Vraag & Antwoord

Beveiliging & privacy

Windows 7 -> Harde schijf blijft maar ratelen

4 antwoorden
  • Hallo, Sinds enkele dagen (weken?) is mijn laptop traag geworden, en ik merk dat de harde schijf continue actief is. Indexeren staat uit, dus daar kan het niet aan liggen. Heeft iemand een idee? Ik heb de volgende programma's laten lopen: MBAM, DDS en GMER. Logjes staan hieronder. Alvast bedankt ! *************** MBAM *************** Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.04.05.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [administrator] 5-4-2012 19:07:24 mbam-log-2012-04-05 (19-07-24).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 206596 Verstreken tijd: 24 minuut/minuten, 42 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) ************ DDS *************** DDS (Ver_09-12-01.01) - NTFSx86 Run by Jan at 6:58:24,19 on vr 06-04-2012 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3070.1657 [GMT 2:00] SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\Windows\Explorer.EXE c:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Allway Sync\Bin\SyncService.exe c:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\dllhost.exe C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\xampp\apache\bin\apache.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\dllhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\msdtc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\3aoxtd86.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://www.google.be/ uSearch Bar = uInternet Settings,ProxyOverride = *.local mSearchAssistant = uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [AdobeBridge] uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) mPolicies-system: UseOEMBackground = 0 (0x0) mPolicies-system: DisplayLastLogonInfo = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: &Verzenden naar OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF-bestand - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Openen in PDF Professional 6 - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Openen met Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_dut.dll /100 IE: PDF-bestand maken - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestand maken van koppelingsinhoud - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestanden maken van geselecteerde koppelingen - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Toevoegen aan bestaand PDF-bestand - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\jan\appdata\roaming\mozilla\firefox\profiles\3aoxtd86.default\ FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll ============= SERVICES / DRIVERS =============== R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-1-14 63104] R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-1-14 25216] R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-1-16 609984] R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [2011-8-25 453752] R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-9-14 77696] R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-19 126144] R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2011-11-19 84544] R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-3-1 74832] R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-12-6 90704] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-1-14 81920] R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-11-19 3450832] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-1-14 176128] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-6-14 17408] R2 BotkindSyncService;Botkind Service;c:\program files\allway sync\bin\syncservice.exe service --> c:\program files\allway sync\bin\SyncService.exe service [?] