713000 \SystemRoot\System32\drivers\partmgr.sys 0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8072F000 \SystemRoot\system32\drivers\volmgr.sys 0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys 0x80788000 \SystemRoot\system32\drivers\intelide.sys 0x8078F000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8079D000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x807CA000 \SystemRoot\System32\drivers\mountmgr.sys 0x807DA000 \SystemRoot\system32\drivers\atapi.sys 0x807E2000 \SystemRoot\system32\drivers\ataport.SYS 0x805BC000 \SystemRoot\system32\drivers\fltmgr.sys 0x805EE000 \SystemRoot\system32\drivers\fileinfo.sys 0x83206000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x83215000 \SystemRoot\System32\Drivers\ksecdd.sys 0x83286000 \SystemRoot\system32\drivers\ndis.sys 0x83391000 \SystemRoot\system32\drivers\msrpc.sys 0x833BC000 \SystemRoot\system32\drivers\NETIO.SYS 0x83802000 \SystemRoot\System32\drivers\tcpip.sys 0x838EC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x83A0B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x83B1B000 \SystemRoot\system32\drivers\volsnap.sys 0x83B54000 \SystemRoot\System32\Drivers\spldr.sys 0x83B5C000 \SystemRoot\System32\Drivers\mup.sys 0x83B6B000 \SystemRoot\System32\drivers\ecache.sys 0x83B92000 \SystemRoot\system32\drivers\disk.sys 0x83BA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x83BC4000 \SystemRoot\system32\drivers\crcdisk.sys 0x83BED000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x83907000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x90800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90C3F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90CDF000 \SystemRoot\System32\drivers\watchdog.sys 0x90CEB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x91202000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x91429000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x9146A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x91475000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x914B3000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x914C2000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x914D2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x914E0000 \SystemRoot\system32\DRIVERS\EMS7SK.sys 0x914F0000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x9150A000 \SystemRoot\system32\DRIVERS\ESD7SK.sys 0x91515000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x91519000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9152C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x91537000 \SystemRoot\system32\DRIVERS\Ktp.sys 0x9153E000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91549000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91561000 \SystemRoot\system32\drivers\tpm.sys 0x9156F000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x9159E000 \SystemRoot\system32\DRIVERS\storport.sys 0x915DF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90D78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x915EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90D8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90DB2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90DC1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90DD5000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x90DEA000 \SystemRoot\system32\DRIVERS\termdd.sys 0x915F5000 \SystemRoot\system32\DRIVERS\swenum.sys 0x83916000 \SystemRoot\system32\DRIVERS\ks.sys 0x83BF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x83940000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8394D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x83982000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x93A0A000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x93BA0000 \SystemRoot\system32\drivers\portcls.sys 0x93BCD000 \SystemRoot\system32\drivers\drmk.sys 0x94803000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x9491F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x94921000 \SystemRoot\system32\drivers\modem.sys 0x9492E000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x9499E000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x94C0B000 \SystemRoot\System32\Drivers\bthport.sys 0x94C8B000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x94CB4000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x94CBE000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x94CD8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x94CE1000 \SystemRoot\System32\Drivers\Null.SYS 0x94CE8000 \SystemRoot\System32\Drivers\Beep.SYS 0x94CF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x94CFF000 \SystemRoot\System32\drivers\vga.sys 0x94D0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x94D2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x94D34000 \SystemRoot\system32\drivers\rdpencdd.sys 0x94D3C000 \SystemRoot\System32\Drivers\Msfs.SYS 0x94D47000 \SystemRoot\System32\Drivers\Npfs.SYS 0x95205000 \SystemRoot\system32\DRIVERS\snp2sxp.sys 0x95D79000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x95D86000 \SystemRoot\system32\DRIVERS\SNCAMD.SYS 0x95D8D000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x95D96000 \SystemRoot\system32\DRIVERS\tdx.sys 0x95DAC000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x94D55000 \SystemRoot\System32\Drivers\ATSwpWDF.sys 0x95DC3000 \SystemRoot\system32\DRIVERS\TridVid.sys 0x95DEA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x95DED000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x94DCA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x95DF6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x94DDA000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x94DE4000 \SystemRoot\system32\DRIVERS\smb.sys 0x949AB000 \SystemRoot\system32\drivers\afd.sys 0x95200000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x83993000 \SystemRoot\System32\DRIVERS\netbt.sys 0x839C5000 \SystemRoot\system32\DRIVERS\pacer.sys 0x93BF2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x839DB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x94DF8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x96E01000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x96E3D000 \SystemRoot\system32\drivers\nsiproxy.sys 0x96E47000 \??\C:\Windows\system32\drivers\elrawdsk.sys 0x96E4B000 \SystemRoot\System32\Drivers\dfsc.sys 0x96E62000 \SystemRoot\System32\Drivers\aswSP.SYS 0x96EAC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x96EB9000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x96EC4000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x816C0000 \SystemRoot\System32\win32k.sys 0x96ECC000 \SystemRoot\System32\drivers\Dxapi.sys 0x96ED6000 \SystemRoot\system32\DRIVERS\monitor.sys 0x818E0000 \SystemRoot\System32\TSDDD.dll 0x81900000 \SystemRoot\System32\cdd.dll 0x96EE5000 \SystemRoot\system32\drivers\luafv.sys 0x96F00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x96F38000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x96F43000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x96F53000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x96F7D000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x96F87000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA040B000 \SystemRoot\system32\drivers\spsys.sys 0xA04BB000 \SystemRoot\system32\drivers\HTTP.sys 0xA0528000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA0545000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA055E000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0573000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0592000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA05CB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x96F9A000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA180C000 \SystemRoot\System32\DRIVERS\srv.sys 0xA185B000 \SystemRoot\system32\drivers\peauth.sys 0xA1939000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA1943000 \SystemRoot\system32\drivers\MSPQM.sys 0xA1945000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA1951000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA195A000 \SystemRoot\system32\drivers\tdtcp.sys 0xA1965000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xA1971000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA19A4000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA19C2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0xA19C4000 \??