Vraag & Antwoord
Stagnerende laptop
31 antwoorden
- Ik zit met het volgende probleem (pje). Als ik op mijn laptop werk 'bevriest' plotseling het apparaat. Het lampje van de harde schijf brandt dan onafgebroken waarna zonder zelf actie te ondernemen het apparaat weer 'losschiet'. Ik kan die periode iets verkorten door naar taakbeheer te gaan en op annuleren te klikken. Ik krijg dus niet de kans om te kijken of er wellicht een vreemde service o.i.d. draait. Er is geen enkele logica te ontdekken om welke reden het euvel zich voordoet. Ik heb zelf de volgende actie (s) ondernomen: Avast, Malwarebytes en Microsoft Safety Scan gedraaid. Deze vonden niets. Eset Online scan vond het volgende
C:\Users\Gerard\AppData\Roaming\Apple Computer\MobileSync\Backup\9047de6b6eb71e3b02a01d1f0986068084b7c87f\a86eb556c850f61d9a557c435f5d60a0be152084 Win32/SpeedUpMyPC application deleted - quarantined
D:\Tools\Plasq\Comic Life\CL13671_CRK.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined
Deze zijn dus verwijdert. Zou een HJT expert eens even naar mijn logje willen kijken of hier misschien iets bijzonders in is te zien?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:19, on 7-8-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
D:\Tools\Total Commander\TC.exe
C:\Windows\system32\taskeng.exe
D:\Tools\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upclive.nl/?toolbar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Internet Toolbar - {3BE093E7-4650-438B-AC6F-C944C30F81AD} - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
–
End of file - 6736 bytes - Je log ziet er goed uit.
Maar: dat hoeft nog niks te zeggen. - Allereerst mijn dank voor de snelle reactie. aswMBR.exe leverde geen probleem op. TDSSKiller gaf de melding dat er niets gevonden was maar als ik op report klikte kwam de melding:Het document C:\TDSSKiller 2.5.14.0_2011_21.21.27_log.txt wordt gebruikt door een andere toepassing en kan niet worden geopend.
Dus hier alleen de awsMBR log.
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-07 21:04:15
—————————–
21:04:15.480 OS Version: Windows 6.1.7601 Service Pack 1
21:04:15.480 Number of processors: 2 586 0x1706
21:04:15.480 ComputerName: GERARD-PC UserName: Gerard
21:04:17.445 Initialize success
21:04:17.757 AVAST engine defs: 11080700
21:04:35.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:04:35.900 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
21:04:37.944 Disk 0 MBR read successfully
21:04:37.944 Disk 0 MBR scan
21:04:37.959 Disk 0 Windows 7 default MBR code
21:04:37.975 Disk 0 scanning sectors +625139712
21:04:38.069 Disk 0 scanning C:\Windows\system32\drivers
21:04:47.288 Service scanning
21:04:48.755 Modules scanning
21:04:57.959 Disk 0 trace - called modules:
21:04:57.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:04:57.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863dc030]
21:04:57.990 3 CLASSPNP.SYS[8b9b859e] -> nt!IofCallDriver -> [0x86302b90]
21:04:58.489 5 ACPI.sys[8b09f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x862aa030]
21:04:59.191 AVAST engine scan C:\Windows
21:05:01.047 AVAST engine scan C:\Windows\system32
21:06:20.951 AVAST engine scan C:\Windows\system32\drivers
21:06:31.028 AVAST engine scan C:\Users\Gerard
21:12:21.298 AVAST engine scan C:\ProgramData
21:13:13.168 Scan finished successfully
21:16:26.234 Disk 0 MBR has been saved successfully to "C:\Users\Gerard\Desktop\MBR.dat"
21:16:26.250 The log file has been saved successfully to "C:\Users\Gerard\Desktop\aswMBR.txt" - Toch nog gelukt!