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2009-7-13 35840] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-8-25 134944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-14 1153368] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-12-14 5120] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168] R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-11-10 5890144] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-2-8 50128] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-12-15 37632] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-11-19 234752] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-1-14 5586432] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-1-14 209920] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-7-15 240184] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-7-15 446696] R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-3-5 516152] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 59904] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-14 257568] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-1-14 30392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-24 136176] S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-24 136176] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 reparse;reparse;c:\windows\system32\drivers\cbreparse.sys [2011-8-25 440832] S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-7-22 307544] S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-7-19 82736] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-21 1343400] S4 COSService.exe;Comodo Online Storage Service;c:\program files\comodo\comodo backup\COSService.exe [2011-6-2 579888] S4 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2011-6-2 1359664] =============== Created Last 30 ================ 2012-04-04 19:23:53 0 d-----w- c:\windows\Downloaded Program Files 2012-03-31 14:17:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-31 14:08:39 0 d-----w- c:\program files\iPod 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-14 21:48:03 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 21:48:02 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 06:32:52 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 06:32:50 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 06:32:17 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 06:32:17 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 06:32:17 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 06:32:15 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 06:32:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 06:32:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-11 08:39:09 0 d-----w- c:\program files\iTunes 2012-03-10 14:16:35 0 d-----w- c:\programdata\Freemake ==================== Find3M ==================== 2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-08 17:08:01 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2012-02-08 17:07:54 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-02-08 17:07:38 609984 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-02-08 17:07:29 446696 ----a-w- c:\windows\system32\drivers\avckf.sys 2010-11-16 11:49:24 148195 ----a-w- c:\program files\common files\BookViewer.xap 2010-06-27 01:49:20 330400 ----a-w- c:\program files\common files\MediaOrganizer.dll 2010-06-27 01:45:16 31392 ----a-w- c:\program files\common files\FlickrProvider.dll 2010-06-27 01:45:02 401056 ----a-w- c:\program files\common files\facebook.dll 2010-06-27 01:45:00 128672 ----a-w- c:\program files\common files\PluginCommon.dll 2010-06-27 01:44:44 463520 ----a-w- c:\program files\common files\AppFramework.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-10-23 07:21:38 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-10-23 10:01:37 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-10-23 10:01:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2010-10-23 10:01:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2010-10-23 10:01:37 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2011-06-04 15:08:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2010-08-14 11:25:12 262144 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-10-23 07:21:37 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-10-23 07:21:37 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-10-23 07:21:37 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2010-08-14 11:25:12 262144 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe ============= FINISH: 6:59:45,67 =============== **********GMER ***************** GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-06 06:57:29 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006f WDC_WD50 rev.02.0 Running: gmer.