\C:\Users\Jos\AppData\Local\Temp\catchme.sys 0x77C60000 \Windows\System32\ntdll.dll Processes (total 57): 0 System Idle Process 4 System 532 C:\Windows\System32\smss.exe 616 csrss.exe 664 C:\Windows\System32\wininit.exe 684 csrss.exe 716 C:\Windows\System32\services.exe 728 C:\Windows\System32\lsass.exe 740 C:\Windows\System32\lsm.exe 884 C:\Windows\System32\svchost.exe 908 C:\Windows\System32\winlogon.exe 992 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\svchost.exe 1172 C:\Windows\System32\svchost.exe 1308 C:\Windows\System32\audiodg.exe 1328 C:\Windows\System32\svchost.exe 1344 C:\Windows\System32\SLsvc.exe 1420 C:\Windows\System32\svchost.exe 1512 C:\Windows\System32\svchost.exe 1648 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1656 C:\Windows\System32\wlanext.exe 308 C:\Windows\System32\spoolsv.exe 264 C:\Windows\System32\svchost.exe 688 C:\Windows\System32\svchost.exe 1184 C:\Windows\ehome\ehrecvr.exe 1732 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 2092 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 2156 C:\Windows\System32\taskeng.exe 2264 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2320 C:\Windows\System32\svchost.exe 2344 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2408 C:\Program Files\Secunia\PSI\sua.exe 2444 C:\Windows\System32\svchost.exe 2480 C:\Windows\System32\svchost.exe 2508 C:\Windows\System32\svchost.exe 2548 C:\Windows\System32\SearchIndexer.exe 2704 C:\Program Files\Windows Media Player\wmpnetwk.exe 3920 C:\Windows\ehome\ehsched.exe 2148 C:\Windows\System32\svchost.exe 4016 C:\Windows\System32\dwm.exe 3356 C:\Windows\System32\taskeng.exe 2212 C:\Program Files\AVAST Software\Avast\AvastUI.exe 3028 C:\Program Files\Windows Sidebar\sidebar.exe 2724 C:\Windows\ehome\ehtray.exe 260 C:\Program Files\AutoSizer\AutoSizer.exe 3660 C:\Windows\ehome\ehmsas.exe 1128 C:\Program Files\Windows Sidebar\sidebar.exe 1084 C:\Program Files\Windows Media Player\wmpnscfg.exe 4376 C:\Program Files\Windows Defender\MSASCui.exe 4304 C:\Windows\System32\conime.exe 5232 C:\Windows\explorer.exe 3852 C:\Windows\System32\SearchProtocolHost.exe 6124 C:\Windows\System32\SearchFilterHost.exe 860 C:\Users\Jos\Downloads\MBRCheck.exe 5512 C:\Windows\System32\SearchProtocolHost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZOC10V Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Krijg het log van TDSSkiller in vreemde tekens geopend; tekstverwerker=OpenOffice.org 3.0 Het Kaspersky programma gaf aan dat er geen infecties zijn. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6841 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 12-6-2011 18:02:00 mbam-log-2011-06-12 (18-02-00).txt Scantype: Snelle scan Objecten gescand: 150705 Verstreken tijd: 5 minuut/minuten, 23 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Status na uitvoeren bovenstaande prog's: onveranderd dus nog steeds geen eigenschappen te openen en afsluiten via Taakbeheer.
  • Wat voor muis gebruik jij? Eentje met staart aan de verkeerde kant of een draadloos exemplaar? En indien het laatste, is de aanwezige energie in die muis nog voldoende?
  • Logitech Dual Laser Engine Draadloos. Lampje brand groen; als hij rood brand verwissel ik de batterij meteen. Het zijn wel oplaadbare batterijen dus ze zijn misschien aan vervanging toe. Ik heb op dit moment geen nieuwe batterijen maar ga ze binnenkort aanschaffen. Toch nog een nieuwe batterij gevonden maar dit helpt ook niet; het probleem blijft bestaan. De muis heeft een algemene driver van Microsoft. Nooit geen problemen mee gehad. Misschien de bijbehorende juiste driver downen van de Logitech site? Via de touchpad treed het probleem ook op. ??????????????
  • Probeer eerst het volgende: ga naar [b:ab5d0ef691]Start[/b:ab5d0ef691] en typ [in de zoekregel [b:ab5d0ef691]cmd[/b:ab5d0ef691]; bovenaan het startmenu zie je nu de betreffende snelkoppeling. Klik deze snelkoppeling met rechts aan en kies voor [b:ab5d0ef691]Als administrator uitvoeren[/b:ab5d0ef691]. In het zwarte venster typ je nu [b:ab5d0ef691]sfc /scannow[/b:ab5d0ef691] gevolgd door indrukken van de Entertoets. Denk wel aan de spatie na 'sfc'. In het zwarte venster zie nu de voortgang van de scan. Is de scan klaar, typ je [b:ab5d0ef691]Exit[/b:ab5d0ef691] gevolgd door indrukken van de Entertoets. SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zonodig volgt reparatie. Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.
  • Sfc uitgevoerd; melding dat er enkele bestanden beschadigd zijn en hersteld. Er werd [b:7856298305]niet[/b:7856298305] gemeld dat er opnieuw opgestart moest worden. Probleem blijft na de scan bestaan. Toch maar opnieuw opstarten? Hieronder het CBS-log: 2011-06-12 21:35:27, Info CBS Loaded Servicing Stack v6.0.6002.18005 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cbscore.dll 2011-06-12 21:35:27, Info CSI 00000001@2011/6/12:19:35:27.239 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x69a8854e @0x69a663a1 @0xac1392 @0xac1ed4 @0xac17cb) 2011-06-12 21:35:27, Info CSI 00000002@2011/6/12:19:35:27.281 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x69abe7b6 @0x69aa0f93 @0xac1392 @0xac1ed4 @0xac17cb) 2011-06-12 21:35:27, Info CSI 00000003@2011/6/12:19:35:27.302 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x74d51a0d @0x74d51794 @0xac360b @0xac2be3 @0xac17cb) 2011-06-12 21:35:27, Info CBS NonStart: Checking to ensure startup processing was not required. 2011-06-12 21:35:27, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xc7fec8 2011-06-12 21:35:27, Info CBS NonStart: Success, startup processing not required as expected. 2011-06-12 21:35:27, Info CSI 00000005 CSI Store 2939384 (0x002cd9f8) initialized 2011-06-12 21:35:32, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:32, Info CSI 00000007 [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:37, Info CSI 00000008 Repair results created: POQ 0 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\322542e73729cc016500000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\52e444e73729cc016600000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms" 2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\12b946e73729cc016700000098136816.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms" 3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\020349e73729cc016800000098136816.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms" 4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\f24c4be73729cc016900000098136816.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms" 5: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\32e94be73729cc016a00000098136816.program_files_common_files_microsoft_shared_ink_nl_7a952e4bcb9a36c2.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_nl_7a952e4bcb9a36c2.cdf-ms" 6: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\72169de73729cc016b00000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 7: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\b223a0e73729cc016c00000098136816.$$_ehome_40103e2da1d 2011-06-12 21:35:37, Info CSI 121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms" POQ 0 ends. 2011-06-12 21:35:37, Info CSI 00000009 [SR] Verify complete 2011-06-12 21:35:37, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:37, Info CSI 0000000b [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:42, Info CSI 0000000c Repair results created: POQ 1 starts: POQ 1 ends. 2011-06-12 21:35:42, Info CSI 0000000d [SR] Verify complete 2011-06-12 21:35:42, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:42, Info CSI 0000000f [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:46, Info CSI 00000010 Repair results created: POQ 2 starts: POQ 2 ends. 2011-06-12 21:35:46, Info CSI 00000011 [SR] Verify complete 2011-06-12 21:35:46, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:46, Info CSI 00000013 [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:48, Info CSI 00000014 Repair results created: POQ 3 starts: POQ 3 ends. 2011-06-12 21:35:48, Info CSI 00000015 [SR] Verify complete 2011-06-12 21:35:48, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:48, Info CSI 00000017 [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:50, Info CSI 00000018 Repair results created: POQ 4 starts: POQ 4 ends. 2011-06-12 21:35:50, Info CSI 00000019 [SR] Verify complete 2011-06-12 21:35:50, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:50, Info CSI 0000001b [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:51, Info CSI 0000001c Repair results created: POQ 5 starts: POQ 5 ends. 2011-06-12 21:35:51, Info CSI 0000001d [SR] Verify complete 2011-06-12 21:35:51, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:51, Info CSI 0000001f [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:53, Info CSI 00000020 Repair results created: POQ 6 starts: POQ 6 ends. 2011-06-12 21:35:53, Info CSI 00000021 [SR] Verify complete 2011-06-12 21:35:53, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:53, Info CSI 00000023 [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:55, Info CSI 00000024 Repair results created: POQ 7 starts: POQ 7 ends. 2011-06-12 21:35:55, Info CSI 00000025 [SR] Verify complete 2011-06-12 