2011/08/07 21:18:41.0763 4236 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 21:18:42.0059 4236 ================================================================================
2011/08/07 21:18:42.0059 4236 SystemInfo:
2011/08/07 21:18:42.0059 4236
2011/08/07 21:18:42.0059 4236 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/07 21:18:42.0059 4236 Product type: Workstation
2011/08/07 21:18:42.0059 4236 ComputerName: GERARD-PC
2011/08/07 21:18:42.0059 4236 UserName: Gerard
2011/08/07 21:18:42.0059 4236 Windows directory: C:\Windows
2011/08/07 21:18:42.0059 4236 System windows directory: C:\Windows
2011/08/07 21:18:42.0059 4236 Processor architecture: Intel x86
2011/08/07 21:18:42.0059 4236 Number of processors: 2
2011/08/07 21:18:42.0059 4236 Page size: 0x1000
2011/08/07 21:18:42.0059 4236 Boot type: Normal boot
2011/08/07 21:18:42.0059 4236 ================================================================================
2011/08/07 21:18:43.0136 4236 Initialize success
2011/08/07 21:18:57.0831 4004 ================================================================================
2011/08/07 21:18:57.0831 4004 Scan started
2011/08/07 21:18:57.0831 4004 Mode: Manual;
2011/08/07 21:18:57.0831 4004 ================================================================================
2011/08/07 21:18:58.0845 4004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/07 21:18:58.0923 4004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/07 21:18:58.0954 4004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/07 21:18:59.0017 4004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/07 21:18:59.0064 4004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/07 21:18:59.0095 4004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/07 21:18:59.0142 4004 afcdp (4bda0a1a340d2787e0dd3f61276a36a2) C:\Windows\system32\DRIVERS\afcdp.sys
2011/08/07 21:18:59.0188 4004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/07 21:18:59.0251 4004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/07 21:18:59.0282 4004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/07 21:18:59.0329 4004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/07 21:18:59.0360 4004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/07 21:18:59.0376 4004 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/07 21:18:59.0407 4004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/07 21:18:59.0438 4004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/07 21:18:59.0469 4004 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/07 21:18:59.0500 4004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/07 21:18:59.0547 4004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/07 21:18:59.0578 4004 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/07 21:18:59.0625 4004 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/07 21:18:59.0656 4004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/07 21:18:59.0703 4004 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/07 21:18:59.0750 4004 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/07 21:18:59.0781 4004 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/07 21:18:59.0812 4004 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/07 21:18:59.0844 4004 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/07 21:18:59.0875 4004 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/07 21:18:59.0906 4004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/07 21:18:59.0937 4004 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/07 21:18:59.0984 4004 AtcL001 (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
2011/08/07 21:19:00.0031 4004 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/08/07 21:19:00.0124 4004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/07 21:19:00.0156 4004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/07 21:19:00.0187 4004 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/07 21:19:00.0234 4004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/07 21:19:00.0312 4004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/07 21:19:00.0343 4004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/07 21:19:00.0358 4004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/07 21:19:00.0405 4004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/07 21:19:00.0421 4004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/07 21:19:00.0452 4004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/07 21:19:00.0483 4004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/07 21:19:00.0530 4004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/08/07 21:19:00.0546 4004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/07 21:19:00.0592 4004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/07 21:19:00.0639 4004 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
2011/08/07 21:19:00.0686 4004 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/07 21:19:00.0702 4004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/07 21:19:00.0748 4004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/07 21:19:00.0780 4004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/07 21:19:00.0826 4004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/07 21:19:00.0889 4004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/07 21:19:00.0904 4004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/07 21:19:00.0951 4004 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/07 21:19:00.0982 4004 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/07 21:19:00.0998 4004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/07 21:19:01.0123 4004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/07 21:19:01.0185 4004 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/07 21:19:01.0216 4004 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/07 21:19:01.0263 4004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/07 21:19:01.0326 4004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/07 21:19:01.0372 4004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/07 21:19:01.0513 4004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/07 21:19:01.0669 4004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/07 21:19:01.0700 4004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/07 21:19:01.0762 4004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/07 21:19:01.0794 4004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/07 21:19:01.0840 4004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/07 21:19:01.0872 4004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/07 21:19:01.0887 4004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/07 21:19:01.0918 4004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/07 21:19:01.0950 4004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/07 21:19:01.0981 4004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/07 21:19:01.0996 4004 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/07 21:19:02.0043 4004 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/07 21:19:02.0074 4004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/07 21:19:02.0121 4004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/07 21:19:02.0152 4004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/07 21:19:02.0199 4004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/07 21:19:02.0230 4004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/07 21:19:02.0262 4004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/07 21:19:02.0293 4004 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/07 21:19:02.0308 4004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/07 21:19:02.0355 4004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/07 21:19:02.0402 4004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/07 21:19:02.0449 4004 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/08/07 21:19:02.0496 4004 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/08/07 21:19:02.0542 4004 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/07 