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys ---- System - GMER 1.0.15 ---- SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8BCC4000 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 8304E3D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83087D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92613000, 0x2FBAB4, 0xE8000020] .text msvcrt.dll!_lock + 29 773AA472 5 Bytes [E9, 5A, C1, 96, FC] {JMP 0xfffffffffc96c15f} .text msvcrt.dll!__p__fmode 773B27CE 5 Bytes [E9, 1E, F7, 95, FC] {JMP 0xfffffffffc95f723} .text msvcrt.dll!__p__environ 773BE6CF 5 Bytes [E9, 8D, 37, 95, FC] {JMP 0xfffffffffc953792} .text kernel32.dll!GetStartupInfoA 75A41E10 5 Bytes [E9, 8C, 02, 2D, FE] {JMP 0xfffffffffe2d0291} .text kernel32.dll!CreateProcessA 75A42082 5 Bytes [E9, EA, 0B, 2D, FE] {JMP 0xfffffffffe2d0bef} .text kernel32.dll!CopyFileExW 75A7B238 5 Bytes [E9, 64, 65, 29, FE] {JMP 0xfffffffffe296569} .text kernel32.dll!CreateToolhelp32Snapshot 75A7FCE1 5 Bytes [E9, BB, 2C, 29, FE] {JMP 0xfffffffffe292cc0} .text kernel32.dll!Process32NextW 75A8007A 5 Bytes [E9, 62, 61, 29, FE] {JMP 0xfffffffffe296167} .text kernel32.dll!MoveFileWithProgressW 75A88D8C 5 Bytes [E9, 50, 8C, 28, FE] {JMP 0xfffffffffe288c55} .text kernel32.dll!LoadLibraryA 75A8DC65 5 Bytes [E9, 17, 4C, 28, FE] {JMP 0xfffffffffe284c1c} .text kernel32.dll!CreateProcessInternalW 75A907A2 5 Bytes [E9, 6A, 2A, 28, FE] {JMP 0xfffffffffe282a6f} .text kernel32.dll!ReadConsoleW 75AA26BE 5 Bytes [E9, 5E, 22, 27, FE] {JMP 0xfffffffffe272263} .text kernel32.dll!WinExec 75ACEDB2 5 Bytes [E9, 9A, 3D, 24, FE] {JMP 0xfffffffffe243d9f} .text kernel32.dll!ReadConsoleA 75AEC938 5 Bytes [E9, C4, 7E, 22, FE] {JMP 0xfffffffffe227ec9} .text kernel32.dll!ReadConsoleInputA 75AED05F 5 Bytes [E9, 5D, 75, 22, FE] {JMP 0xfffffffffe227562} .text kernel32.dll!ReadConsoleInputW 75AED082 5 Bytes [E9, 5A, 76, 22, FE] {JMP 0xfffffffffe22765f} .text user32.dll!FindWindowExA 75876F69 5 Bytes [E9, 33, F0, 49, FE] {JMP 0xfffffffffe49f038} .text user32.dll!FindWindowA 75878FF3 5 Bytes [E9, 19, CF, 49, FE] {JMP 0xfffffffffe49cf1e} .text user32.dll!CallNextHookEx 7587ABE1 5 Bytes [E9, EB, 9E, 49, FE] {JMP 0xfffffffffe499ef0} .text user32.dll!UnhookWindowsHookEx 7587ADF9 5 Bytes [E9, 63, 9D, 49, FE] {JMP 0xfffffffffe499d68} .text user32.dll!FindWindowW 7587AE0D 5 Bytes [E9, 1F, B2, 49, FE] {JMP 0xfffffffffe49b224} .text user32.dll!PostMessageA 7587B446 5 Bytes [E9, D6, AF, 49, FE] {JMP 0xfffffffffe49afdb} .text user32.dll!CreateWindowExA 7587BF40 5 Bytes [E9, 5C, 97, 49, FE] {JMP 0xfffffffffe499761} .text user32.dll!SetWindowsHookExW 7587E30C 5 Bytes [E9, 10, 4B, 49, FE] {JMP 0xfffffffffe494b15} .text user32.dll!CreateWindowExW 7587EC7C 5 Bytes [E9, 90, 69, 49, FE] {JMP 0xfffffffffe496995} .text user32.dll!ShowWindow 7587F2A9 5 Bytes [E9, 83, 64, 49, FE] {JMP 0xfffffffffe496488} .text user32.dll!GetMessageA 75881899 5 Bytes [E9, 53, 2A, 49, FE] {JMP 0xfffffffffe492a58} .text user32.dll!PeekMessageA 758819A5 5 Bytes [E9, 67, 2A, 49, FE] {JMP 0xfffffffffe492a6c} .text user32.dll!PostMessageW 7588447B 5 Bytes [E9, 31, 20, 49, FE] {JMP 0xfffffffffe492036} .text user32.dll!SetWindowTextW 7588612B 5 Bytes [E9, 61, F9, 48, FE] {JMP 0xfffffffffe48f966} .text user32.dll!PeekMessageW 7588634A 5 Bytes [E9, 52, E1, 48, FE] {JMP 0xfffffffffe48e157} .text user32.dll!GetMessageW 7588CDE8 5 Bytes [E9, 94, 75, 48, FE] {JMP 0xfffffffffe487599} .text user32.dll!UserClientDllInitialize 7588D711 5 Bytes [E9, 4B, 8F, 48, FE] {JMP 0xfffffffffe488f50} .text user32.dll!SetWindowTextA 758A0C5B 5 Bytes [E9, A1, 4D, 47, FE] {JMP 0xfffffffffe474da6} .text user32.dll!DialogBoxIndirectParamAorW 758A3B40 5 Bytes [E9, 0C, 1D, 47, FE] {JMP 0xfffffffffe471d11} .text user32.dll!CreateDialogIndirectParamAorW 758A5327 5 Bytes [E9, 95, 04, 47, FE] {JMP 0xfffffffffe47049a} .text user32.dll!SetWindowsHookExA 758A6D0C 5 Bytes [E9, 80, C0, 46, FE] {JMP 0xfffffffffe46c085} .text user32.dll!FindWindowExW 758A712B 5 Bytes [E9, 91, EF, 46, FE] {JMP 0xfffffffffe46ef96} .text user32.dll!MessageBoxExA 758CE9C9 5 Bytes [E9, 13, 6F, 44, FE] {JMP 0xfffffffffe446f18} .text user32.dll!MessageBoxExW 758CE9ED 5 