21:35:55, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:55, Info CSI 00000027 [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:57, Info CSI 00000028 Repair results created: POQ 8 starts: POQ 8 ends. 2011-06-12 21:35:57, Info CSI 00000029 [SR] Verify complete 2011-06-12 21:35:57, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:57, Info CSI 0000002b [SR] Beginning Verify and Repair transaction 2011-06-12 21:35:59, Info CSI 0000002c Repair results created: POQ 9 starts: POQ 9 ends. 2011-06-12 21:35:59, Info CSI 0000002d [SR] Verify complete 2011-06-12 21:35:59, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:35:59, Info CSI 0000002f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:00, Info CSI 00000030 Repair results created: POQ 10 starts: POQ 10 ends. 2011-06-12 21:36:00, Info CSI 00000031 [SR] Verify complete 2011-06-12 21:36:01, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:01, Info CSI 00000033 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:02, Info CSI 00000034 Repair results created: POQ 11 starts: POQ 11 ends. 2011-06-12 21:36:02, Info CSI 00000035 [SR] Verify complete 2011-06-12 21:36:03, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:03, Info CSI 00000037 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:04, Info CSI 00000038 Repair results created: POQ 12 starts: POQ 12 ends. 2011-06-12 21:36:04, Info CSI 00000039 [SR] Verify complete 2011-06-12 21:36:04, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:04, Info CSI 0000003b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:06, Info CSI 0000003c Repair results created: POQ 13 starts: POQ 13 ends. 2011-06-12 21:36:06, Info CSI 0000003d [SR] Verify complete 2011-06-12 21:36:06, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:06, Info CSI 0000003f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:08, Info CSI 00000040 Repair results created: POQ 14 starts: POQ 14 ends. 2011-06-12 21:36:08, Info CSI 00000041 [SR] Verify complete 2011-06-12 21:36:08, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:08, Info CSI 00000043 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:10, Info CSI 00000044 Repair results created: POQ 15 starts: POQ 15 ends. 2011-06-12 21:36:10, Info CSI 00000045 [SR] Verify complete 2011-06-12 21:36:10, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:10, Info CSI 00000047 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:12, Info CSI 00000048 Repair results created: POQ 16 starts: POQ 16 ends. 2011-06-12 21:36:12, Info CSI 00000049 [SR] Verify complete 2011-06-12 21:36:12, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:12, Info CSI 0000004b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:14, Info CSI 0000004c Repair results created: POQ 17 starts: POQ 17 ends. 2011-06-12 21:36:14, Info CSI 0000004d [SR] Verify complete 2011-06-12 21:36:14, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:14, Info CSI 0000004f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:16, Info CSI 00000050 Repair results created: POQ 18 starts: POQ 18 ends. 2011-06-12 21:36:16, Info CSI 00000051 [SR] Verify complete 2011-06-12 21:36:16, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:16, Info CSI 00000053 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:17, Info CSI 00000054 Repair results created: POQ 19 starts: POQ 19 ends. 2011-06-12 21:36:17, Info CSI 00000055 [SR] Verify complete 2011-06-12 21:36:18, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:18, Info CSI 00000057 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:19, Info CSI 00000058 Repair results created: POQ 20 starts: POQ 20 ends. 2011-06-12 21:36:19, Info CSI 00000059 [SR] Verify complete 2011-06-12 21:36:19, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:19, Info CSI 0000005b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:21, Info CSI 0000005c Repair results created: POQ 21 starts: POQ 21 ends. 2011-06-12 21:36:21, Info CSI 0000005d [SR] Verify complete 2011-06-12 21:36:21, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:21, Info CSI 0000005f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:23, Info CSI 00000060 Repair results created: POQ 22 starts: POQ 22 ends. 2011-06-12 21:36:23, Info CSI 00000061 [SR] Verify complete 2011-06-12 21:36:24, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:24, Info CSI 00000063 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:26, Info CSI 00000064 Repair results created: POQ 23 starts: POQ 23 ends. 2011-06-12 21:36:26, Info CSI 00000065 [SR] Verify complete 2011-06-12 21:36:26, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:26, Info CSI 00000067 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:28, Info CSI 00000068 Repair results created: POQ 24 starts: POQ 24 ends. 2011-06-12 21:36:28, Info CSI 00000069 [SR] Verify complete 2011-06-12 21:36:28, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:28, Info CSI 0000006b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:30, Info CSI 0000006c Repair results created: POQ 25 starts: POQ 25 ends. 2011-06-12 21:36:30, Info CSI 0000006d [SR] Verify complete 2011-06-12 21:36:30, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:30, Info CSI 0000006f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:32, Info CSI 00000070 Repair results created: POQ 26 starts: POQ 26 ends. 2011-06-12 21:36:32, Info CSI 00000071 [SR] Verify complete 2011-06-12 21:36:32, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:32, Info CSI 00000073 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:34, Info CSI 00000074 Repair results created: POQ 27 starts: POQ 27 ends. 2011-06-12 21:36:34, Info CSI 00000075 [SR] Verify complete 2011-06-12 21:36:35, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:35, Info CSI 00000077 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:36, Info CSI 00000078 Repair results created: POQ 28 starts: POQ 28 ends. 2011-06-12 21:36:36, Info CSI 00000079 [SR] Verify complete 2011-06-12 21:36:36, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:36, Info CSI 0000007b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:39, Info CSI 0000007c Repair results created: POQ 29 starts: POQ 29 ends. 2011-06-12 21:36:39, Info CSI 0000007d [SR] Verify complete 2011-06-12 21:36:39, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:39, Info CSI 0000007f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:41, Info CSI 00000080 Repair results created: POQ 30 starts: POQ 30 ends. 2011-06-12 21:36:41, Info CSI 00000081 [SR] Verify complete 2011-06-12 21:36:41, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:41, Info CSI 00000083 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:43, Info CSI 00000084 Repair results created: POQ 31 starts: POQ 31 ends. 2011-06-12 21:36:43, Info CSI 00000085 [SR] Verify complete 2011-06-12 21:36:43, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:43, Info CSI 00000087 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:45, Info CSI 00000088 Repair results created: POQ 32 starts: POQ 32 ends. 2011-06-12 21:36:45, Info CSI 00000089 [SR] Verify complete 2011-06-12 21:36:45, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:45, Info CSI 0000008b [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:48, Info CSI 0000008c Repair results created: POQ 33 starts: POQ 33 ends. 2011-06-12 21:36:48, Info CSI 0000008d [SR] Verify complete 2011-06-12 21:36:48, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:48, Info CSI 0000008f [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:54, Info CSI 00000090 Repair results created: POQ 34 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e28689153829cc01b50d000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\62308d153829cc01b60d000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\62a18f153829cc01b70d000098136816.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms" 3: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\82e8a5153829cc01b80d000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms" 4: Create Directory: Directory = [l:48{24}]"\??\C:\Program Files\MSN", Attributes = 00000080 POQ 34 ends. 2011-06-12 21:36:54, Info CSI 00000091 [SR] Verify complete 2011-06-12 21:36:55, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:36:55, Info CSI 00000093 [SR] Beginning Verify and Repair transaction 2011-06-12 21:36:59, Info CSI 00000094 Repair results created: POQ 35 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2de40183829cc011d0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\e25341183829cc011e0e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\c27643183829cc011f0e000098136816.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms" 3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\d20e46183829cc01200e000098136816.