21:19:02.0589 4004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/07 21:19:02.0620 4004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/07 21:19:02.0667 4004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/07 21:19:02.0714 4004 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/07 21:19:02.0808 4004 IntcAzAudAddService (251e85a3bac210fff6bad3d1f33113e8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/07 21:19:02.0917 4004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/07 21:19:02.0948 4004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/07 21:19:02.0979 4004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/07 21:19:03.0010 4004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/07 21:19:03.0042 4004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/07 21:19:03.0073 4004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/07 21:19:03.0104 4004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/07 21:19:03.0135 4004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/07 21:19:03.0166 4004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/07 21:19:03.0198 4004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/07 21:19:03.0229 4004 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/07 21:19:03.0260 4004 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/07 21:19:03.0322 4004 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/07 21:19:03.0354 4004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/07 21:19:03.0385 4004 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/07 21:19:03.0416 4004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/07 21:19:03.0432 4004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/07 21:19:03.0463 4004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/07 21:19:03.0478 4004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/07 21:19:03.0510 4004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/07 21:19:03.0541 4004 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/07 21:19:03.0572 4004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/07 21:19:03.0603 4004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/07 21:19:03.0634 4004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/07 21:19:03.0650 4004 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/07 21:19:03.0697 4004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/08/07 21:19:03.0728 4004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/07 21:19:03.0775 4004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/07 21:19:03.0806 4004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/07 21:19:03.0837 4004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/07 21:19:03.0868 4004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/07 21:19:03.0915 4004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/07 21:19:03.0946 4004 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/07 21:19:03.0978 4004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/07 21:19:04.0040 4004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/07 21:19:04.0102 4004 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/07 21:19:04.0165 4004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/07 21:19:04.0196 4004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/07 21:19:04.0212 4004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/07 21:19:04.0258 4004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/07 21:19:04.0274 4004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/07 21:19:04.0290 4004 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/07 21:19:04.0336 4004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/07 21:19:04.0368 4004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/07 21:19:04.0383 4004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/07 21:19:04.0399 4004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/07 21:19:04.0430 4004 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/08/07 21:19:04.0461 4004 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/07 21:19:04.0492 4004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/07 21:19:04.0555 4004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/07 21:19:04.0617 4004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/07 21:19:04.0648 4004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/07 21:19:04.0695 4004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/07 21:19:04.0726 4004 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/07 21:19:04.0773 4004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/07 21:19:04.0804 4004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/07 21:19:04.0836 4004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/07 21:19:04.0898 4004 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
2011/08/07 21:19:05.0023 4004 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/08/07 21:19:05.0257 4004 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/08/07 21:19:05.0444 4004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/07 21:19:05.0475 4004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/07 21:19:05.0506 4004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/07 21:19:05.0569 4004 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/07 21:19:05.0647 4004 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/07 21:19:05.0912 4004 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/07 21:19:06.0208 4004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/07 21:19:06.0255 4004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/07 21:19:06.0302 4004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/07 21:19:06.0333 4004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/07 21:19:06.0380 4004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/07 21:19:06.0427 4004 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/07 21:19:06.0458 4004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/07 21:19:06.0489 4004 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/07 21:19:06.0520 4004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/07 21:19:06.0552 4004 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/07 21:19:06.0583 4004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/07 21:19:06.0614 4004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/07 21:19:06.0708 4004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/07 21:19:06.0739 4004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/07 21:19:06.0786 4004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/07 21:19:06.0848 4004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/07 21:19:06.0910 4004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/07 21:19:06.0942 4004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/07 21:19:06.0973 4004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/07 21:19:07.0004 4004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/07 21:19:07.0035 4004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/07 21:19:07.0066 4004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/07 21:19:07.0098 4004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/07 21:19:07.0144 4004 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/07 21:19:07.0176 4004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/07 21:19:07.0222 4004 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/07 21:19:07.0254 4004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/07 21:19:07.0300 4004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/07 21:19:07.0332 4004 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/07 21:19:07.0378 4004 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/07 21:19:07.0441 4004 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/07 21:19:07.0472 4004 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/07 21:19:07.0503 4004 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/07 21:19:07.0519 4004 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/07 21:19:07.0581 