Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

kan eigenschappen van services en apparaatbeheer niet weerge

Anoniem
None
27 antwoorden
  • Ik kan de eigenschappen in apparaatbeheer en services niet meer weergeven(d.m.v. rechter muisklik of via het menu).
    Het systeem reageert dan niet meer en kan alleen via Taakbeheer de toepassingen sluiten.
    Gisteren kon ik niet internetbankieren via Mijn ING; er bleek een hack te zijn op hun site.
    Ik kon dus niet inloggen; ING "zegt" uit voorzorg de toegang afgesloten te hebben.
    Is dit misschien een gevolg daarvan?

    Reeds uitgevoerd:
      Avast! opstartscan: geen virus gevonden(geen logbestand). Hieronder HijackThis log en MBAM log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:07:41, on 12-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?t=0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe – End of file - 4587 bytes Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6840 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 12-6-2011 15:14:35 mbam-log-2011-06-12 (15-14-35).txt Scantype: Snelle scan Objecten gescand: 144856 Verstreken tijd: 6 minuut/minuten, 14 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Wat te doen?
  • Hoi Jos - alles ziet er goed uit!

    Maar je mag het volgende doen:

    [b:0dee38df4d]Welk programma[/b:0dee38df4d]: ComboFix
    [b:0dee38df4d]Waarvoor/waarom[/b:0dee38df4d]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:0dee38df4d]Moeilijkheidsgraad[/b:0dee38df4d]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:0dee38df4d]Downloadlokatie[/b:0dee38df4d]: Dit programma absoluut naar het bureaublad downloaden!
    [b:0dee38df4d]Download ComboFix via één van deze locaties[/b:0dee38df4d]:
    [list:0dee38df4d][*:0dee38df4d][b:0dee38df4d]Bleepingcomputer[/b:0dee38df4d]
    [*:0dee38df4d][b:0dee38df4d]ForoSpyware[/b:0dee38df4d]
    [*:0dee38df4d][b:0dee38df4d]Geekstogo[/b:0dee38df4d][/list:u:0dee38df4d]
    [b:0dee38df4d]Hier[/b:0dee38df4d] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:0dee38df4d]Hier[/b:0dee38df4d] en [b:0dee38df4d]hier[/b:0dee38df4d] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:0dee38df4d]Voor alle duidelijkheid nogmaals[/b:0dee38df4d]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:0dee38df4d]Opmerkingen[/b:0dee38df4d]:
    [list:0dee38df4d][*:0dee38df4d] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:0dee38df4d]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:0dee38df4d]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:0dee38df4d]
    [b:0dee38df4d]ComboFix is opgestart[/b:0dee38df4d]:
    [list:0dee38df4d][*:0dee38df4d]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:0dee38df4d]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:0dee38df4d]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:0dee38df4d]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:0dee38df4d]Post de inhoud van dit logbestand in je volgende bericht.
    [*:0dee38df4d]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:0dee38df4d]
    [b:0dee38df4d]Belangrijke opmerking[/b:0dee38df4d]:
    [list:0dee38df4d][*:0dee38df4d][b:0dee38df4d]
  • Hieronder het logfile van Combofix:

    ComboFix 11-06-11.01 - Jos 12-06-2011 16:45:40.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.976 [GMT 2:00]
    Gestart vanuit: c:\users\Jos\Bureaublad\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-12 14:55 . 2011-06-12 14:55 ——– d—–w- c:\users\Jos\AppData\Local\temp
    2011-06-10 06:07 . 2011-05-09 20:46 6962000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA5AA56-2079-40C2-90E3-CA70048DC1A3}\mpengine.dll
    2011-06-08 19:25 . 2011-06-08 19:25 ——– d—–w- c:\program files\Common Files\Java
    2011-05-20 10:29 . 2011-06-08 19:30 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-08 19:25 . 2010-07-17 03:28 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-05-29 07:11 . 2010-10-23 14:11 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2010-10-23 14:11 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-10 12:10 . 2011-02-02 16:29 40112 —-a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-02-02 16:29 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-02-02 16:30 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-02-02 16:30 307928 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-02-02 16:30 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2011-02-02 16:30 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-02-02 16:30 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2011-02-02 16:30 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 —-a-w- c:\windows\system32\GPhotos.scr
    2011-03-16 05:41 . 2011-03-16 05:41 161792 —-a-w- c:\windows\system32\msls31.dll
    2011-03-16 05:41 . 2011-03-16 05:41 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-03-16 05:41 . 2011-03-16 05:41 86528 —-a-w- c:\windows\system32\iesysprep.dll
    2011-03-16 05:41 . 2011-03-16 05:41 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-16 05:41 . 2011-03-16 05:41 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-16 05:41 . 2011-03-16 05:41 74752 —-a-w- c:\windows\system32\iesetup.dll
    2011-03-16 05:41 . 2011-03-16 05:41 63488 —-a-w- c:\windows\system32\tdc.ocx
    2011-03-16 05:41 . 2011-03-16 05:41 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-03-16 05:41 . 2011-03-16 05:41 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-16 05:41 . 2011-03-16 05:41 367104 —-a-w- c:\windows\system32\html.iec
    2011-03-16 05:41 . 2011-03-16 05:41 23552 —-a-w- c:\windows\system32\licmgr10.dll
    2011-03-16 05:41 . 2011-03-16 05:41 152064 —-a-w- c:\windows\system32\wextract.exe
    2011-03-16 05:41 . 2011-03-16 05:41 150528 —-a-w- c:\windows\system32\iexpress.exe
    2011-03-16 05:41 . 2011-03-16 05:41 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-03-16 05:41 . 2011-03-16 05:41 35840 —-a-w- c:\windows\system32\imgutil.dll
    2011-03-16 05:41 . 2011-03-16 05:41 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-03-16 05:41 . 2011-03-16 05:41 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-03-16 05:41 . 2011-03-16 05:41 142848 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-03-16 05:41 . 2011-03-16 05:41 11776 —-a-w- c:\windows\system32\mshta.exe
    2011-03-16 05:41 . 2011-03-16 05:41 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-16 05:41 . 2011-03-16 05:41 101888 —-a-w- c:\windows\system32\admparse.dll
    2011-04-14 16:41 . 2011-05-01 14:56 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-16 131072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ ¼Ñ¸
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk]
    backup=c:\windows\pss\OpenOffice.org 3.0 .lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CASS]
    c:\program files\Compal Electronics [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidewalker]
    c:\program files\Compal Electronics [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog]
    -c:\program files\Compal Electronics [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 —-a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
    2006-07-20 08:44 61440 —-a-w- c:\program files\LifeView MVP\RemoteControl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    2011-01-07 21:09 585728 —-a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-01-13 01:40 7766016 —-a-w- c:\windows\System32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-01-13 01:40 81920 —-a-w- c:\windows\System32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    2007-01-13 01:40 90191 —-a-w- c:\windows\System32
    vsvc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2006-12-29 04:11 4317184 —-a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
    2006-09-15 12:21 675840 —-a-w- c:\windows\vsnp2std.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-01-27 06:35 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
    2010-11-29 09:41 39200 —-a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2554491475-2388841559-3016712956-1000]
    "EnableNotificationsRef"=dword:00000004
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-15 267568]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jos\Documents\RealTemp_340[1]\WinRing0.sys [2010-01-29 06:01 14416]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-02 482176]
    S3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2007-11-28 159104]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 07:43]
    .
    2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 07:43]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/ig?t=0
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 194.109.104.104 194.109.6.66
    FF - ProfilePath - c:\users\Jos\AppData\Roaming\Mozilla\Firefox\Profiles\z1xx4irm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?t=0
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——- Bestandsassociaties ——-
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-aawservice
    SafeBoot-Lavasoft Ad-Aware Service
    MSConfigStartUp-Google Update - c:\users\Jos\AppData\Local\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\a67dc20b-71e8-4188-9009-abbdace921a2.exe
    MSConfigStartUp-TomTomHOME - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-12 16:55
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    "ImagePath"="\??\c:\users\Jos\Documents\RealTemp_340
    [1]\WinRing0.sys"
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRing0_1_2_0]
    "ImagePath"="\??\c:\users\Jos\Documents\RealTemp_340
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Voltooingstijd: 2011-06-12 16:58:57
    ComboFix-quarantined-files.txt 2011-06-12 14:58
    .
    Pre-Run: 43.912.990.720 bytes beschikbaar
    Post-Run: 43.815.481.344 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - 2CDF2CC405473A1EFA02D362830E209C


  • Hoi Jos, hoe gaat het nu na de scan?