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms" 4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2c94a183829cc01210e000098136816.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms" 5: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2614d183829cc01220e000098136816.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms" 6: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2844f183829cc01230e000098136816.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms" 7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2fe56183829cc01240e000098136816.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf 2011-06-12 21:36:59, Info CSI -ms" 8: Create Directory: Directory = [l:46{23}]"\??\C:\Windows\SchCache", Attributes = 00000080 9: Create Directory: Directory = [l:58{29}]"\??\C:\Windows\Help\Corporate", Attributes = 00000080 10: Create Directory: Directory = [l:46{23}]"\??\C:\Windows\Help\OEM", Attributes = 00000080 11: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\82d5ab183829cc01250e000098136816.$$_help_windows_nl-nl_c6aeba0659bf6105.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_nl-nl_c6aeba0659bf6105.cdf-ms" 12: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\3283ad183829cc01260e000098136816.$$_help_help_nl-nl_90a28b899d75bef7.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_nl-nl_90a28b899d75bef7.cdf-ms" 13: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\12f2cc183829cc01270e000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 14: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\c210d1183829cc01280e000098136816.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms" 15: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2d4da183829cc01290e000098136816.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms" 16: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2f7dc183829cc012a0e000098136816.$$_msagent_chars_9a5bcb5da392f588.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_chars_9a5bcb5da392f588.cdf-ms" POQ 35 ends. 2011-06-12 21:36:59, Info CSI 00000095 [SR] Verify complete 2011-06-12 21:37:00, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:00, Info CSI 00000097 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:06, Info CSI 00000098 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-HomePremium, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:06, Info CSI 00000099 Repair results created: POQ 36 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b252691c3829cc018f0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2a0691c3829cc01900e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\9239751c3829cc01910e000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\527f791c3829cc01920e000098136816.$$_system32_branding_nl-nl_85b7e97a196944ba.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_branding_nl-nl_85b7e97a196944ba.cdf-ms" 4: Create Directory: Directory = [l:64{32}]"\??\C:\Windows\System32\Branding", Attributes = 00000080 5: Create Directory: Directory = [l:76{38}]"\??\C:\Windows\System32\Branding\nl-NL", Attributes = 00000080 6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d23f8e1c3829cc01930e000098136816.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms" 7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2d7901c3829cc01940e000098136816.$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms" 8: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\0226911c3829cc01950e000098136816.$$_branding_basebrd_nl-nl_62da8a8529a0b7f7.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_nl-nl_62da8a8529a0b7f7.cdf-ms" 9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\724ea31c3 2011-06-12 21:37:06, Info CSI 829cc01960e000098136816.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms" 10: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\226da71c3829cc01970e000098136816.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms" 11: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\72c1f81c3829cc01980e000098136816.$$_system32_boot_06654401df2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms" POQ 36 ends. 2011-06-12 21:37:06, Info CSI 0000009a [SR] Verify complete 2011-06-12 21:37:07, Info CSI 0000009b [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:07, Info CSI 0000009c [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:11, Info CSI 0000009d Repair results created: POQ 37 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2f9a21f3829cc01fd0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\126fa31f3829cc01fe0e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2c9d51f3829cc01ff0e000098136816.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms" 3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2f0d51f3829cc01000f000098136816.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms" POQ 37 ends. 2011-06-12 21:37:11, Info CSI 0000009e [SR] Verify complete 2011-06-12 21:37:12, Info CSI 0000009f [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:12, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:16, Info CSI 000000a1 Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:16, Info CSI 000000a2 Repair results created: POQ 38 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2d9a5223829cc01650f000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c227a6223829cc01660f000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\f29ca6223829cc01670f000098136816.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms" 3: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\125ca9223829cc01680f000098136816.$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms" 4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2e2aa223829cc01690f000098136816.$$_inf_msdtc_0413_5b1b876f4f36bf80.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0413_5b1b876f4f36bf80.cdf-ms" 5: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\123eae223829cc016a0f000098136816.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms" 6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2222ce223829cc016b0f000098136816.$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms" 7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\82abf3223829cc016c0f000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\623ff8223829cc016d0f000098136816.$$_system32_ 2011-06-12 21:37:16, Info CSI tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms" 9: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\323bfa223829cc016e0f000098136816.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms" 10: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\4262fa223829cc016f0f000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms" 11: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2e8fb223829cc01700f000098136816.program_files_windows_calendar_499855975101431e.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_499855975101431e.cdf-ms" 12: Create Directory: Directory = [l:126{63}]"\??\C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar", Attributes = 00000080 13: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\526bff223829cc01710f000098136816.program_files_windows_calendar_nl-nl_dd4910ed95d502f7.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_nl-nl_dd4910ed95d502f7.cdf-ms" POQ 38 ends. 2011-06-12 21:37:16, Info CSI 000000a3 [SR] Verify complete 2011-06-12 21:37:17, Info CSI 000000a4 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:17, Info CSI 000000a5 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:24, Info CSI 000000a6 Repair results created: POQ 39 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\f24135263829cc01d60f000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\129035263829cc01d70f000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e24f41263829cc01d80f000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b22d48263829cc01d90f000098136816.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms" 4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\429d70263829cc01da0f000098136816.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms" 5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a201b1263829cc01db0f000098136816.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms" 6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82e1d2263829cc01dc0f000098136816.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms" 7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4273f4263829cc01dd0f000098136816.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms" 8: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames 2011-06-12 21:37:24, Info CSI \525714273829cc01de0f000098136816.$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms" 9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\722d28273829cc01df0f000098136816.