4004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/07 21:19:07.0628 4004 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/07 21:19:07.0675 4004 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/07 21:19:07.0722 4004 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/08/07 21:19:07.0753 4004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/07 21:19:07.0800 4004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/07 21:19:07.0831 4004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/07 21:19:07.0862 4004 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/07 21:19:07.0924 4004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/07 21:19:07.0956 4004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/07 21:19:07.0971 4004 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/07 21:19:08.0002 4004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/07 21:19:08.0080 4004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/07 21:19:08.0112 4004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/07 21:19:08.0127 4004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/07 21:19:08.0143 4004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/07 21:19:08.0236 4004 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
2011/08/07 21:19:08.0314 4004 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/07 21:19:08.0346 4004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/07 21:19:08.0424 4004 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/07 21:19:08.0455 4004 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/07 21:19:08.0486 4004 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/07 21:19:08.0517 4004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/07 21:19:08.0548 4004 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/07 21:19:08.0595 4004 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/07 21:19:08.0673 4004 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/08/07 21:19:08.0751 4004 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/07 21:19:08.0798 4004 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/07 21:19:08.0829 4004 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/07 21:19:08.0892 4004 tdrpman255 (dc1ba6e904491a46124cb90c401e8a31) C:\Windows\system32\DRIVERS\tdrpm255.sys
2011/08/07 21:19:08.0938 4004 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/07 21:19:08.0970 4004 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/07 21:19:09.0016 4004 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/07 21:19:09.0079 4004 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/07 21:19:09.0141 4004 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/07 21:19:09.0188 4004 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/07 21:19:09.0219 4004 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/07 21:19:09.0266 4004 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\Windows\system32\DRIVERS\TVICHW32.SYS
2011/08/07 21:19:09.0313 4004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/07 21:19:09.0375 4004 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/07 21:19:09.0422 4004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/07 21:19:09.0469 4004 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/07 21:19:09.0500 4004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/07 21:19:09.0562 4004 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Tools\Unlocker\UnlockerDriver5.sys
2011/08/07 21:19:09.0625 4004 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/07 21:19:09.0672 4004 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/08/07 21:19:09.0703 4004 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/07 21:19:09.0750 4004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/07 21:19:09.0781 4004 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/07 21:19:09.0812 4004 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/07 21:19:09.0843 4004 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/08/07 21:19:09.0890 4004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/07 21:19:09.0921 4004 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/07 21:19:09.0952 4004 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/07 21:19:09.0999 4004 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/07 21:19:10.0046 4004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/07 21:19:10.0077 4004 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/07 21:19:10.0108 4004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/07 21:19:10.0140 4004 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/07 21:19:10.0171 4004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/07 21:19:10.0186 4004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/07 21:19:10.0218 4004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/07 21:19:10.0249 4004 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/07 21:19:10.0280 4004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/07 21:19:10.0311 4004 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/07 21:19:10.0342 4004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/07 21:19:10.0374 4004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/07 21:19:10.0405 4004 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/07 21:19:10.0452 4004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/07 21:19:10.0483 4004 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 21:19:10.0498 4004 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 21:19:10.0545 4004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/07 21:19:10.0592 4004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/07 21:19:10.0654 4004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/07 21:19:10.0686 4004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/07 21:19:10.0779 4004 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/07 21:19:10.0842 4004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/07 21:19:10.0904 4004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/07 21:19:10.0951 4004 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/07 21:19:10.0982 4004 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/07 21:19:11.0044 4004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/07 21:19:11.0060 4004 Boot (0x1200) (ba493e6aac3d7b948637952027de37b5) \Device\Harddisk0\DR0\Partition0
2011/08/07 21:19:11.0091 4004 Boot (0x1200) (5e501b52c48a3bc710e3e5db3dbe87e6) \Device\Harddisk0\DR0\Partition1
2011/08/07 21:19:11.0122 4004 Boot (0x1200) (58914c1019d6a2a723794c704a712d67) \Device\Harddisk0\DR0\Partition2
2011/08/07 21:19:11.0122 4004 ================================================================================
2011/08/07 21:19:11.0122 4004 Scan finished
2011/08/07 21:19:11.0122 4004 ================================================================================
2011/08/07 21:19:11.0138 4672 Detected object count: 0
2011/08/07 21:19:11.0138 4672 Actual detected object count: 0
2011/08/07 21:21:20.0333 5716 Deinitialize success - Jij mag het volgende doen:
[b:cd8220bd18]Welk programma[/b:cd8220bd18]: ComboFix
[b:cd8220bd18]Waarvoor/waarom[/b:cd8220bd18]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
[b:cd8220bd18]Moeilijkheidsgraad[/b:cd8220bd18]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:cd8220bd18]Downloadlokatie[/b:cd8220bd18]: Dit programma absoluut naar het bureaublad downloaden!
[b:cd8220bd18]Download ComboFix via één van deze locaties[/b:cd8220bd18]:
[list:cd8220bd18][*:cd8220bd18][b:cd8220bd18]Bleepingcomputer[/b:cd8220bd18]
[*:cd8220bd18][b:cd8220bd18]ForoSpyware[/b:cd8220bd18]
[*:cd8220bd18][b:cd8220bd18]Geekstogo[/b:cd8220bd18][/list:u:cd8220bd18]
[b:cd8220bd18]Hier[/b:cd8220bd18] zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
[b:cd8220bd18]Hier[/b:cd8220bd18] en [b:cd8220bd18]hier[/b:cd8220bd18] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
[b:cd8220bd18]Voor alle duidelijkheid nogmaals[/b:cd8220bd18]: ComboFix dient vanaf het bureaublad gestart te worden.