Bytes [E9, 7F, 6F, 44, FE] {JMP 0xfffffffffe446f84} .text advapi32.dll!OpenServiceW 7570CA4C 5 Bytes [E9, E0, 71, 60, FE] {JMP 0xfffffffffe6071e5} .text advapi32.dll!OpenServiceA 75712BF0 5 Bytes [E9, AC, 0F, 60, FE] {JMP 0xfffffffffe600fb1} .text advapi32.dll!CloseServiceHandle 7571369C 5 Bytes [E9, 80, 09, 60, FE] {JMP 0xfffffffffe600985} .text advapi32.dll!RegOpenKeyExA + DE 757149E5 5 Bytes [E9, 57, 1B, 60, FE] {JMP 0xfffffffffe601b5c} .text advapi32.dll!CreateServiceW 7572712C 5 Bytes [E9, 30, D1, 5E, FE] {JMP 0xfffffffffe5ed135} .text advapi32.dll!ControlService 75727144 5 Bytes [E9, 98, CC, 5E, FE] {JMP 0xfffffffffe5ecc9d} .text advapi32.dll!DeleteService 7572715C 5 Bytes [E9, 10, CD, 5E, FE] {JMP 0xfffffffffe5ecd15} .text advapi32.dll!ChangeServiceConfigA 757430E8 5 Bytes [E9, 14, 0E, 5D, FE] {JMP 0xfffffffffe5d0e19} .text advapi32.dll!ChangeServiceConfigW 757430F8 5 Bytes [E9, 94, 0E, 5D, FE] {JMP 0xfffffffffe5d0e99} .text advapi32.dll!ControlServiceExA 75743108 5 Bytes [E9, B4, 0B, 5D, FE] {JMP 0xfffffffffe5d0bb9} .text advapi32.dll!ControlServiceExW 75743118 5 Bytes [E9, 34, 0C, 5D, FE] {JMP 0xfffffffffe5d0c39} .text advapi32.dll!CreateServiceA 75743158 5 Bytes [E9, 74, 10, 5D, FE] {JMP 0xfffffffffe5d1079} .text KernelBase.dll!Sleep 756A1809 5 Bytes [E9, C3, 0E, 67, FE] {JMP 0xfffffffffe670ec8} .text KernelBase.dll!SleepEx 756A1821 5 Bytes [E9, FB, 0C, 67, FE] {JMP 0xfffffffffe670d00} .text KernelBase.dll!CloseHandle 756A6B71 5 Bytes [E9, 9B, CF, 66, FE] {JMP 0xfffffffffe66cfa0} .text KernelBase.dll!GetProcAddress 756A6C81 5 Bytes [E9, DB, BA, 66, FE] {JMP 0xfffffffffe66bae0} .text KernelBase.dll!GetSystemTimeAsFileTime 756A77B5 5 Bytes [E9, 87, A5, 66, FE] {JMP 0xfffffffffe66a58c} .text KernelBase.dll!GetModuleHandleW 756A897B 5 Bytes [E9, 31, 93, 66, FE] {JMP 0xfffffffffe669336} .text KernelBase.dll!GetModuleHandleA 756A8A58 5 Bytes [E9, C4, 91, 66, FE] {JMP 0xfffffffffe6691c9} .text KernelBase.dll!FreeLibrary 756A8A9A 5 Bytes [E9, E2, D3, 66, FE] {JMP 0xfffffffffe66d3e7} .text KernelBase.dll!OpenMutexW 756A8F01 5 Bytes [E9, EB, AA, 66, FE] {JMP 0xfffffffffe66aaf0} .text KernelBase.dll!LoadLibraryExA 756A8FBE 5 Bytes [E9, 9E, CD, 66, FE] {JMP 0xfffffffffe66cda3} .text KernelBase.dll!CreateMutexW 756AAD15 5 Bytes [E9, 67, 8D, 66, FE] {JMP 0xfffffffffe668d6c} .text KernelBase.dll!LoadLibraryExW 756AB4C8 5 Bytes [E9, 24, A9, 66, FE] {JMP 0xfffffffffe66a929} .text KernelBase.dll!GetStartupInfoW 756B1AD7 5 Bytes [E9, 55, 06, 66, FE] {JMP 0xfffffffffe66065a} .text KernelBase.dll!WriteProcessMemory 756C44CF 5 Bytes [E9, 2D, F1, 64, FE] {JMP 0xfffffffffe64f132} .text KernelBase.dll!ExitProcess 756D378E 5 Bytes [E9, AE, EE, 63, FE] {JMP 0xfffffffffe63eeb3} .text KernelBase.dll!CreateThread 756D3EAA 5 Bytes [E9, C2, F6, 63, FE] {JMP 0xfffffffffe63f6c7} .text KernelBase.dll!CreateRemoteThread 756D3ED3 5 Bytes [E9, D9, EF, 63, FE] {JMP 0xfffffffffe63efde} .text KernelBase.dll!CreateFileA 756D62D1 5 Bytes [E9, 5B, C7, 63, FE] {JMP 0xfffffffffe63c760} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtClose + 5 772A54CD 5 Bytes JMP 73D16271 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateFile + 5 772A55CD 5 Bytes JMP 73D121C1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateProcess + 5 772A569D 5 Bytes JMP 73D13061 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateProcessEx + 5 772A56AD 5 Bytes JMP 73D130F1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateThread + 5 772A571D 5 Bytes JMP 73D12FD1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateThreadEx + 5 772A572D 5 Bytes JMP 73D12F41 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtDuplicateObject + 5 772A589D 5 Bytes JMP 73D134E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtMapViewOfSection + 5 772A5C2D 5 Bytes JMP 73D115F1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtOpenProcess + 5 772A5D8D 5 Bytes JMP 73D133C1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtQueueApcThread + 5 772A627D 5 Bytes JMP 73D13451 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtRaiseHardError + 5 772A62AD 5 Bytes JMP 73D149B1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetContextThread + 5 772A656D 5 Bytes JMP 73D13331 