    Doe nu onderstaande:

    1) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: MBRCheck.exe
    [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: speciale scan op mbr-rootkits
    [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen.
    [b:ff8b3e4043]Download MBRCheck.exe[/b:ff8b3e4043]

    [b:ff8b3e4043]MBRCheck.exe opstarten[/b:ff8b3e4043]:
    Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe".
    Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren".

    [list:ff8b3e4043][*:ff8b3e4043]een zwart scherm toont zich met enkele data erin.
    [*:ff8b3e4043]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:ff8b3e4043]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:ff8b3e4043]


    2) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: Kaspersky [b:ff8b3e4043]TDSSKiller[/b:ff8b3e4043]
    [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: Rootkitscanner
    [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen
    [b:ff8b3e4043]Downloadlokatie[/b:ff8b3e4043]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:ff8b3e4043]Download[/b:ff8b3e4043] [b:ff8b3e4043]TDSSKiller[/b:ff8b3e4043] [b:ff8b3e4043]hier[/b:ff8b3e4043].

    [b:ff8b3e4043]Installatie[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043] pak het bestand uit op je bureaublad.[/list:u:ff8b3e4043]

    [b:ff8b3e4043]TDSSKiller gebruiken[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:ff8b3e4043]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:ff8b3e4043]Als Administrator uitvoeren[/b:ff8b3e4043].
    [*:ff8b3e4043] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:ff8b3e4043] Post de inhoud van dat log[/list:u:ff8b3e4043]


    3) [b:ff8b3e4043]Welk programma[/b:ff8b3e4043]: Malwarebytes MBAM
    [b:ff8b3e4043]Waarvoor/waarom[/b:ff8b3e4043]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:ff8b3e4043]Moeilijkheidsgraad[/b:ff8b3e4043]: geen.

    [b:ff8b3e4043]Download Malwarebytes MBAM via één van deze locaties[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043][b:ff8b3e4043]Download.com[/b:ff8b3e4043]
    [*:ff8b3e4043][b:ff8b3e4043]Softpedia.com[/b:ff8b3e4043][*:ff8b3e4043][b:ff8b3e4043]Majorgeeks.com[/b:ff8b3e4043][/list:u:ff8b3e4043]
    [b:ff8b3e4043]Allereerst[/b:ff8b3e4043]:[list:ff8b3e4043][*:ff8b3e4043] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:ff8b3e4043] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:ff8b3e4043]
    [b:ff8b3e4043]Malwarebytes MBAM opstarten[/b:ff8b3e4043]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:ff8b3e4043]Scannen[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:ff8b3e4043]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:ff8b3e4043]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:ff8b3e4043]
    [b:ff8b3e4043]Infecties gevonden[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043]Klik nu eerst op OK om de melding weg te klikken
    [*:ff8b3e4043]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:ff8b3e4043]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:ff8b3e4043]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:ff8b3e4043]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:ff8b3e4043]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:ff8b3e4043]
    [b:ff8b3e4043]MBAM-Log[/b:ff8b3e4043]:
    [list:ff8b3e4043][*:ff8b3e4043] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:ff8b3e4043]
    [b:ff8b3e4043]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:ff8b3e4043]


    [b:ff8b3e4043]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:ff8b3e4043]
    [list:ff8b3e4043][*:ff8b3e4043] MBRCheck-log
    [*:ff8b3e4043] TDSSKiller-log
    [*:ff8b3e4043] MBAM scanlog
    [*:ff8b3e4043] laat weten wanneer je ergens een probleem mee hebt[/list:u:ff8b3e4043]
  • Status op dit moment –> onveranderd sinds start topic dus kan nog geen eigenschappen openen en alleen afsluiten m.b.v. Taakbeheer.

    Hierbij de logs:

    MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: COMPAL
    BIOS Manufacturer: COMPAL
    System Manufacturer: COMPAL
    System Product Name: HEL80C
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 167):
    0x82C50000 \SystemRoot\system32
    tkrnlpa.exe
    0x82C1D000 \SystemRoot\system32\hal.dll
    0x8040B000 \SystemRoot\system32\kdcom.dll
    0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80482000 \SystemRoot\system32\PSHED.dll
    0x80493000 \SystemRoot\system32\BOOTVID.dll
    0x8049B000 \SystemRoot\system32\CLFS.SYS
    0x804DC000 \SystemRoot\system32\CI.dll
    0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8068B000 \SystemRoot\system32\drivers\acpi.sys
    0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E2000 \SystemRoot\system32\drivers\pci.sys
    0x80709000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
    0x80713000 \SystemRoot\System32\drivers\partmgr.sys
    0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
    0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80788000 \SystemRoot\system32\drivers\intelide.sys
    0x8078F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8079D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x807CA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807DA000 \SystemRoot\system32\drivers\atapi.sys
    0x807E2000 \SystemRoot\system32\drivers\ataport.SYS
    0x805BC000 \SystemRoot\system32\drivers\fltmgr.sys
    0x805EE000 \SystemRoot\system32\drivers\fileinfo.sys
    0x83206000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x83215000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x83286000 \SystemRoot\system32\drivers
    dis.sys
    0x83391000 \SystemRoot\system32\drivers\msrpc.sys
    0x833BC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x83802000 \SystemRoot\System32\drivers\tcpip.sys
    0x838EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x83A0B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x83B1B000 \SystemRoot\system32\drivers\volsnap.sys
    0x83B54000 \SystemRoot\System32\Drivers\spldr.sys
    0x83B5C000 \SystemRoot\System32\Drivers\mup.sys
    0x83B6B000 \SystemRoot\System32\drivers\ecache.sys
    0x83B92000 \SystemRoot\system32\drivers\disk.sys
    0x83BA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x83BC4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x83BED000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x83907000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x90800000 \SystemRoot\system32\DRIVERS
    vlddmkm.sys
    0x90C3F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90CDF000 \SystemRoot\System32\drivers\watchdog.sys
    0x90CEB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91202000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x91429000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x9146A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x91475000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x914B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x914C2000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x914D2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x914E0000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
    0x914F0000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x9150A000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
    0x91515000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x91519000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9152C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x91537000 \SystemRoot\system32\DRIVERS\Ktp.sys
    0x9153E000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x91549000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x91561000 \SystemRoot\system32\drivers\tpm.sys
    0x9156F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x9159E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x915DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x90D78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x915EA000 \SystemRoot\system32\DRIVERS
    distapi.sys
    0x90D8F000 \SystemRoot\system32\DRIVERS
    diswan.sys
    0x90DB2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90DC1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x90DD5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90DEA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x915F5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x83916000 \SystemRoot\system32\DRIVERS\ks.sys
    0x83BF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x83940000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8394D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x83982000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x93A0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x93BA0000 \SystemRoot\system32\drivers\portcls.sys
    0x93BCD000 \SystemRoot\system32\drivers\drmk.sys
    0x94803000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x9491F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x94921000 \SystemRoot\system32\drivers\modem.sys
    0x9492E000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x9499E000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x94C0B000 \SystemRoot\System32\Drivers\bthport.sys
    0x94C8B000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x94CB4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x94CBE000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x94CD8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x94CE1000 \SystemRoot\System32\Drivers\Null.SYS
    0x94CE8000 \SystemRoot\System32\Drivers\Beep.SYS
    0x94CF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x94CFF000 \SystemRoot\System32\drivers\vga.sys
    0x94D0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x94D2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x94D34000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x94D3C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x94D47000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x95205000 \SystemRoot\system32\DRIVERS\snp2sxp.sys
    0x95D79000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x95D86000 \SystemRoot\system32\DRIVERS\SNCAMD.SYS
    0x95D8D000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x95D96000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x95DAC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x94D55000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
    0x95DC3000 \SystemRoot\system32\DRIVERS\TridVid.sys
    0x95DEA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
    0x95DED000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x94DCA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x95DF6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x94DDA000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x94DE4000 \SystemRoot\system32\DRIVERS\smb.sys
    0x949AB000 \SystemRoot\system32\drivers\afd.sys
    0x95200000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x83993000 \SystemRoot\System32\DRIVERS
    etbt.sys
    0x839C5000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x93BF2000 \SystemRoot\system32\DRIVERS
    etbios.sys
    0x839DB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x94DF8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x96E01000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x96E3D000 \SystemRoot\system32\drivers
    siproxy.sys
    0x96E47000 \??\C:\Windows\system32\drivers\elrawdsk.sys
    0x96E4B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x96E62000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x96EAC000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x96EB9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x96EC4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x816C0000 \SystemRoot\System32\win32k.sys
    0x96ECC000 \SystemRoot\System32\drivers\Dxapi.sys
    0x96ED6000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x818E0000 \SystemRoot\System32\TSDDD.dll
    0x81900000 \SystemRoot\System32\cdd.dll
    0x96EE5000 \SystemRoot\system32\drivers\luafv.sys
    0x96F00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x96F38000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x96F43000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x96F53000 \SystemRoot\system32\DRIVERS
    wifi.sys
    0x96F7D000 \SystemRoot\system32\DRIVERS
    disuio.sys
    0x96F87000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA040B000 \SystemRoot\system32\drivers\spsys.sys
    0xA04BB000 \SystemRoot\system32\drivers\HTTP.sys
    0xA0528000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA0545000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA055E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0573000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA0592000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA05CB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x96F9A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA180C000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA185B000 \SystemRoot\system32\drivers\peauth.sys
    0xA1939000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA1943000 \SystemRoot\system32\drivers\MSPQM.sys
    0xA1945000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA1951000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA195A000 \SystemRoot\system32\drivers\tdtcp.sys
    0xA1965000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0xA1971000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xA19A4000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA19C2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
    0xA19C4000 \??\C:\Users\Jos\AppData\Local\Temp\catchme.sys
    0x77C60000 \Windows\System32
    tdll.dll