[b:cd8220bd18]Opmerkingen[/b:cd8220bd18]:
[list:cd8220bd18][*:cd8220bd18] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
[*:cd8220bd18]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:cd8220bd18]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:cd8220bd18]
[b:cd8220bd18]ComboFix is opgestart[/b:cd8220bd18]:
[list:cd8220bd18][*:cd8220bd18]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:cd8220bd18]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:cd8220bd18]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:cd8220bd18]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:cd8220bd18]Post de inhoud van dit logbestand in je volgende bericht.
[*:cd8220bd18]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:cd8220bd18]
[b:cd8220bd18]Belangrijke opmerking[/b:cd8220bd18]:
[list:cd8220bd18][*:cd8220bd18][b:cd8220bd18] - Hier is het Combofix-logje. Ter informatie: de verwijzing (en) naar 'G' betreffen mijn USB stick.
ComboFix 11-08-07.03 - Gerard 08-08-2011 10:55:02.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2168 [GMT 2:00]
Gestart vanuit: c:\users\Gerard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-08 to 2011-08-08 ))))))))))))))))))))))))))))))
.
.
2011-08-08 09:01 . 2011-08-08 09:01 ——– d—–w- c:\users\Gerard\AppData\Local\temp
2011-08-05 08:34 . 2011-07-13 03:39 6881616 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90395621-C665-44F4-ABD6-17E21A087A21}\mpengine.dll
2011-08-03 18:40 . 2011-08-04 07:36 ——– d—–w- c:\users\Gerard\AppData\Local\Conduit
2011-07-31 18:05 . 2011-08-04 07:42 ——– d—–w- c:\users\Gerard\AppData\Roaming\Spotify
2011-07-31 18:05 . 2011-08-03 08:47 ——– d—–w- c:\users\Gerard\AppData\Local\Spotify
2011-07-29 13:03 . 2011-08-08 08:44 ——– d—–w- c:\users\Gerard\AppData\Local\Htc
2011-07-29 07:57 . 2011-07-29 07:57 ——– d—–w- c:\users\Gerard\AppData\Roaming\NCH Software
2011-07-26 15:01 . 2011-07-29 13:03 ——– d—–w- c:\users\Gerard\AppData\Roaming\HTC
2011-07-26 14:59 . 2011-07-29 13:01 ——– d—–w- c:\users\Gerard\AppData\Local\Downloaded Installations
2011-07-26 14:58 . 2011-07-29 12:52 ——– d—–w- c:\program files\Spirent Communications
2011-07-26 14:58 . 2011-07-29 12:52 ——– d—–w- c:\program files\HTC
2011-07-26 14:58 . 2011-07-29 13:00 ——– d—–w- c:\program files\Common Files\Adobe AIR
2011-07-26 14:58 . 2011-07-26 14:58 ——– d—–w- c:\users\Gerard\AppData\Local\Adobe
2011-07-23 18:53 . 2011-07-23 18:53 ——– d—–w- c:\program files\iPod
2011-07-23 18:53 . 2011-07-23 18:54 ——– d—–w- c:\program files\iTunes
2011-07-23 18:51 . 2011-07-23 18:51 ——– d—–w- c:\program files\Bonjour
2011-07-23 18:45 . 2011-07-23 18:45 ——– d—–w- c:\program files\Apple Software Update
2011-07-14 19:27 . 2011-07-14 19:27 ——– d—–w- c:\windows\system32\wbem\Logs
2011-07-14 18:24 . 2011-07-14 18:24 ——– d—–w- c:\programdata\Atheros
2011-07-14 14:53 . 2011-07-14 14:53 ——– d—–w- c:\users\Gerard\AppData\Roaming\UPC Broadband Operations BV
2011-07-14 13:02 . 2011-04-28 03:15 60416 —-a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-14 13:02 . 2011-04-28 03:15 393728 —-a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 14:43 . 2011-05-04 04:34 1549312 —-a-w- c:\windows\system32\tquery.dll
2011-07-13 14:43 . 2011-05-04 04:32 1401344 —-a-w- c:\windows\system32\mssrch.dll
2011-07-13 14:43 . 2011-05-04 04:32 666624 —-a-w- c:\windows\system32\mssvp.dll
2011-07-13 14:43 . 2011-05-04 04:32 337408 —-a-w- c:\windows\system32\mssph.dll
2011-07-13 14:43 . 2011-05-04 04:32 197120 —-a-w- c:\windows\system32\mssphtb.dll
2011-07-13 14:43 . 2011-05-04 04:32 59392 —-a-w- c:\windows\system32\msscntrs.dll
2011-07-13 14:43 . 2011-05-04 04:28 86528 —-a-w- c:\windows\system32\SearchFilterHost.exe
2011-07-13 14:43 . 2011-05-04 04:28 427520 —-a-w- c:\windows\system32\SearchIndexer.exe