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetInformationProcess + 5 772A667D 5 Bytes JMP 73D15CD1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetValueKey + 5 772A680D 5 Bytes JMP 73D125B1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtTerminateProcess + 5 772A68CD 5 Bytes JMP 73D15C41 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtUnmapViewOfSection + 5 772A69BD 5 Bytes JMP 73D11681 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtVdmControl + 5 772A69CD 5 Bytes JMP 73D16301 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtWriteVirtualMemory + 5 772A6A9D 5 Bytes JMP 73D132A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlQueryPerformanceCounter 772B30CF 5 Bytes JMP 73D11DD1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlCreateProcessParametersEx 772C6EB9 5 Bytes JMP 73D122E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlReportException 77305F99 5 Bytes JMP 73D14A41 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlCreateProcessParameters 773098E2 5 Bytes JMP 73D12251 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!GetStartupInfoA 75A41E10 5 Bytes JMP 73D120A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateProcessA 75A42082 5 Bytes JMP 73D12C71 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CopyFileExW 75A7B238 5 Bytes JMP 73D117A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateToolhelp32Snapshot 75A7FCE1 5 Bytes JMP 73D129A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!Process32NextW 75A8007A 5 Bytes JMP 73D161E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!MoveFileWithProgressW 75A88D8C 5 Bytes JMP 73D119E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!LoadLibraryA 75A8DC65 5 Bytes JMP 73D12881 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateProcessInternalW 75A907A2 5 Bytes JMP 73D13211 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleW 75AA26BE 5 Bytes JMP 73D14921 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!WinExec 75ACEDB2 5 Bytes JMP 73D12B51 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleA 75AEC938 5 Bytes JMP 73D14801 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleInputA 75AED05F 5 Bytes JMP 73D145C1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleInputW 75AED082 5 Bytes JMP 73D146E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!_lock + 29 773AA472 5 Bytes JMP 73D164B1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!__p__fmode 773B27CE 5 Bytes JMP 73D11EF1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!__p__environ 773BE6CF 5 Bytes JMP 73D11E61 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowExA 75876F69 5 Bytes JMP 73D15FA1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowA 75878FF3 5 Bytes JMP 73D15F11 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CallNextHookEx 7587ABE1 5 Bytes JMP 73D14AD1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!UnhookWindowsHookEx 7587ADF9 5 Bytes JMP 73D14B61 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowW 7587AE0D 5 Bytes JMP 73D16031 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PostMessageA 7587B446 5 Bytes JMP 73D16391 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateWindowExA 7587BF40 5 Bytes JMP 73D156A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowsHookExW 7587E30C 5 Bytes JMP 73D12E21 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateWindowExW 7587EC7C 5 Bytes JMP 73D15611 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!ShowWindow 7587F2A9 5 Bytes JMP 73D15731 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!GetMessageA 75881899 5 Bytes JMP 73D142F1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PeekMessageA 758819A5 5 Bytes JMP 73D14411 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PostMessageW 7588447B 5 Bytes JMP 73D16421 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowTextW 7588612B 5 Bytes JMP 73D15A91 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PeekMessageW 7588634A 5 Bytes JMP 73D144A1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!GetMessageW 7588CDE8 5 Bytes JMP 73D14381 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!UserClientDllInitialize 7588D711 5 Bytes JMP 73D16541 