    Processes (total 57):
    0 System Idle Process
    4 System
    532 C:\Windows\System32\smss.exe
    616 csrss.exe
    664 C:\Windows\System32\wininit.exe
    684 csrss.exe
    716 C:\Windows\System32\services.exe
    728 C:\Windows\System32\lsass.exe
    740 C:\Windows\System32\lsm.exe
    884 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\winlogon.exe
    992 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\audiodg.exe
    1328 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\SLsvc.exe
    1420 C:\Windows\System32\svchost.exe
    1512 C:\Windows\System32\svchost.exe
    1648 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1656 C:\Windows\System32\wlanext.exe
    308 C:\Windows\System32\spoolsv.exe
    264 C:\Windows\System32\svchost.exe
    688 C:\Windows\System32\svchost.exe
    1184 C:\Windows\ehome\ehrecvr.exe
    1732 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2092 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    2156 C:\Windows\System32\taskeng.exe
    2264 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2320 C:\Windows\System32\svchost.exe
    2344 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2408 C:\Program Files\Secunia\PSI\sua.exe
    2444 C:\Windows\System32\svchost.exe
    2480 C:\Windows\System32\svchost.exe
    2508 C:\Windows\System32\svchost.exe
    2548 C:\Windows\System32\SearchIndexer.exe
    2704 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3920 C:\Windows\ehome\ehsched.exe
    2148 C:\Windows\System32\svchost.exe
    4016 C:\Windows\System32\dwm.exe
    3356 C:\Windows\System32\taskeng.exe
    2212 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    3028 C:\Program Files\Windows Sidebar\sidebar.exe
    2724 C:\Windows\ehome\ehtray.exe
    260 C:\Program Files\AutoSizer\AutoSizer.exe
    3660 C:\Windows\ehome\ehmsas.exe
    1128 C:\Program Files\Windows Sidebar\sidebar.exe
    1084 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4376 C:\Program Files\Windows Defender\MSASCui.exe
    4304 C:\Windows\System32\conime.exe
    5232 C:\Windows\explorer.exe
    3852 C:\Windows\System32\SearchProtocolHost.exe
    6124 C:\Windows\System32\SearchFilterHost.exe
    860 C:\Users\Jos\Downloads\MBRCheck.exe
    5512 C:\Windows\System32\SearchProtocolHost.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZOC10V

    Size Device Name MBR Status
    ——————————————–
    93 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!

    Krijg het log van TDSSkiller in vreemde tekens geopend; tekstverwerker=OpenOffice.org 3.0
    Het Kaspersky programma gaf aan dat er geen infecties zijn.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6841

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12-6-2011 18:02:00
    mbam-log-2011-06-12 (18-02-00).txt

    Scantype: Snelle scan
    Objecten gescand: 150705
    Verstreken tijd: 5 minuut/minuten, 23 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Status na uitvoeren bovenstaande prog's: onveranderd dus nog steeds geen eigenschappen te openen en afsluiten via Taakbeheer.










  • Wat voor muis gebruik jij?

    Eentje met staart aan de verkeerde kant of een draadloos exemplaar?

    En indien het laatste, is de aanwezige energie in die muis nog voldoende?
  • Logitech Dual Laser Engine Draadloos.
    Lampje brand groen; als hij rood brand verwissel ik de batterij meteen.
    Het zijn wel oplaadbare batterijen dus ze zijn misschien aan vervanging toe.
    Ik heb op dit moment geen nieuwe batterijen maar ga ze binnenkort aanschaffen.
    Toch nog een nieuwe batterij gevonden maar dit helpt ook niet; het probleem blijft bestaan.
    De muis heeft een algemene driver van Microsoft.
    Nooit geen problemen mee gehad.
    Misschien de bijbehorende juiste driver downen van de Logitech site?
    Via de touchpad treed het probleem ook op.
    ??????????????
  • Probeer eerst het volgende:

    ga naar [b:ab5d0ef691]Start[/b:ab5d0ef691] en typ [in de zoekregel [b:ab5d0ef691]cmd[/b:ab5d0ef691]; bovenaan het startmenu zie je nu de betreffende snelkoppeling.
    Klik deze snelkoppeling met rechts aan en kies voor [b:ab5d0ef691]Als administrator uitvoeren[/b:ab5d0ef691].

    In het zwarte venster typ je nu [b:ab5d0ef691]sfc /scannow[/b:ab5d0ef691] gevolgd door indrukken van de Entertoets.

    Denk wel aan de spatie na 'sfc'.
    In het zwarte venster zie nu de voortgang van de scan.

    Is de scan klaar, typ je [b:ab5d0ef691]Exit[/b:ab5d0ef691] gevolgd door indrukken van de Entertoets.


    SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zonodig volgt reparatie.


    Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.
  • Sfc uitgevoerd; melding dat er enkele bestanden beschadigd zijn en hersteld.
    Er werd [b:7856298305]niet[/b:7856298305] gemeld dat er opnieuw opgestart moest worden.
    Probleem blijft na de scan bestaan.
    Toch maar opnieuw opstarten?
    Hieronder het CBS-log:

    2011-06-12 21:35:27, Info CBS Loaded Servicing Stack v6.0.6002.18005 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cbscore.dll
    2011-06-12 21:35:27, Info CSI 00000001@2011/6/12:19:35:27.239 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x69a8854e @0x69a663a1 @0xac1392 @0xac1ed4 @0xac17cb)
    2011-06-12 21:35:27, Info CSI 00000002@2011/6/12:19:35:27.281 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x69abe7b6 @0x69aa0f93 @0xac1392 @0xac1ed4 @0xac17cb)
    2011-06-12 21:35:27, Info CSI 00000003@2011/6/12:19:35:27.302 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x69118a50 @0x74d51a0d @0x74d51794 @0xac360b @0xac2be3 @0xac17cb)
    2011-06-12 21:35:27, Info CBS NonStart: Checking to ensure startup processing was not required.
    2011-06-12 21:35:27, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xc7fec8
    2011-06-12 21:35:27, Info CBS NonStart: Success, startup processing not required as expected.
    2011-06-12 21:35:27, Info CSI 00000005 CSI Store 2939384 (0x002cd9f8) initialized
    2011-06-12 21:35:32, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:32, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:37, Info CSI 00000008 Repair results created:
    POQ 0 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\322542e73729cc016500000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\52e444e73729cc016600000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
    2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\12b946e73729cc016700000098136816.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
    3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\020349e73729cc016800000098136816.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
    4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\f24c4be73729cc016900000098136816.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
    5: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\32e94be73729cc016a00000098136816.program_files_common_files_microsoft_shared_ink_nl_7a952e4bcb9a36c2.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_nl_7a952e4bcb9a36c2.cdf-ms"
    6: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\72169de73729cc016b00000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    7: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\b223a0e73729cc016c00000098136816.$$_ehome_40103e2da1d
    2011-06-12 21:35:37, Info CSI 121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"

    POQ 0 ends.
    2011-06-12 21:35:37, Info CSI 00000009 [SR] Verify complete
    2011-06-12 21:35:37, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:37, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:42, Info CSI 0000000c Repair results created:
    POQ 1 starts:

    POQ 1 ends.
    2011-06-12 21:35:42, Info CSI 0000000d [SR] Verify complete
    2011-06-12 21:35:42, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:42, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:46, Info CSI 00000010 Repair results created:
    POQ 2 starts:

    POQ 2 ends.
    2011-06-12 21:35:46, Info CSI 00000011 [SR] Verify complete
    2011-06-12 21:35:46, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:46, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:48, Info CSI 00000014 Repair results created:
    POQ 3 starts:

    POQ 3 ends.
    2011-06-12 21:35:48, Info CSI 00000015 [SR] Verify complete
    2011-06-12 21:35:48, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:48, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:50, Info CSI 00000018 Repair results created:
    POQ 4 starts:

    POQ 4 ends.
    2011-06-12 21:35:50, Info CSI 00000019 [SR] Verify complete
    2011-06-12 21:35:50, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:50, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:51, Info CSI 0000001c Repair results created:
    POQ 5 starts:

    POQ 5 ends.
    2011-06-12 21:35:51, Info CSI 0000001d [SR] Verify complete
    2011-06-12 21:35:51, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:51, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:53, Info CSI 00000020 Repair results created:
    POQ 6 starts:

    POQ 6 ends.
    2011-06-12 21:35:53, Info CSI 00000021 [SR] Verify complete
    2011-06-12 21:35:53, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:53, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:55, Info CSI 00000024 Repair results created:
    POQ 7 starts:

    POQ 7 ends.
    2011-06-12 21:35:55, Info CSI 00000025 [SR] Verify complete
    2011-06-12 21:35:55, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:55, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:57, Info CSI 00000028 Repair results created:
    POQ 8 starts:

    POQ 8 ends.
    2011-06-12 21:35:57, Info CSI 00000029 [SR] Verify complete
    2011-06-12 21:35:57, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:57, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:35:59, Info CSI 0000002c Repair results created:
    POQ 9 starts:

    POQ 9 ends.
    2011-06-12 21:35:59, Info CSI 0000002d [SR] Verify complete
    2011-06-12 21:35:59, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:35:59, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:00, Info CSI 00000030 Repair results created:
    POQ 10 starts:

    POQ 10 ends.
    2011-06-12 21:36:00, Info CSI 00000031 [SR] Verify complete
    2011-06-12 21:36:01, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:01, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:02, Info CSI 00000034 Repair results created:
    POQ 11 starts:

    POQ 11 ends.
    2011-06-12 21:36:02, Info CSI 00000035 [SR] Verify complete
    2011-06-12 21:36:03, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:03, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:04, Info CSI 00000038 Repair results created:
    POQ 12 starts:

    POQ 12 ends.
    2011-06-12 21:36:04, Info CSI 00000039 [SR] Verify complete
    2011-06-12 21:36:04, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:04, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:06, Info CSI 0000003c Repair results created:
    POQ 13 starts:

    POQ 13 ends.
    2011-06-12 21:36:06, Info CSI 0000003d [SR] Verify complete
    2011-06-12 21:36:06, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:06, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:08, Info CSI 00000040 Repair results created:
    POQ 14 starts:

    POQ 14 ends.
    2011-06-12 21:36:08, Info CSI 00000041 [SR] Verify complete
    2011-06-12 21:36:08, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:08, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:10, Info CSI 00000044 Repair results created:
    POQ 15 starts:

    POQ 15 ends.
    2011-06-12 21:36:10, Info CSI 00000045 [SR] Verify complete
    2011-06-12 21:36:10, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:10, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:12, Info CSI 00000048 Repair results created:
    POQ 16 starts:

    POQ 16 ends.
    2011-06-12 21:36:12, Info CSI 00000049 [SR] Verify complete
    2011-06-12 21:36:12, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:12, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:14, Info CSI 0000004c Repair results created:
    POQ 17 starts:

    POQ 17 ends.
    2011-06-12 21:36:14, Info CSI 0000004d [SR] Verify complete
    2011-06-12 21:36:14, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:14, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:16, Info CSI 00000050 Repair results created:
    POQ 18 starts:

    POQ 18 ends.
    2011-06-12 21:36:16, Info CSI 00000051 [SR] Verify complete
    2011-06-12 21:36:16, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:16, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:17, Info CSI 00000054 Repair results created:
    POQ 19 starts:

    POQ 19 ends.
    2011-06-12 21:36:17, Info CSI 00000055 [SR] Verify complete
    2011-06-12 21:36:18, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:18, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:19, Info CSI 00000058 Repair results created:
    POQ 20 starts:

    POQ 20 ends.
    2011-06-12 21:36:19, Info CSI 00000059 [SR] Verify complete
    2011-06-12 21:36:19, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:19, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:21, Info CSI 0000005c Repair results created:
    POQ 21 starts:

    POQ 21 ends.
    2011-06-12 21:36:21, Info CSI 0000005d [SR] Verify complete
    2011-06-12 21:36:21, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:21, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:23, Info CSI 00000060 Repair results created:
    POQ 22 starts:

    POQ 22 ends.
    2011-06-12 21:36:23, Info CSI 00000061 [SR] Verify complete
    2011-06-12 21:36:24, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:24, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:26, Info CSI 00000064 Repair results created:
    POQ 23 starts:

    POQ 23 ends.
    2011-06-12 21:36:26, Info CSI 00000065 [SR] Verify complete
    2011-06-12 21:36:26, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:26, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:28, Info CSI 00000068 Repair results created:
    POQ 24 starts:

    POQ 24 ends.
    2011-06-12 21:36:28, Info CSI 00000069 [SR] Verify complete
    2011-06-12 21:36:28, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:28, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:30, Info CSI 0000006c Repair results created:
    POQ 25 starts:

    POQ 25 ends.
    2011-06-12 21:36:30, Info CSI 0000006d [SR] Verify complete
    2011-06-12 21:36:30, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:30, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:32, Info CSI 00000070 Repair results created:
    POQ 26 starts:

    POQ 26 ends.
    2011-06-12 21:36:32, Info CSI 00000071 [SR] Verify complete
    2011-06-12 21:36:32, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:32, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:34, Info CSI 00000074 Repair results created:
    POQ 27 starts:

    POQ 27 ends.
    2011-06-12 21:36:34, Info CSI 00000075 [SR] Verify complete
    2011-06-12 21:36:35, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:35, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:36, Info CSI 00000078 Repair results created:
    POQ 28 starts:

    POQ 28 ends.
    2011-06-12 21:36:36, Info CSI 00000079 [SR] Verify complete
    2011-06-12 21:36:36, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:36, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:39, Info CSI 0000007c Repair results created:
    POQ 29 starts:

    POQ 29 ends.
    2011-06-12 21:36:39, Info CSI 0000007d [SR] Verify complete
    2011-06-12 21:36:39, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:39, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:41, Info CSI 00000080 Repair results created:
    POQ 30 starts:

    POQ 30 ends.
    2011-06-12 21:36:41, Info CSI 00000081 [SR] Verify complete
    2011-06-12 21:36:41, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:41, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:43, Info CSI 00000084 Repair results created:
    POQ 31 starts:

    POQ 31 ends.
    2011-06-12 21:36:43, Info CSI 00000085 [SR] Verify complete
    2011-06-12 21:36:43, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:43, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:45, Info CSI 00000088 Repair results created:
    POQ 32 starts:

    POQ 32 ends.
    2011-06-12 21:36:45, Info CSI 00000089 [SR] Verify complete
    2011-06-12 21:36:45, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:45, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:48, Info CSI 0000008c Repair results created:
    POQ 33 starts:

    POQ 33 ends.
    2011-06-12 21:36:48, Info CSI 0000008d [SR] Verify complete
    2011-06-12 21:36:48, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:48, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:54, Info CSI 00000090 Repair results created:
    POQ 34 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e28689153829cc01b50d000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\62308d153829cc01b60d000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\62a18f153829cc01b70d000098136816.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
    3: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\82e8a5153829cc01b80d000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
    4: Create Directory: Directory = [l:48{24}]"\??\C:\Program Files\MSN", Attributes = 00000080

    POQ 34 ends.
    2011-06-12 21:36:54, Info CSI 00000091 [SR] Verify complete
    2011-06-12 21:36:55, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:36:55, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:36:59, Info CSI 00000094 Repair results created:
    POQ 35 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2de40183829cc011d0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\e25341183829cc011e0e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\c27643183829cc011f0e000098136816.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
    3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\d20e46183829cc01200e000098136816.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
    4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2c94a183829cc01210e000098136816.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
    5: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2614d183829cc01220e000098136816.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
    6: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2844f183829cc01230e000098136816.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
    7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2fe56183829cc01240e000098136816.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf
    2011-06-12 21:36:59, Info CSI -ms"
    8: Create Directory: Directory = [l:46{23}]"\??\C:\Windows\SchCache", Attributes = 00000080
    9: Create Directory: Directory = [l:58{29}]"\??\C:\Windows\Help\Corporate", Attributes = 00000080
    10: Create Directory: Directory = [l:46{23}]"\??\C:\Windows\Help\OEM", Attributes = 00000080
    11: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\82d5ab183829cc01250e000098136816.$$_help_windows_nl-nl_c6aeba0659bf6105.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_nl-nl_c6aeba0659bf6105.cdf-ms"
    12: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\3283ad183829cc01260e000098136816.$$_help_help_nl-nl_90a28b899d75bef7.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_nl-nl_90a28b899d75bef7.cdf-ms"
    13: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\12f2cc183829cc01270e000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    14: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\c210d1183829cc01280e000098136816.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"
    15: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2d4da183829cc01290e000098136816.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms"
    16: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2f7dc183829cc012a0e000098136816.$$_msagent_chars_9a5bcb5da392f588.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_chars_9a5bcb5da392f588.cdf-ms"