2011-07-13 14:43 . 2011-05-04 04:28 164352 —-a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-12 09:20 . 2011-07-12 09:20 83816 —-a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 —-a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 —-a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 —-a-w- c:\windows\system32\dnssdX.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2009-10-28 21:00 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2009-10-28 20:59 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2011-05-13 21:29 40112 —-a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-13 21:29 199304 —-a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-13 21:30 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-13 21:30 309848 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-13 21:30 43608 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-05-13 21:30 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-13 21:30 54104 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-05-13 21:30 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-22 19:00 . 2011-05-14 10:11 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 18:05 . 2011-06-23 11:05 17712 —-a-w- c:\windows\system32\nitrolocalui2.dll
2011-06-21 18:05 . 2011-06-23 11:05 26416 —-a-w- c:\windows\system32\nitrolocalmon2.dll
2011-05-24 17:14 . 2009-10-28 19:22 222080 ——w- c:\windows\system32\MpSigStub.exe
2011-05-14 07:56 . 2009-07-14 02:05 152576 —-a-w- c:\windows\system32\msclmd.dll
2011-05-13 21:29 . 2011-05-13 21:29 86528 —-a-w- c:\windows\system32\iesysprep.dll
2011-05-13 21:29 . 2011-05-13 21:29 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-13 21:29 . 2011-05-13 21:29 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-13 21:29 . 2011-05-13 21:29 74752 —-a-w- c:\windows\system32\iesetup.dll
2011-05-13 21:29 . 2011-05-13 21:29 63488 —-a-w- c:\windows\system32\tdc.ocx
2011-05-13 21:29 . 2011-05-13 21:29 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-05-13 21:29 . 2011-05-13 21:29 420864 —-a-w- c:\windows\system32\vbscript.dll
2011-05-13 21:29 . 2011-05-13 21:29 367104 —-a-w- c:\windows\system32\html.iec
2011-05-13 21:29 . 2011-05-13 21:29 35840 —-a-w- c:\windows\system32\imgutil.dll
2011-05-13 21:29 . 2011-05-13 21:29 23552 —-a-w- c:\windows\system32\licmgr10.dll
2011-05-13 21:29 . 2011-05-13 21:29 161792 —-a-w- c:\windows\system32\msls31.dll
2011-05-13 21:29 . 2011-05-13 21:29 152064 —-a-w- c:\windows\system32\wextract.exe
2011-05-13 21:29 . 2011-05-13 21:29 150528 —-a-w- c:\windows\system32\iexpress.exe
2011-05-13 21:29 . 2011-05-13 21:29 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2011-05-13 21:29 . 2011-05-13 21:29 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
2011-05-13 21:29 . 2011-05-13 21:29 11776 —-a-w- c:\windows\system32\mshta.exe
2011-05-13 21:29 . 2011-05-13 21:29 1126912 —-a-w- c:\windows\system32\wininet.dll
2011-05-13 21:29 . 2011-05-13 21:29 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-05-13 21:29 . 2011-05-13 21:29 101888 —-a-w- c:\windows\system32\admparse.dll
2011-05-13 21:00 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-22 19:46 . 2011-05-17 15:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"HTC Sync Loader"="d:\htc\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gerard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
path=c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 07:27 61440 —-a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-02 00:56 13789728 —-a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-27 12:10 4702208 —-a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 12:22 1826816 —-a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 104880 —-a-w- d:\program files\TomTom HOME 2\TomTomHOME.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 —-a-w- d:\tools\Unlocker\UnlockerAssistant.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz131;cpuz131;c:\users\Gerard\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1343400]
R4 MBAMService;MBAMService;d:\tools\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2009-12-08 911552]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-08 2475952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-08 159296]
S3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.upclive.nl/?toolbar=home
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Advanced LAN Scanner v1.0 BETA 1 - g:\utilities\LAN Scanner\uninstal.exe
AddRemove-HijackThis - g:\utilities\HijackThis.exe
AddRemove-Spotify - d:\tools\Spotify\uninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-08-08 11:03:33
ComboFix-quarantined-files.txt 2011-08-08 09:03
.
Pre-Run: 27.539.972.096 bytes beschikbaar
Post-Run: 27.460.780.032 bytes beschikbaar
.