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowTextA 758A0C5B 5 Bytes JMP 73D15A01 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!DialogBoxIndirectParamAorW 758A3B40 5 Bytes JMP 73D15851 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateDialogIndirectParamAorW 758A5327 5 Bytes JMP 73D157C1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowsHookExA 758A6D0C 5 Bytes JMP 73D12D91 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowExW 758A712B 5 Bytes JMP 73D160C1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!MessageBoxExA 758CE9C9 5 Bytes JMP 73D158E1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!MessageBoxExW 758CE9ED 5 Bytes JMP 73D15971 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!OpenServiceW 7570CA4C 5 Bytes JMP 73D13C31 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!OpenServiceA 75712BF0 5 Bytes JMP 73D13BA1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CloseServiceHandle 7571369C 5 Bytes JMP 73D14021 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!RegOpenKeyExA + DE 757149E5 5 Bytes JMP 73D165D1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CreateServiceW 7572712C 5 Bytes JMP 73D14261 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlService 75727144 5 Bytes JMP 73D13DE1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!DeleteService 7572715C 5 Bytes JMP 73D13E71 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 757430E8 5 Bytes JMP 73D13F01 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 757430F8 5 Bytes JMP 73D13F91 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlServiceExA 75743108 5 Bytes JMP 73D13CC1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlServiceExW 75743118 5 Bytes JMP 73D13D51 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CreateServiceA 75743158 5 Bytes JMP 73D141D1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] SHELL32.dll!Shell_NotifyIconW 766101A9 5 Bytes JMP 73D14BF1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] SHELL32.dll!SHRestricted + 251E 766715C1 5 Bytes JMP 73D166F1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WahWriteLSPEvent 7745145D 5 Bytes JMP 73D16811 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!closesocket 77453918 5 Bytes JMP 73D15BB1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASocketW 77453CD3 5 Bytes JMP 73D15B21 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASend 77454406 3 Bytes JMP 73D12401 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASend + 4 7745440A 1 Byte [FC] .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!GetAddrInfoW 77454889 5 Bytes JMP 73D154F1 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!connect 77456BDD 3 Bytes JMP 73D14141 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!connect + 4 77456BE1 1 Byte [FC] .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!send 77456F01 3 Bytes JMP 73D12371 .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!send + 4 77456F05 1 Byte [FC] .text C:\Program Files\ParetoLogic\PCHA\PCH
  • Als ik zo je logs overzie, dan heeft jouw Windows het behoorlijk druk. Mogelijk dat wat jij met je notebook allemaal doet, dat de hardware er niet helemaal op berekend is.... Wat geeft Taakbeheer aan betreffende processen en cpu-gebruik. [b:78c09095b9]Welk programma[/b:78c09095b9]: CrystalDiskInfo [b:78c09095b9]Waarvoor/waarom[/b:78c09095b9]: controle van van SMART-gegevens van de harddisk(s) [b:78c09095b9]Moeilijkheidsgraad[/b:78c09095b9]: geen. [b:78c09095b9]Download CrystalDiskInfo[/b:78c09095b9] [url=http://crystalmark.info/software/CrystalDiskInfo/index-e.html][b:78c09095b9]hier[/b:78c09095b9][/url] [img:78c09095b9]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:78c09095b9] Installeer het tool en start vervolgens CrystalDiskInfo Het tool leest daarop de SMART-gegevens van de aangesloten harddisks. Is de kleur Blauw - dan volledig gezond. Is de kleur Geel - dan zijn er problemen. Is de kleur Rood - dan de HD z.s.m. vervangen. Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
  • Misschien is je harde schijf boos :oops:
  • [quote:b702cf2524="bloody_banana"]Misschien is je harde schijf boos :oops:[/quote:b702cf2524] ????

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.