    POQ 35 ends.
    2011-06-12 21:36:59, Info CSI 00000095 [SR] Verify complete
    2011-06-12 21:37:00, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:00, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:06, Info CSI 00000098 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-HomePremium, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:06, Info CSI 00000099 Repair results created:
    POQ 36 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b252691c3829cc018f0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2a0691c3829cc01900e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\9239751c3829cc01910e000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\527f791c3829cc01920e000098136816.$$_system32_branding_nl-nl_85b7e97a196944ba.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_branding_nl-nl_85b7e97a196944ba.cdf-ms"
    4: Create Directory: Directory = [l:64{32}]"\??\C:\Windows\System32\Branding", Attributes = 00000080
    5: Create Directory: Directory = [l:76{38}]"\??\C:\Windows\System32\Branding
    l-NL", Attributes = 00000080
    6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d23f8e1c3829cc01930e000098136816.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
    7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2d7901c3829cc01940e000098136816.$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
    8: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\0226911c3829cc01950e000098136816.$$_branding_basebrd_nl-nl_62da8a8529a0b7f7.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_nl-nl_62da8a8529a0b7f7.cdf-ms"
    9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\724ea31c3
    2011-06-12 21:37:06, Info CSI 829cc01960e000098136816.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
    10: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\226da71c3829cc01970e000098136816.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms"
    11: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\72c1f81c3829cc01980e000098136816.$$_system32_boot_06654401df2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms"

    POQ 36 ends.
    2011-06-12 21:37:06, Info CSI 0000009a [SR] Verify complete
    2011-06-12 21:37:07, Info CSI 0000009b [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:07, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:11, Info CSI 0000009d Repair results created:
    POQ 37 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2f9a21f3829cc01fd0e000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\126fa31f3829cc01fe0e000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2c9d51f3829cc01ff0e000098136816.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
    3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2f0d51f3829cc01000f000098136816.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"

    POQ 37 ends.
    2011-06-12 21:37:11, Info CSI 0000009e [SR] Verify complete
    2011-06-12 21:37:12, Info CSI 0000009f [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:12, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:16, Info CSI 000000a1 Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:16, Info CSI 000000a2 Repair results created:
    POQ 38 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2d9a5223829cc01650f000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c227a6223829cc01660f000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\f29ca6223829cc01670f000098136816.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
    3: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\125ca9223829cc01680f000098136816.$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms"
    4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2e2aa223829cc01690f000098136816.$$_inf_msdtc_0413_5b1b876f4f36bf80.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0413_5b1b876f4f36bf80.cdf-ms"
    5: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\123eae223829cc016a0f000098136816.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
    6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2222ce223829cc016b0f000098136816.$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms"
    7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\82abf3223829cc016c0f000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\623ff8223829cc016d0f000098136816.$$_system32_
    2011-06-12 21:37:16, Info CSI tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
    9: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\323bfa223829cc016e0f000098136816.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
    10: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\4262fa223829cc016f0f000098136816.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
    11: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2e8fb223829cc01700f000098136816.program_files_windows_calendar_499855975101431e.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_499855975101431e.cdf-ms"
    12: Create Directory: Directory = [l:126{63}]"\??\C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar", Attributes = 00000080
    13: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\526bff223829cc01710f000098136816.program_files_windows_calendar_nl-nl_dd4910ed95d502f7.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_nl-nl_dd4910ed95d502f7.cdf-ms"

    POQ 38 ends.
    2011-06-12 21:37:16, Info CSI 000000a3 [SR] Verify complete
    2011-06-12 21:37:17, Info CSI 000000a4 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:17, Info CSI 000000a5 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:24, Info CSI 000000a6 Repair results created:
    POQ 39 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\f24135263829cc01d60f000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\129035263829cc01d70f000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e24f41263829cc01d80f000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b22d48263829cc01d90f000098136816.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms"
    4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\429d70263829cc01da0f000098136816.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms"
    5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a201b1263829cc01db0f000098136816.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
    6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82e1d2263829cc01dc0f000098136816.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms"
    7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4273f4263829cc01dd0f000098136816.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms"
    8: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames
    2011-06-12 21:37:24, Info CSI \525714273829cc01de0f000098136816.$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms"
    9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\722d28273829cc01df0f000098136816.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms"
    10: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\12cb3a273829cc01e00f000098136816.$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms"
    11: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\022c4e273829cc01e10f000098136816.$$_system32_com_066545e3d047e7c7.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms"
    12: Create Directory: Directory = [l:68{34}]"\??\C:\Windows\Registration\CRMLog", Attributes = 00000080
    13: Create Directory: Directory = [l:62{31}]"\??\C:\Windows\System32\com\dmp", Attributes = 00000080
    14: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{6002fb82-02e5-1953-16d3-ec814bdc5adc}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c00530079007300500072006500700044007400630043006c00650061006e00750070000000}
    15: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{6002fb82-02e5-1953-1eb2-96b7091aa28f}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c005300790073005000720065007000440074006300470065006e006500720061006c0069007a0065000000}

    2011-06-12 21:37:24, Info CSI 16: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{6002fb82-02e5-1953-35a2-cee9227ca977}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c0053007900730050007200650070004400740063005300700065006300690061006c0069007a0065000000}
    17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{d4b18d8a-bf11-59ca-594c-604cd9837b21}", Type = REG_SZ (1), Data = {l:96 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c00630061007400730072007600750074002e0064006c006c002c00530079007300700072006500700043006f006d0070006c00750073000000}

    POQ 39 ends.
    2011-06-12 21:37:24, Info CSI 000000a7 [SR] Verify complete
    2011-06-12 21:37:24, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:24, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:30, Info CSI 000000aa Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\th-TH" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"th-TH", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:30, Info CSI 000000ab Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\et-EE" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"et-EE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:31, Info CSI 000000ac Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ja-JP" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ja-JP", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:31, Info CSI 000000ad Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-PT" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-PT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:31, Info CSI 000000ae Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pl-PL" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pl-PL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:32, Info CSI 000000af Ignoring duplicate ownership for directory [l:68{34}]"\??\C:\Windows\System32\sr-Latn-CS" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:20{10}]"sr-Latn-CS", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:32, Info CSI 000000b0 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\es-ES" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"es-ES", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:33, Info CSI 000000b1 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32
    b-NO" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2011-06-12 21:37:33, Info CSI 000000b2 Repair results created:
    POQ 40 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\623f4b2a3829cc014610000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\92b44b2a3829cc014710000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\3270592a3829cc014810000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2b55d2a3829cc014910000098136816.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms"
    4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a2cd772a3829cc014a10000098136816.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms"
    5: Move File: Source = [l:206{103}]"\SystemRoot\WinSxS\Temp\PendingRenames\7215972a3829cc014b10000098136816.$$_temp_401038c9a18c18c0.cdf-ms", Destination = [l:118{59}]"\SystemRoot\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms"
    6: Create Directory: Directory = [l:76{38}]"\??\C:\Windows\System32\config\Journal", Attributes = 00000080
    7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92e4c02a3829cc014c10000098136816.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms"
    8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c270d22a3829cc014d10000098136816.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce
    2011-06-12 21:37:33, Info CSI 4fdb.cdf-ms"
    9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2e3ef2a3829cc014e10000098136816.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms"
    10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0270012b3829cc014f10000098136816.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms"
    11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7298132b3829cc015010000098136816.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms"
    12: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92fd242b3829cc015110000098136816.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms"
    13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\72c6352b3829cc015210000098136816.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms"
    14: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e25f4a2b3829cc015310000098136816.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
    15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2c9622b3829cc015410000098136816.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"
    16: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d29b782b3829cc015510000098136816.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-
    2011-06-12 21:37:33, Info CSI ms"
    17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e2d9892b3829cc015610000098136816.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms"
    18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\12669b2b3829cc015710000098136816.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms"
    19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ffaf2b3829cc015810000098136816.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms"
    20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\62c8c02b3829cc015910000098136816.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms"
    21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\326ad12b3829cc015a10000098136816.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms"
    22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f255e42b3829cc015b10000098136816.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms"
    23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2d0f42b3829cc015c10000098136816.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms"
    24: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\724b052c3829cc015d10000098136816.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cd
    2011-06-12 21:37:33, Info CSI f-ms"
    25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\52a3132c3829cc015e10000098136816.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms"
    26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a20c232c3829cc015f10000098136816.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms"
    27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\92ee5f2c3829cc016010000098136816.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms"
    28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\02db7b2c3829cc016110000098136816.$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms"
    29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d20b8a2c3829cc016210000098136816.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms"
    30: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82d09c2c3829cc016310000098136816.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms"
    31: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\927fb02c3829cc016410000098136816.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms"
    32: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\22f6c22c3829cc016510000098136816.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms"