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms" 10: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\12cb3a273829cc01e00f000098136816.$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms" 11: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\022c4e273829cc01e10f000098136816.$$_system32_com_066545e3d047e7c7.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms" 12: Create Directory: Directory = [l:68{34}]"\??\C:\Windows\Registration\CRMLog", Attributes = 00000080 13: Create Directory: Directory = [l:62{31}]"\??\C:\Windows\System32\com\dmp", Attributes = 00000080 14: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{6002fb82-02e5-1953-16d3-ec814bdc5adc}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c00530079007300500072006500700044007400630043006c00650061006e00750070000000} 15: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{6002fb82-02e5-1953-1eb2-96b7091aa28f}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c005300790073005000720065007000440074006300470065006e006500720061006c0069007a0065000000} 2011-06-12 21:37:24, Info CSI 16: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{6002fb82-02e5-1953-35a2-cee9227ca977}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c0053007900730050007200650070004400740063005300700065006300690061006c0069007a0065000000} 17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{d4b18d8a-bf11-59ca-594c-604cd9837b21}", Type = REG_SZ (1), Data = {l:96 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c00630061007400730072007600750074002e0064006c006c002c00530079007300700072006500700043006f006d0070006c00750073000000} POQ 39 ends. 2011-06-12 21:37:24, Info CSI 000000a7 [SR] Verify complete 2011-06-12 21:37:24, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:24, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:30, Info CSI 000000aa Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\th-TH" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"th-TH", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:30, Info CSI 000000ab Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\et-EE" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"et-EE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:31, Info CSI 000000ac Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ja-JP" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ja-JP", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:31, Info CSI 000000ad Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-PT" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-PT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:31, Info CSI 000000ae Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pl-PL" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pl-PL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:32, Info CSI 000000af Ignoring duplicate ownership for directory [l:68{34}]"\??\C:\Windows\System32\sr-Latn-CS" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:20{10}]"sr-Latn-CS", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:32, Info CSI 000000b0 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\es-ES" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"es-ES", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:33, Info CSI 000000b1 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nb-NO" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2011-06-12 21:37:33, Info CSI 000000b2 Repair results created: POQ 40 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\623f4b2a3829cc014610000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\92b44b2a3829cc014710000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\3270592a3829cc014810000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2b55d2a3829cc014910000098136816.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms" 4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2cd772a3829cc014a10000098136816.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms" 5: Move File: Source = [l:206{103}]"\SystemRoot\WinSxS\Temp\PendingRenames\7215972a3829cc014b10000098136816.$$_temp_401038c9a18c18c0.cdf-ms", Destination = [l:118{59}]"\SystemRoot\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms" 6: Create Directory: Directory = [l:76{38}]"\??\C:\Windows\System32\config\Journal", Attributes = 00000080 7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92e4c02a3829cc014c10000098136816.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms" 8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c270d22a3829cc014d10000098136816.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce 2011-06-12 21:37:33, Info CSI 4fdb.cdf-ms" 9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2e3ef2a3829cc014e10000098136816.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms" 10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0270012b3829cc014f10000098136816.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms" 11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7298132b3829cc015010000098136816.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms" 12: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92fd242b3829cc015110000098136816.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms" 13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\72c6352b3829cc015210000098136816.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms" 14: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e25f4a2b3829cc015310000098136816.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms" 15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2c9622b3829cc015410000098136816.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms" 16: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d29b782b3829cc015510000098136816.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf- 2011-06-12 21:37:33, Info CSI ms" 17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2d9892b3829cc015610000098136816.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms" 18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\12669b2b3829cc015710000098136816.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms" 19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ffaf2b3829cc015810000098136816.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms" 20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\62c8c02b3829cc015910000098136816.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms" 21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\326ad12b3829cc015a10000098136816.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms" 22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f255e42b3829cc015b10000098136816.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms" 23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2d0f42b3829cc015c10000098136816.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms" 24: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\724b052c3829cc015d10000098136816.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cd 2011-06-12 21:37:33, Info CSI f-ms" 25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\52a3132c3829cc015e10000098136816.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms" 26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a20c232c3829cc015f10000098136816.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms" 27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92ee5f2c3829cc016010000098136816.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms" 28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\02db7b2c3829cc016110000098136816.$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms" 29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d20b8a2c3829cc016210000098136816.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms" 30: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82d09c2c3829cc016310000098136816.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms" 31: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\927fb02c3829cc016410000098136816.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms" 32: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\22f6c22c3829cc016510000098136816.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms" 2011-06-12 21:37:33, Info CSI 33: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c222d32c3829cc016610000098136816.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms" 34: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\126ee72c3829cc016710000098136816.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms" 35: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2b3eb2c3829cc016810000098136816.programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms" 36: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\6213ed2c3829cc016910000098136816.programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms" 37: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\320fef2c3829cc016a10000098136816.