- - End Of File - - C9425466A0FBE02E02B48D9900313800 - Is het "bevriezingsprobleem" er nog?
- Is moeilijk te zeggen, het gebeurt n.l. op de meest rare tijdstippen. De laatste keer was toen ik gisteravond de scan draaide.
Ik snap weinig van de Combo log, maar is er iets onrechtmatigs te zien wat is verwijdert? - Dat is het ém nu juist, alles ziet er goed uit in principe.
Maar we gaan wat doen:
[b:f170aa09d8]Welk programma[/b:f170aa09d8]: RSIT
[b:f170aa09d8]Waarvoor/waarom[/b:f170aa09d8]: geeft een zeer uitgebreid overzicht van Windows
[b:f170aa09d8]Moeilijkheidsgraad[/b:f170aa09d8]: geen
[b:f170aa09d8]Downloadlokatie[/b:f170aa09d8]: Dit programma absoluut naar het bureaublad downloaden!
[b:f170aa09d8]Download RSIT[/b:f170aa09d8] [b:f170aa09d8]hier[/b:f170aa09d8]
[b:f170aa09d8]Het gebruik van RSIT,[/b:f170aa09d8]
[list:f170aa09d8][*:f170aa09d8]Windows 2000 en Windows XP: start RSIT middels dubbelklik op de snelkoppeling.
[*:f170aa09d8]Windows Vista en Windows 7: start RSIT middels rechtsklik op de snelkoppeling en kies dan voor "Uitvoeren als administrator".[/list:u:f170aa09d8]
[b:f170aa09d8]Nadat de scan beëindigd is, zullen twee logs openen.[/b:f170aa09d8]
[list:f170aa09d8][*:f170aa09d8] Post vervolgens de inhoud van 'log.txt' ('log.txt' zal gemaximaliseerd zijn)
[*:f170aa09d8] Post ook 'info.txt' ('info.txt', dit log zal eerst geminimaliseerd zijn in de Taakbalk)
[*:f170aa09d8] Indien je [b:f170aa09d8]info.txt[/b:f170aa09d8] niet vindt, kijk dan in C:\ er naar.[/list:u:f170aa09d8]
[b:f170aa09d8]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt nog het volgende:[/b:f170aa09d8]
[list:f170aa09d8][*:f170aa09d8]RSIT dient dan namelijk in 'compatibiliteitsmodus' uitgevoerd te worden.
[*:f170aa09d8] Middels rechtsklik op 'RSIT.exe' kies je voor 'Eigenschappen',
[*:f170aa09d8] klik nu op de tab 'Compatibiliteit'.
[*:f170aa09d8] Vink 'Dit programma uitvoeren in compatibiliteitsmodus' aan en kies vervolgens voor 'Windows XP Service Pack 3'[/list:u:f170aa09d8]
RSIT produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.
[b:f170aa09d8]Post enkel de inhoud van - Heb ondertussen alweer een aantal vastlopers gehad dus hier de gevraagde logjes.
info.txt logfile of random's system information tool 1.09 2011-08-08 17:31:22
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
32 Bit HP CIO Components Installer–>MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Acronis True Image Home–>MsiExec.exe /X{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}
Adobe AIR–>c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR–>MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Digital Editions–>"C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Apple Application Support–>MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992}
Apple Mobile Device Support–>MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E}
Apple Software Update–>MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio 9.21–>"D:\Program Files\Ashampoo\Ashampoo Burning Studio 9\unins000.exe"
ATK Hotkey–>C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0013 -removeonly
ATK Media–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2–>C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
AuthenTec TrueSuite–>MsiExec.exe /X{E6C44758-FF49-47D1-8182-65E3818ACE23}
avast! Free Antivirus–>C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bonjour–>MsiExec.exe /X{D03482C5-9AD8-496D-B388-692AE04C93AF}
C@shflow V3.3–>MsiExec.exe /X{49A884EB-E020-4D63-842F-6D76D6946590}
Cashflow 4–>MsiExec.exe /X{516F203B-619A-4DDB-A631-C6960FFA6855}
CCleaner–>"D:\Utilities\CCleaner\uninst.exe"
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Davi-Adres 7 DeLuxe–>C:\Windows\DAVILEX\UNINSTAL.EXE C:\PROGRA~1\DAVIAD~1\INSTADR.LOG
DriverAgent by eSupport.com–>RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
erLT–>MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
FrostWire 4.18.3–>D:\Program Files\FrostWire\Uninstall.exe
GOM Player–>"D:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HP Imaging Device Functions 13.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 13.0 Rel. A–>C:\Program Files\HP\Digital Imaging\{17016DA1-F040-4032-BD36-34DD317BC9D5}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 13.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HTC BMP USB Driver–>MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752}
HTC Driver Installer–>MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync–>MsiExec.exe /I{DD8D87E5-C372-462F-B168-94612B1D9451}
Intel(R) PROSet/Wireless Software–>C:\Windows\Installer\iProInst.exe
Internet Toolbar 1.0.1 Build 845–>D:\Tools\Jaytown\Internet Toolbar\uninst.exe
iTunes–>MsiExec.exe /I{C73CA646-73B3-4AEF-A136-C37505745174}
Java(TM) 6 Update 25–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint–>"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0013 -removeonly
Malwarebytes' Anti-Malware versie 1.51.1.1800–>"D:\Tools\Malwarebytes' Anti-Malware\unins000.exe"