    2011-06-12 21:37:33, Info CSI 33: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c222d32c3829cc016610000098136816.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms"
    34: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\126ee72c3829cc016710000098136816.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
    35: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2b3eb2c3829cc016810000098136816.programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms"
    36: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\6213ed2c3829cc016910000098136816.programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms"
    37: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\320fef2c3829cc016a10000098136816.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms"
    38: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{c01f3410-d5ff-e992-c28d-ccc47a787790}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430041005000490053007900730050007200650070005f00470065006e006500720061006c0069007a0065000000}
    39: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{c01f3410-d5ff-e992-b30d-046ffeeb096e}", Type
    2011-06-12 21:37:33, Info CSI = REG_SZ (1), Data = {l:112 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f005300700065006300690061006c0069007a0065000000}
    40: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{c01f3410-d5ff-e992-1dcd-fb0609f92d84}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f0043006c00650061006e000000}

    POQ 40 ends.
    2011-06-12 21:37:33, Info CSI 000000b3 [SR] Verify complete
    2011-06-12 21:37:33, Info CSI 000000b4 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:33, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:39, Info CSI 000000b6 Repair results created:
    POQ 41 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b260c52f3829cc01cf10000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2aec52f3829cc01d010000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\9247d12f3829cc01d110000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\2289d72f3829cc01d210000098136816.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
    4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\526fda2f3829cc01d310000098136816.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms"
    5: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\c262e02f3829cc01d410000098136816.$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms"
    6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\324812303829cc01d510000098136816.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
    7: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\024414303829cc01d610000098136816.$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms"

    POQ 41 ends.
    2011-06-12 21:37:39, Info CSI 000000b7 [SR] Verify complete
    2011-06-12 21:37:39, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:39, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:44, Info CSI 000000ba Repair results created:
    POQ 42 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\62809c333829cc013b11000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ce9c333829cc013c11000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\a28d9f333829cc013d11000098136816.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
    3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\4214a1333829cc013e11000098136816.$$_ime_imejp10_dicts_281006c600450618.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_dicts_281006c600450618.cdf-ms"
    4: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\02e9a2333829cc013f11000098136816.$$_ime_imejp10_help_280ffde19e779392.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_help_280ffde19e779392.cdf-ms"
    5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c281ae333829cc014011000098136816.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\b23cb3333829cc014111000098136816.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
    7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\5234b7333829cc014211000098136816.$$_system32_ime_imejp10_aead4918eed09977.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_aead4918eed09977.cdf-ms"
    8: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\Pend
    2011-06-12 21:37:44, Info CSI ingRenames\62ccb9333829cc014311000098136816.$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms"
    9: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{2bb19ac6-a2ac-d945-b1a6-321233838362}", Type = REG_SZ (1), Data = {l:110 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00640068006300700063007300760063002e0064006c006c002c00440068006300700043006c00690065006e0074005f00470065006e006500720061006c0069007a0065000000}

    POQ 42 ends.
    2011-06-12 21:37:44, Info CSI 000000bb [SR] Verify complete
    2011-06-12 21:37:45, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:45, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
    2011-06-12 21:37:51, Info CSI 000000be Repair results created:
    POQ 43 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\422a32373829cc01a811000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\729f32373829cc01a911000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\925e35373829cc01aa11000098136816.$$_digitallocker_c114c0cb179413b0.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_c114c0cb179413b0.cdf-ms"

    POQ 43 ends.
    2011-06-12 21:37:51, Info CSI 000000bf [SR] Verify complete
    2011-06-12 21:37:52, Info CSI 000000c0 [SR] Verifying 100 (0x00000064) components
    2011-06-12 21:37:52, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
    2011-06-12 21:38:01, Info CSI 000000c2 Repair results created:
    POQ 44 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\02b54b3c3829cc010f12000098136816._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\42514c3c3829cc011012000098136816.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\42c24e3c3829cc011112000098136816.$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms"
    3: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\5271623c3829cc011212000098136816.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
    4: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\52e2643c3829cc011312000098136816.$$_ehome_mcx_022df17cf4546600.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_022df17cf4546600.cdf-ms"
    5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\72a1673c3829cc011412000098136816.$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms"
    6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d261ec3c3829cc011512000098136816.$$_prefetch_1688e4e8b2f89473.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms"
    7: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\0248ef3c3829cc011612000098136816.$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms"
    8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\2296ef3c3
    2011-06-12 21:38:01, Info CSI 829cc011712000098136816.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
    9: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\12e0f13c3829cc011812000098136816.$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms"
    10: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\2278f43c3829cc011912000098136816.$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms"
    11: Set File Information: File = [l:66{33}]"\??\C:\Windows\prefetch\ReadyBoot", Attributes = 00000080
    12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{f3dc2c88-655a-a077-d0e0-b8404

  • Heb je eerder misschien een tweaktool gebruikt, zoals TuneUp Utilities?
  • Dat kon maar zo eens zijn.
    Is al wel een tijd geleden; besturingssysteem is niet opnieuw geinstalleerd na aflevering leverancier –> BTO.
  • Heb je er overigens al eens aan gedacht Windows 7 erin te zetten?

    Doe het volgende:

    [b:0fa2855888]Welk programma[/b:0fa2855888]: RSIT
    [b:0fa2855888]Waarvoor/waarom[/b:0fa2855888]: geeft een zeer uitgebreid overzicht van Windows
    [b:0fa2855888]Moeilijkheidsgraad[/b:0fa2855888]: geen
    [b:0fa2855888]Downloadlokatie[/b:0fa2855888]: Dit programma absoluut naar het bureaublad downloaden!
    [b:0fa2855888]Download RSIT[/b:0fa2855888] [b:0fa2855888]hier[/b:0fa2855888]
    [b:0fa2855888]Het gebruik van RSIT,[/b:0fa2855888]
    [list:0fa2855888][*:0fa2855888]Windows 2000 en Windows XP: start RSIT middels dubbelklik op de snelkoppeling.
    [*:0fa2855888]Windows Vista en Windows 7: start RSIT middels rechtsklik op de snelkoppeling en kies dan voor "Uitvoeren als administrator".[/list:u:0fa2855888]
    [b:0fa2855888]Nadat de scan beëindigd is, zullen twee logs openen.[/b:0fa2855888]
    [list:0fa2855888][*:0fa2855888] Post vervolgens de inhoud van 'log.txt' ('log.txt' zal gemaximaliseerd zijn)
    [*:0fa2855888] Post ook 'info.txt' ('info.txt', dit log zal eerst geminimaliseerd zijn in de Taakbalk)
    [*:0fa2855888] Indien je [b:0fa2855888]info.txt[/b:0fa2855888] niet vindt, kijk dan in C:\ er naar.[/list:u:0fa2855888]
    [b:0fa2855888]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt nog het volgende:[/b:0fa2855888]
    [list:0fa2855888][*:0fa2855888]RSIT dient dan namelijk in 'compatibiliteitsmodus' uitgevoerd te worden.
    [*:0fa2855888] Middels rechtsklik op 'RSIT.exe' kies je voor 'Eigenschappen',
    [*:0fa2855888] klik nu op de tab 'Compatibiliteit'.
    [*:0fa2855888] Vink 'Dit programma uitvoeren in compatibiliteitsmodus' aan en kies vervolgens voor 'Windows XP Service Pack 3'[/list:u:0fa2855888]
    RSIT produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.
  • @ Windows 7: ik weet niet of deze laptop geschikt is voor Win 7 (zie onderschrift) misschien uitbreiden tot 4 Gb geheugen?
    Zo ja, dan ga ik Win 7 installeren!
    Hieronder de logs:

    Logfile of random's system information tool 1.08 (written by random
    andom)
    Run by Jos at 2011-06-13 00:17:10
    Microsoft® Windows Vista™ Home Premium Service Pack 2
    System drive C: has 42 GB (44%) free of 95 GB
    Total RAM: 2045 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 0:17:28, on 13-6-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jos\Bureaublad\RSIT.exe
    C:\Program Files\trend micro\Jos.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?t=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe