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms" 38: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{c01f3410-d5ff-e992-c28d-ccc47a787790}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430041005000490053007900730050007200650070005f00470065006e006500720061006c0069007a0065000000} 39: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{c01f3410-d5ff-e992-b30d-046ffeeb096e}", Type 2011-06-12 21:37:33, Info CSI = REG_SZ (1), Data = {l:112 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f005300700065006300690061006c0069007a0065000000} 40: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{c01f3410-d5ff-e992-1dcd-fb0609f92d84}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f0043006c00650061006e000000} POQ 40 ends. 2011-06-12 21:37:33, Info CSI 000000b3 [SR] Verify complete 2011-06-12 21:37:33, Info CSI 000000b4 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:33, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:39, Info CSI 000000b6 Repair results created: POQ 41 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b260c52f3829cc01cf10000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2aec52f3829cc01d010000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\9247d12f3829cc01d110000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\2289d72f3829cc01d210000098136816.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms" 4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\526fda2f3829cc01d310000098136816.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms" 5: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\c262e02f3829cc01d410000098136816.$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms" 6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\324812303829cc01d510000098136816.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms" 7: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\024414303829cc01d610000098136816.$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms" POQ 41 ends. 2011-06-12 21:37:39, Info CSI 000000b7 [SR] Verify complete 2011-06-12 21:37:39, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:39, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:44, Info CSI 000000ba Repair results created: POQ 42 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\62809c333829cc013b11000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ce9c333829cc013c11000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\a28d9f333829cc013d11000098136816.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms" 3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\4214a1333829cc013e11000098136816.$$_ime_imejp10_dicts_281006c600450618.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_dicts_281006c600450618.cdf-ms" 4: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\02e9a2333829cc013f11000098136816.$$_ime_imejp10_help_280ffde19e779392.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_help_280ffde19e779392.cdf-ms" 5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c281ae333829cc014011000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms" 6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\b23cb3333829cc014111000098136816.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms" 7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\5234b7333829cc014211000098136816.$$_system32_ime_imejp10_aead4918eed09977.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_aead4918eed09977.cdf-ms" 8: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\Pend 2011-06-12 21:37:44, Info CSI ingRenames\62ccb9333829cc014311000098136816.$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms" 9: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{2bb19ac6-a2ac-d945-b1a6-321233838362}", Type = REG_SZ (1), Data = {l:110 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00640068006300700063007300760063002e0064006c006c002c00440068006300700043006c00690065006e0074005f00470065006e006500720061006c0069007a0065000000} POQ 42 ends. 2011-06-12 21:37:44, Info CSI 000000bb [SR] Verify complete 2011-06-12 21:37:45, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:45, Info CSI 000000bd [SR] Beginning Verify and Repair transaction 2011-06-12 21:37:51, Info CSI 000000be Repair results created: POQ 43 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\422a32373829cc01a811000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\729f32373829cc01a911000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\925e35373829cc01aa11000098136816.$$_digitallocker_c114c0cb179413b0.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_c114c0cb179413b0.cdf-ms" POQ 43 ends. 2011-06-12 21:37:51, Info CSI 000000bf [SR] Verify complete 2011-06-12 21:37:52, Info CSI 000000c0 [SR] Verifying 100 (0x00000064) components 2011-06-12 21:37:52, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction 2011-06-12 21:38:01, Info CSI 000000c2 Repair results created: POQ 44 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\02b54b3c3829cc010f12000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\42514c3c3829cc011012000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\42c24e3c3829cc011112000098136816.$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms" 3: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\5271623c3829cc011212000098136816.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms" 4: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\52e2643c3829cc011312000098136816.$$_ehome_mcx_022df17cf4546600.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_022df17cf4546600.cdf-ms" 5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\72a1673c3829cc011412000098136816.$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms" 6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d261ec3c3829cc011512000098136816.$$_prefetch_1688e4e8b2f89473.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms" 7: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\0248ef3c3829cc011612000098136816.$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms" 8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\2296ef3c3 2011-06-12 21:38:01, Info CSI 829cc011712000098136816.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms" 9: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\12e0f13c3829cc011812000098136816.$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms" 10: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\2278f43c3829cc011912000098136816.$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms" 11: Set File Information: File = [l:66{33}]"\??\C:\Windows\prefetch\ReadyBoot", Attributes = 00000080 12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{f3dc2c88-655a-a077-d0e0-b8404
  • Heb je eerder misschien een tweaktool gebruikt, zoals TuneUp Utilities?
  • Dat kon maar zo eens zijn. Is al wel een tijd geleden; besturingssysteem is niet opnieuw geinstalleerd na aflevering leverancier --> BTO.
  • Heb je er overigens al eens aan gedacht Windows 7 erin te zetten? Doe het volgende: [b:0fa2855888]Welk programma[/b:0fa2855888]: RSIT [b:0fa2855888]Waarvoor/waarom[/b:0fa2855888]: geeft een zeer uitgebreid overzicht van Windows [b:0fa2855888]Moeilijkheidsgraad[/b:0fa2855888]: geen [b:0fa2855888]Downloadlokatie[/b:0fa2855888]: Dit programma absoluut naar het bureaublad downloaden! [b:0fa2855888]Download RSIT[/b:0fa2855888] [url=http://images.malwareremoval.com/random/RSIT.exe][b:0fa2855888]hier[/b:0fa2855888][/url][/list] [b:0fa2855888]Het gebruik van RSIT,[/b:0fa2855888] [list:0fa2855888][*:0fa2855888]Windows 2000 en Windows XP: start RSIT middels dubbelklik op de snelkoppeling. [*:0fa2855888]Windows Vista en Windows 7: start RSIT middels rechtsklik op de snelkoppeling en kies dan voor "Uitvoeren als administrator".[/list:u:0fa2855888] [b:0fa2855888]Nadat de scan beëindigd is, zullen twee logs openen.[/b:0fa2855888] [list:0fa2855888][*:0fa2855888] Post vervolgens de inhoud van 'log.txt' ('log.txt' zal gemaximaliseerd zijn) [*:0fa2855888] Post ook 'info.txt' ('info.txt', dit log zal eerst geminimaliseerd zijn in de Taakbalk) [*:0fa2855888] Indien je [b:0fa2855888]info.txt[/b:0fa2855888] niet vindt, kijk dan in C:\ er naar.[/list:u:0fa2855888] [b:0fa2855888]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt nog het volgende:[/b:0fa2855888] [list:0fa2855888][*:0fa2855888]RSIT dient dan namelijk in 'compatibiliteitsmodus' uitgevoerd te worden. [*:0fa2855888] Middels rechtsklik op 'RSIT.exe' kies je voor 'Eigenschappen', [*:0fa2855888] klik nu op de tab 'Compatibiliteit'. [*:0fa2855888] Vink 'Dit programma uitvoeren in compatibiliteitsmodus' aan en kies vervolgens voor 'Windows XP Service Pack 3'[/list:u:0fa2855888] RSIT produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.