    End of file - 4170 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
    avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-22 305328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-08 42272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-22 305328]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "AutoSizer"=C:\Program Files\AutoSizer\AutoSizer.exe [2008-11-16 131072]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CASS]
    C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
    C:\Program Files\LifeView MVP\RemoteControl.exe [2006-07-20 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-07 585728]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\Windows\system32\NvCpl.dll [2007-01-13 7766016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\Windows\system32\NvMcTray.dll [2007-01-13 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    C:\Windows\system32
    vsvc.dll [2007-01-13 90191]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidewalker]
    C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog]
    -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
    C:\Windows\vsnp2std.exe [2006-09-15 675840]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-27 39408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
    C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe [2010-11-29 39200]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    etwork\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    etwork\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    etwork\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    etwork\WudfUsbccidDriver]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoInstrumentation"=1
    "BindDirectlyToPropertySetStorage"=0
    "NoDriveTypeAutoRun"=255
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 months======

    2011-06-13 00:17:10 —-D—- C:\rsit
    2011-06-12 17:48:01 —-A—- C:\TDSSKiller.2.5.4.0_12.06.2011_17.48.01_log.txt
    2011-06-12 16:59:01 —-SHD—- C:\$RECYCLE.BIN
    2011-06-12 16:58:57 —-A—- C:\ComboFix.txt
    2011-06-12 16:44:31 —-A—- C:\Windows\zip.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\SWSC.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\SWREG.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\sed.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\PEV.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\NIRCMD.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\MBR.exe
    2011-06-12 16:44:31 —-A—- C:\Windows\grep.exe
    2011-06-12 16:44:25 —-D—- C:\Windows\ERDNT
    2011-06-12 16:44:24 —-D—- C:\ComboFix
    2011-06-12 16:44:21 —-D—- C:\Qoobox
    2011-06-08 21:25:49 —-D—- C:\Program Files\Common Files\Java
    2011-06-08 21:25:22 —-A—- C:\Windows\system32\javaws.exe
    2011-06-08 21:25:22 —-A—- C:\Windows\system32\javaw.exe
    2011-06-08 21:25:22 —-A—- C:\Windows\system32\java.exe

    ======List of files/folders modified in the last 1 months======

    2011-06-13 00:17:28 —-D—- C:\Program Files\Trend Micro
    2011-06-13 00:17:23 —-D—- C:\Windows\Prefetch
    2011-06-13 00:17:18 —-D—- C:\Windows\temp
    2011-06-12 23:41:44 —-D—- C:\Windows\system32\LogFiles
    2011-06-12 17:48:01 —-D—- C:\Windows\system32\drivers
    2011-06-12 16:55:18 —-D—- C:\Windows
    2011-06-12 16:55:18 —-A—- C:\Windows\system.ini
    2011-06-12 16:55:11 —-D—- C:\Windows\system32\drivers\etc
    2011-06-12 16:54:19 —-D—- C:\ProgramData
    2011-06-12 16:52:00 —-D—- C:\Windows\System32
    2011-06-12 16:52:00 —-D—- C:\Windows\AppPatch
    2011-06-12 16:51:58 —-D—- C:\Program Files\Common Files
    2011-06-12 14:06:26 —-SHD—- C:\System Volume Information
    2011-06-12 13:33:25 —-D—- C:\Windows\inf
    2011-06-12 13:33:25 —-A—- C:\Windows\system32\PerfStringBackup.INI
    2011-06-11 06:33:07 —-D—- C:\perflogs
    2011-06-08 21:25:50 —-SHD—- C:\Windows\Installer
    2011-06-08 21:25:50 —-D—- C:\Config.Msi
    2011-06-08 21:25:04 —-A—- C:\Windows\system32\deployJava1.dll
    2011-06-06 22:40:59 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
    2011-05-29 08:39:36 —-D—- C:\Windows\Debug
    2011-05-27 17:21:40 —-D—- C:\Program Files\Argente - Registry Cleaner
    2011-05-27 13:38:59 —-D—- C:\Windows\Logs
    2011-05-27 13:28:55 —-D—- C:\Program Files\CCleaner
    2011-05-27 13:28:45 —-D—- C:\Program Files\Google
    2011-05-25 00:21:41 —-RD—- C:\Program Files
    2011-05-21 08:51:49 —-D—- C:\Windows\system32\catroot2
    2011-05-21 08:50:50 —-D—- C:\Boot
    2011-05-21 08:49:12 —-D—- C:\Windows\system32\config

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
    R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456]
    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
    R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
    R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
    R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
    R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-10-02 482176]
    R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
    R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
    R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
    R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-26 62208]
    R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-26 42240]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
    R3 Ktp;Elantech Touchpad; C:\Windows\system32\DRIVERS\Ktp.sys [2006-11-18 27776]
    R3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    R3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS
    vlddmkm.sys [2007-01-13 4452288]
    R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-06-23 259176]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-11-16 12007040]
    R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
    R3 TridVid;Trident Analog plus Digital Video; C:\Windows\system32\DRIVERS\TridVid.sys [2007-11-28 159104]
    S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-02-22 140680]
    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
    S3 catchme;catchme; \??\C:\Users\Jos\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
    S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
    S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Jos\Documents\RealTemp_340[1]\WinRing0.sys [2010-01-29 14416]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
    R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
    R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-01-10 399416]
    R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
    S3 AppHostSvc;Hulpservice voor toepassingshost; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-06 182768]
    S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-06 9216]
    S4 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe []
    S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
    S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
    S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

    —————–EOF—————–

    info.txt logfile of random's system information tool 1.08 2011-06-13 00:17:32

    ======Uninstall list======

    Adobe AIR–>c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR–>MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
    Adobe Download Manager–>"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
    Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -maintain activex
    Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -maintain plugin
    Adobe Reader X (10.0.1) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA0000000001}
    Adobe Shockwave Player 11.5–>"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Argente - Registry Cleaner 2.0.0.5–>"C:\Program Files\Argente - Registry Cleaner\unins000.exe"
    Auslogics Disk Defrag–>"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
    AuthenTec Fingerprint Sensor Minimum Install–>MsiExec.exe /I{A52689B5-2973-49C6-A53C-9CC156234BCF}
    AutoSizer–>"C:\Program Files\AutoSizer\Uninst.exe" C:\Program Files\AutoSizer\Uninst.ini
    avast! Free Antivirus–>C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
    CCleaner–>"C:\Program Files\CCleaner\uninst.exe"
    Google Earth–>MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E}
    Google Toolbar for Internet Explorer–>"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_B12CA2CBE40DD1A2.exe" /uninstall
    Google Toolbar for Internet Explorer–>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    HiJackThis–>MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HTC BMP USB Driver–>MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752}
    HTC Driver Installer–>MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
    HTC Sync–>MsiExec.exe /I{5645FB61-898F-4F59-AF80-52FEF3D63A64}
    Inst5657–>MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
    Integrated camera–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe" -l0x13 -removeonly -u
    Intel(R) PROSet/Wireless Software–>C:\Windows\Installer\iProInst.exe
    Internet Explorer (Enable DEP)–>%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
    Java(TM) 6 Update 26–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
    KhalInstallWrapper–>MsiExec.exe /I{8941FD14-1E06-4AAB-8DDC-E3177D79DF23}
    Malwarebytes' Anti-Malware versie 1.51.0.1200–>"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    mCore–>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
    mDriver–>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mHelp–>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld–>MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF}
    Microsoft .NET Framework 3.5 SP1–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft .NET Framework 4 Client Profile NLD Language Pack–>MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}
    Microsoft .NET Framework 4 Client Profile–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
    epair /x86 /parameterfolder Client
    Microsoft .NET Framework 4 Client Profile–>MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
    Microsoft .NET Framework 4 Extended NLD Language Pack–>MsiExec.exe /X{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}
    Microsoft .NET Framework 4 Extended–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
    epair /x86 /parameterfolder Extended
    Microsoft .NET Framework 4 Extended–>MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
    Microsoft Fix it Center–>MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64}
    Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570–>MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218–>MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148–>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    mMHouse–>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Mozilla Firefox 4.0.1 (x86 en-GB)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    mPfMgr–>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    MSXML 4.0 SP3 Parser (KB973685)–>MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
    MSXML 4.0 SP3 Parser–>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
    NVIDIA Drivers–>C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 3.3–>MsiExec.exe /I{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}
    Picasa 3–>"C:\Program Files\Google\Picasa3\Uninstall.exe"
    Realtek High Definition Audio Driver–>RtlUpd.exe -r -m
    Secunia PSI (2.0.0.3001)–>"C:\Program Files\Secunia\PSI\uninstall.exe"
    Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)–>c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)–>c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe
    epair /x86 /lcid 1043 /parameterfolder ClientLP
    Taalpakket voor Microsoft .NET Framework 4 Extended - NLD–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe
    epair /x86 /lcid 1043 /parameterfolder ExtendedLP
    Teletekstbrowser versie 3.4–>"C:\Program Files\Teletekstbrowser\unins000.exe"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)–>c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
    Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows-stuurprogrammapakket - Animation Technologies Inc. (TridVid) Media (03/01/2007 1.287.3.20)–>C:\PROGRA~1\DIFX\5CB9FB8DDF2BE943\DPInst.exe /d /u C:\Windows\System32\DriverStore\FileRepository\animation.inf_0a6b7773\animation.inf