  • @ Windows 7: ik weet niet of deze laptop geschikt is voor Win 7 (zie onderschrift) misschien uitbreiden tot 4 Gb geheugen? Zo ja, dan ga ik Win 7 installeren! Hieronder de logs: Logfile of random's system information tool 1.08 (written by random/random) Run by Jos at 2011-06-13 00:17:10 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 42 GB (44%) free of 95 GB Total RAM: 2045 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:17:28, on 13-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Jos\Bureaublad\RSIT.exe C:\Program Files\trend micro\Jos.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?t=0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe -- End of file - 4170 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-22 305328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-08 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-22 305328] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "AutoSizer"=C:\Program Files\AutoSizer\AutoSizer.exe [2008-11-16 131072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote] C:\Program Files\LifeView MVP\RemoteControl.exe [2006-07-20 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-07 585728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2007-01-13 7766016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\Windows\system32\NvMcTray.dll [2007-01-13 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] C:\Windows\system32\nvsvc.dll [2007-01-13 90191] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2006-12-29 4317184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] C:\Windows\vsnp2std.exe [2006-09-15 675840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-27 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe [2010-11-29 39200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoInstrumentation"=1 "BindDirectlyToPropertySetStorage"=0 "NoDriveTypeAutoRun"=255 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-06-13 00:17:10 ----D---- C:\rsit 2011-06-12 17:48:01 ----A---- C:\TDSSKiller.2.5.4.0_12.06.2011_17.48.01_log.txt 2011-06-12 16:59:01 ----SHD---- C:\$RECYCLE.BIN 2011-06-12 16:58:57 ----A---- C:\ComboFix.txt 2011-06-12 16:44:31 ----A---- C:\Windows\zip.exe 2011-06-12 16:44:31 ----A---- C:\Windows\SWSC.exe 2011-06-12 16:44:31 ----A---- C:\Windows\SWREG.exe 2011-06-12 16:44:31 ----A---- C:\Windows\sed.exe 2011-06-12 16:44:31 ----A---- C:\Windows\PEV.exe 2011-06-12 16:44:31 ----A---- C:\Windows\NIRCMD.exe 2011-06-12 16:44:31 ----A---- C:\Windows\MBR.exe 2011-06-12 16:44:31 ----A---- C:\Windows\grep.exe 2011-06-12 16:44:25 ----D---- C:\Windows\ERDNT 2011-06-12 16:44:24 ----D---- C:\ComboFix 2011-06-12 16:44:21 ----D---- C:\Qoobox 2011-06-08 21:25:49 ----D---- C:\Program Files\Common Files\Java 2011-06-08 21:25:22 ----A---- C:\Windows\system32\javaws.exe 2011-06-08 21:25:22 ----A---- C:\Windows\system32\javaw.exe 2011-06-08 21:25:22 ----A---- C:\Windows\system32\java.exe ======List of files/folders modified in the last 1 months====== 2011-06-13 00:17:28 ----D---- C:\Program Files\Trend Micro 2011-06-13 00:17:23 ----D---- C:\Windows\Prefetch 2011-06-13 00:17:18 ----D---- C:\Windows\temp 2011-06-12 23:41:44 ----D---- C:\Windows\system32\LogFiles 2011-06-12 17:48:01 ----D---- C:\Windows\system32\drivers 2011-06-12 16:55:18 ----D---- C:\Windows 2011-06-12 16:55:18 ----A---- C:\Windows\system.ini 2011-06-12 16:55:11 ----D---- C:\Windows\system32\drivers\etc 2011-06-12 16:54:19 ----D---- C:\ProgramData 2011-06-12 16:52:00 ----D---- C:\Windows\System32 2011-06-12 16:52:00 ----D---- C:\Windows\AppPatch 2011-06-12 16:51:58 ----D---- C:\Program Files\Common Files 2011-06-12 14:06:26 ----SHD---- C:\System Volume Information 2011-06-12 13:33:25 ----D---- C:\Windows\inf 2011-06-12 13:33:25 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-06-11 06:33:07 ----D---- C:\perflogs 2011-06-08 21:25:50 ----SHD---- C:\Windows\Installer 2011-06-08 21:25:50 ----D---- C:\Config.Msi 2011-06-08 21:25:04 ----A---- C:\Windows\system32\deployJava1.dll 2011-06-06 22:40:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-05-29 08:39:36 ----D---- C:\Windows\Debug 2011-05-27 17:21:40 ----D---- C:\Program Files\Argente - Registry Cleaner 2011-05-27 13:38:59 ----D---- C:\Windows\Logs 2011-05-27 13:28:55 ----D---- C:\Program Files\CCleaner 2011-05-27 13:28:45 ----D---- C:\Program Files\Google 2011-05-25 00:21:41 ----RD---- C:\Program Files 2011-05-21 08:51:49 ----D---- C:\Windows\system32\catroot2 2011-05-21 08:50:50 ----D---- C:\Boot 2011-05-21 08:49:12 ----D---- C:\Windows\system32\config ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240] R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2009-09-08 20392] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-10-02 482176] R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-26 62208] R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-26 42240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456] R3 Ktp;Elantech Touchpad; C:\Windows\system32\DRIVERS\Ktp.sys [2006-11-18 27776] R3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] R3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-13 4452288] R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-06-23 259176] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-11-16 12007040] R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624] R3 TridVid;Trident Analog plus Digital Video; C:\Windows\system32\DRIVERS\TridVid.sys [2007-11-28 159104] S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-02-22 140680] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 catchme;catchme; \??\C:\Users\Jos\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] S3 mbr;mbr; \??\C:\ComboFix\mbr.sys [] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys [] S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Jos\Documents\RealTemp_340[1]\WinRing0.sys [2010-01-29 14416] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680] R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-01-10 399416] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176] S3 AppHostSvc;Hulpservice voor toepassingshost; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-06 182768] S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568] S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-01-10 993848] S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-06 9216] S4 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe [] S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2011-06-13 00:17:32 ======Uninstall list====== Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1 Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -maintain plugin Adobe Reader X (10.0.1) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA0000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Argente - Registry Cleaner 2.0.0.5-->"C:\Program Files\Argente - Registry Cleaner\unins000.exe" Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{A52689B5-2973-49C6-A53C-9CC156234BCF} AutoSizer-->"C:\Program Files\AutoSizer\Uninst.exe" C:\Program Files\AutoSizer\Uninst.ini avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_B12CA2CBE40DD1A2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HTC BMP USB Driver-->MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752} HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F} HTC Sync-->MsiExec.exe /I{5645FB61-898F-4F59-AF80-52FEF3D63A64} Inst5657-->MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123} Integrated camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe" -l0x13 -removeonly -u Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} KhalInstallWrapper-->MsiExec.exe /I{8941FD14-1E06-4AAB-8DDC-E3177D79DF23} Malwarebytes' Anti-Malware versie 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft .NET Framework 4 Extended NLD Language Pack-->MsiExec.exe /X{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702} Microsoft Fix it Center-->MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox 4.0.1 (x86 en-GB)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44} MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OpenOffice.org 3.3-->MsiExec.exe /I{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Secunia PSI (2.0.0.3001)-->"C:\Program Files\Secunia\PSI\uninstall.exe" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP Taalpakket voor Microsoft .NET Framework 4 Extended - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ExtendedLP Teletekstbrowser versie 3.4-->"C:\Program Files\Teletekstbrowser\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows-stuurprogrammapakket - Animation Technologies Inc. (TridVid) Media (03/01/2007 1.287.3.20)-->C:\PROGRA~1\DIFX\5CB9FB8DDF2BE943\DPInst.exe /d /u C:\Windows\System32\DriverStore\FileRepository\animation.inf_0a6b7773\animation.inf ======Security center information====== AS: Lavasoft Ad-Watch Live! AS: Windows Defender AS: SUPERAntiSpyware (disabled) ======System event log====== Computer Name: PC_van_Jos Event Code: 5005 Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden. Record Number: 708627 Source Name: NETw4v32 Time Written: 20110516013806.688000-000 Event Type: Fout User: Computer Name: PC_van_Jos Event Code: 5005 Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden. Record Number: 708626 Source Name: NETw4v32 Time Written: 20110516013804.688000-000 Event Type: Fout User: Computer Name: PC_van_Jos Event Code: 5005 Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden. Record Number: 708625 Source Name: NETw4v32 Time Written: 20110516013804.688000-000 Event Type: Fout User: Computer Name: PC_van_Jos Event Code: 5005 Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden. Record Number: 708624 Source Name: NETw4v32 Time Written: 20110516013802.688000-000 Event Type: Fout User: Computer Name: PC_van_Jos Event Code: 5005 Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden. Record Number: 708623 Source Name: NETw4v32 Time Written: 20110516013802.688000-000 Event Type: Fout User: =====Application event log===== Computer Name: PC_van_Jos Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 13727 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090107132859.000000-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Jos Event Code: 901 Message: De Software Licensing-service wordt gestopt. Record Number: 13726 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090107125856.000000-000 Event Type: Informatie User: Computer Name: PC_van_Jos Event Code: 1532 Message: De User Profile-service is gestopt. Record Number: 13725 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090107125856.000000-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Jos Event Code: 1530 Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2554491475-2388841559-3016712956-1000_Classes: Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES Record Number: 13724 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090107125856.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Jos Event Code: 1530 Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 60 user registry handles leaked from \Registry\User\S-1-5-21-2554491475-2388841559-3016712956-1000: Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000 Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global Record Number: 13723 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090107125855.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM =====Security event log===== Computer Name: PC_van_Jos Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOS$ Accountdomein: JATHUIS2 Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x280 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 88317 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100516093638.074975-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Jos Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOS$ Accountdomein: JATHUIS2 Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x280 Procesnaam: C:\Windows\System32\services.exe Netwerkgegevens: Netwerkadres: - Poort: - Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 88316 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100516093638.074975-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Jos Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 88315 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100516093619.539975-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Jos Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOS$ Accountdomein: JATHUIS2 Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x280 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 88314 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100516093619.539975-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Jos Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOS$ Accountdomein: JATHUIS2 Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x280 Procesnaam: C:\Windows\System32\services.exe Netwerkgegevens: Netwerkadres: - Poort: - Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 88313 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100516093619.539975-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Softex\OmniPass;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 5, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f05 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "DEVMGR_SHOW_DETAILS"=1 "DEVMGR_SHOW_NONPRESENT_DEVICES"=1 "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------
  • Hallo Jos, ik ben bang, dat de Iolo registry cleaner iets te veel heeft verwijderd, omdat het nu eenmaal het register wil opschonen. Ook vertraagd dit tool het opstarten! Advies: uit Wndows verwijderen! Vervolgens hebben we ComboFix weer nodig: open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d9e9c0ca10]Kladblok[/b:d9e9c0ca10]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:d9e9c0ca10][color=Blue:d9e9c0ca10]File:: c:\windows\mbr.exe [/color:d9e9c0ca10][/b:d9e9c0ca10] Sla dit kladblokbestand op je bureaublad op als [b:d9e9c0ca10]CFScript.txt[/b:d9e9c0ca10]. [b:d9e9c0ca10][color=Red:d9e9c0ca10]Nu eerst de antivirus deaktiveren![/color:d9e9c0ca10][/b:d9e9c0ca10] Sleep CFScript.txt in ComboFix.exe [img:d9e9c0ca10]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:d9e9c0ca10] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Het kladblokbestand is niet te vinden; Wordpad wel maar wordt dan door OpenOffice "overgenomen". Ik krijg dan de volgende tekst: {\rtf1\ansi\ansicpg1252\deff0\deflang1043{\fonttbl{\f0\froman\fcharset0 Times New Roman;}{\f1\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs24 File:: \line c:\\windows\\mbr.exe \par \f1\fs20\par } # Wat een geklungel is dit zeg!! Ik ga deze week Win 7 aanschaffen en installeren; nog even mijn back-up bijwerken en dan alles formateren. Wat mij betreft hoef je in dit topic geen energie meer te steken omdat het besturingssysteem er toch af gaat. Dank voor je adviezen en de tip over Windows 7!!!!!!!
  • Ik had al het idee dat Notepad om de een of andere reden uit je systeem verdwenen is. Om de een of andere reden wordt mijn e-maildadres niet meer getoond in mijn Profiel! Dus stuur mij dan maar een PB met jouw e-mailadres, dan zal ik in gezipte vorm jouw Notepad toesturen, welk jij dan na uitpakken in C:Windows\System32 plaatst!
  • PB gestuurd met mijn e-mailadres. Graag je reactie op onderstaande opmerkingen: Ik ga deze week Win 7 aanschaffen en installeren; nog even mijn back-up bijwerken en dan alles formateren. Wat mij betreft hoef je in dit topic geen energie meer te steken omdat het besturingssysteem er toch af gaat. Dank voor je adviezen en de tip over Windows 7!!!!!!!
  • Heb je al gekeken of BTO de drivers voor jouw notebook nog heeft? En welke Windows 7 neem jij, de 32- of de 64-bit versie?
  • Als de laptop het ondersteunt de 64-bit versie zoniet dan de 32-bit versie. Ik heb van BTO het besturingssysteem ontvangen op CD en tevens een aparte CD met de drivers, TPM, enz. bestanden(nadat ik hier om gevraagd had bij mijn bestelling). :P
  • Staan er op die CD dan ook Vista 64-bit drivers?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.