    ======Security center information======

    AS: Lavasoft Ad-Watch Live!
    AS: Windows Defender
    AS: SUPERAntiSpyware (disabled)

    ======System event log======

    Computer Name: PC_van_Jos
    Event Code: 5005
    Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden.
    Record Number: 708627
    Source Name: NETw4v32
    Time Written: 20110516013806.688000-000
    Event Type: Fout
    User:

    Computer Name: PC_van_Jos
    Event Code: 5005
    Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden.
    Record Number: 708626
    Source Name: NETw4v32
    Time Written: 20110516013804.688000-000
    Event Type: Fout
    User:

    Computer Name: PC_van_Jos
    Event Code: 5005
    Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden.
    Record Number: 708625
    Source Name: NETw4v32
    Time Written: 20110516013804.688000-000
    Event Type: Fout
    User:

    Computer Name: PC_van_Jos
    Event Code: 5005
    Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden.
    Record Number: 708624
    Source Name: NETw4v32
    Time Written: 20110516013802.688000-000
    Event Type: Fout
    User:

    Computer Name: PC_van_Jos
    Event Code: 5005
    Message: \DEVICE\{1F26FB17-E8AA-416C-9CDD-E0A44D855C98}: er is een interne fout opgetreden.
    Record Number: 708623
    Source Name: NETw4v32
    Time Written: 20110516013802.688000-000
    Event Type: Fout
    User:

    =====Application event log=====

    Computer Name: PC_van_Jos
    Event Code: 1531
    Message: De User Profile-service is gestart.


    Record Number: 13727
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090107132859.000000-000
    Event Type: Informatie
    User: NT AUTHORITY\SYSTEEM

    Computer Name: PC_van_Jos
    Event Code: 901
    Message: De Software Licensing-service wordt gestopt.

    Record Number: 13726
    Source Name: Microsoft-Windows-Security-Licensing-SLC
    Time Written: 20090107125856.000000-000
    Event Type: Informatie
    User:

    Computer Name: PC_van_Jos
    Event Code: 1532
    Message: De User Profile-service is gestopt.


    Record Number: 13725
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090107125856.000000-000
    Event Type: Informatie
    User: NT AUTHORITY\SYSTEEM

    Computer Name: PC_van_Jos
    Event Code: 1530
    Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

    DETAIL -
    3 user registry handles leaked from \Registry\User\S-1-5-21-2554491475-2388841559-3016712956-1000_Classes:
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES
    Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000_CLASSES

    Record Number: 13724
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090107125856.000000-000
    Event Type: Waarschuwing
    User: NT AUTHORITY\SYSTEEM

    Computer Name: PC_van_Jos
    Event Code: 1530
    Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

    DETAIL -
    60 user registry handles leaked from \Registry\User\S-1-5-21-2554491475-2388841559-3016712956-1000:
    Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Sites
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software
    Process
    1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Policies
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global
    Process 1120 (\Device\HarddiskVolume1\Program Files\iolo\System Mechanic\SysMech.exe) has opened key \REGISTRY\USER\S-1-5-21-2554491475-2388841559-3016712956-1000\Software\Microsoft\Internet Explorer\Security\P3Global

    Record Number: 13723
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090107125855.000000-000
    Event Type: Waarschuwing
    User: NT AUTHORITY\SYSTEEM

    =====Security event log=====

    Computer Name: PC_van_Jos
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: PC_VAN_JOS$
    Accountdomein: JATHUIS2
    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 5

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x280
    Naam proces: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Naam van werkstation:
    Netwerkadres van bron: -
    Poort van bron: -

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: Advapi
    Verificatiepakket: Negotiate
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 88317
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100516093638.074975-000
    Event Type: Controle geslaagd
    User:

    Computer Name: PC_van_Jos
    Event Code: 4648
    Message: Poging tot aanmelden met expliciete referenties.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: PC_VAN_JOS$
    Accountdomein: JATHUIS2
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Account waarvan de referenties zijn gebruikt:
    Accountnaam: SYSTEEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Doelserver:
    Naam van doelserver: localhost
    Aanvullende gegevens: localhost

    Procesgegevens:
    Proces-id: 0x280
    Procesnaam: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Netwerkadres: -
    Poort: -

    Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
    Record Number: 88316
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100516093638.074975-000
    Event Type: Controle geslaagd
    User:

    Computer Name: PC_van_Jos
    Event Code: 4672
    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 88315
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100516093619.539975-000
    Event Type: Controle geslaagd
    User:

    Computer Name: PC_van_Jos
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: PC_VAN_JOS$
    Accountdomein: JATHUIS2
    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 5

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x280
    Naam proces: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Naam van werkstation:
    Netwerkadres van bron: -
    Poort van bron: -

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: Advapi
    Verificatiepakket: Negotiate
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 88314
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100516093619.539975-000
    Event Type: Controle geslaagd
    User:

    Computer Name: PC_van_Jos
    Event Code: 4648
    Message: Poging tot aanmelden met expliciete referenties.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: PC_VAN_JOS$
    Accountdomein: JATHUIS2
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Account waarvan de referenties zijn gebruikt:
    Accountnaam: SYSTEEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Doelserver:
    Naam van doelserver: localhost
    Aanvullende gegevens: localhost

    Procesgegevens:
    Proces-id: 0x280
    Procesnaam: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Netwerkadres: -
    Poort: -

    Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
    Record Number: 88313
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100516093619.539975-000
    Event Type: Controle geslaagd
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=2
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Softex\OmniPass;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 5, GenuineIntel
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_REVISION"=0f05
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "DEVMGR_SHOW_DETAILS"=1
    "DEVMGR_SHOW_NONPRESENT_DEVICES"=1
    "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

    —————–EOF—————–










  • Hallo Jos, ik ben bang, dat de Iolo registry cleaner iets te veel heeft verwijderd, omdat het nu eenmaal het register wil opschonen.

    Ook vertraagd dit tool het opstarten!

    Advies: uit Wndows verwijderen!

    Vervolgens hebben we ComboFix weer nodig:

    open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d9e9c0ca10]Kladblok[/b:d9e9c0ca10]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:d9e9c0ca10]
  • Het kladblokbestand is niet te vinden; Wordpad wel maar wordt dan door OpenOffice "overgenomen".
    Ik krijg dan de volgende tekst:
    {\rtf1\ansi\ansicpg1252\deff0\deflang1043{\fonttbl{\f0\froman\fcharset0 Times New Roman;}{\f1\fswiss\fcharset0 Arial;}}
    {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs24 File:: \line c:\\windows\\mbr.exe \par
    \f1\fs20\par
    }
    #
    Wat een geklungel is dit zeg!!
    Ik ga deze week Win 7 aanschaffen en installeren; nog even mijn back-up bijwerken en dan alles formateren.
    Wat mij betreft hoef je in dit topic geen energie meer te steken omdat het besturingssysteem er toch af gaat.
    Dank voor je adviezen en de tip over Windows 7!!!!!!!
  • Ik had al het idee dat Notepad om de een of andere reden uit je systeem verdwenen is.


    Om de een of andere reden wordt mijn e-maildadres niet meer getoond in mijn Profiel!

    Dus stuur mij dan maar een PB met jouw e-mailadres, dan zal ik in gezipte vorm jouw Notepad toesturen, welk jij dan na uitpakken in C:Windows\System32 plaatst!
  • PB gestuurd met mijn e-mailadres.
    Graag je reactie op onderstaande opmerkingen:

    Ik ga deze week Win 7 aanschaffen en installeren; nog even mijn back-up bijwerken en dan alles formateren.
    Wat mij betreft hoef je in dit topic geen energie meer te steken omdat het besturingssysteem er toch af gaat.
    Dank voor je adviezen en de tip over Windows 7!!!!!!!
  • Heb je al gekeken of BTO de drivers voor jouw notebook nog heeft?

    En welke Windows 7 neem jij, de 32- of de 64-bit versie?
  • Als de laptop het ondersteunt de 64-bit versie zoniet dan de 32-bit versie.
    Ik heb van BTO het besturingssysteem ontvangen op CD en tevens een aparte CD met de drivers, TPM, enz. bestanden(nadat ik hier om gevraagd had bij mijn bestelling). :P
  • Staan er op die CD dan ook Vista 64-bit drivers?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.