mCore–>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver–>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp–>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 4 Client Profile–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile–>MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office File Validation Add-In–>MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007–>"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007–>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007–>MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 SP1 English–>MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570–>MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148–>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
mMHouse–>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox 5.0 (x86 nl)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (5.0)–>C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr–>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB973685)–>MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser–>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nitro PDF Reader 2–>MsiExec.exe /X{07B4E11E-A65D-412D-9242-874708127C45}
NVIDIA Drivers–>C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0–>MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PHOTOfunSTUDIO 5.1 HD Edition–>"C:\Program Files\InstallShield Installation Information\{959282E3-55A9-49D8-B885-D27CF8A2FD82}\setup.exe" -runfromtemp -l0x0409 -z"Uninstall" -removeonly
Picasa 3–>"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime–>MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek High Definition Audio Driver–>RtlUpd.exe -r -m
Revo Uninstaller 1.92–>D:\Tools\VS Revo Group\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB2288621)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Excel 2007 (KB2541007)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
TomTom HOME 2.8.2.2264–>D:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules–>MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Unlocker 1.9.0–>D:\Tools\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 System (KB2539530)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update voor Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
Update voor Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
Verzoek of wijziging voorlopige aanslag 2011–>D:\Belastingdienst_Programma's_Div_Jaren\Verzoek of wijziging voorlopige aanslag\2011\va2011u.exe
Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials–>C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live MIME IFilter–>MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live PIMT Platform–>MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}
Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wireless Console 2–>C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly
=====HijackThis Backups=====
O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - D:\Utilities\ClickClean\ClickClean.exe (file missing) [2011-05-15]
======System event log======
Computer Name: Gerard-PC
Event Code: 7036
Message: De Windows Management Instrumentation-service heeft nu de status gestopt.
Record Number: 10788
Source Name: Service Control Manager
Time Written: 20091120123252.098699-000
Event Type: Informatie
User:
Computer Name: Gerard-PC
Event Code: 7036
Message: De Security Center-service heeft nu de status gestopt.
Record Number: 10787
Source Name: Service Control Manager
Time Written: 20091120123252.020699-000
Event Type: Informatie
User:
Computer Name: Gerard-PC
Event Code: 7036
Message: De Peer Name Resolution Protocol-service heeft nu de status gestopt.
Record Number: 10786
Source Name: Service Control Manager
Time Written: 20091120123251.833499-000
Event Type: Informatie
User:
Computer Name: Gerard-PC
Event Code: 7036
Message: De Windows Modules Installer-service heeft nu de status gestopt.
Record Number: 10785
Source Name: Service Control Manager
Time Written: 20091120123251.817899-000
Event Type: Informatie
User:
Computer Name: Gerard-PC
Event Code: 7036
Message: De Peer Networking Grouping-service heeft nu de status gestopt.
Record Number: 10784
Source Name: Service Control Manager
Time Written: 20091120123251.817899-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: 37L4247D28-05
Event Code: 1001
Message: Foutbucket , type 0
Naam van gebeurtenis: PnPDriverNotFound
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0
Handtekening van probleem:
P1: x86
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Bijgevoegde bestanden:
C:\Windows\Temp\DMI8390.tmp.log.xml
Deze bestanden zijn mogelijk hier beschikbaar:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_e3aed78fa5326e284d9379e9e532681a71d64aea_cab_07fd840d
Analysesymbool:
Opnieuw zoeken naar oplossing: 0nRapport-id: 2267fa39-c3f4-11de-bb6b-8d2c27b90db0
Rapportstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20091028190019.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247D28-05
Event Code: 5617
Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20091028185945.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247D28-05
Event Code: 5615
Message: De Windows Management Instrumentation-service is gestart
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20091028185942.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247D28-05
Event Code: 1531
Message: De User Profile-service is gestart.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091028185938.923700-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247D28-05
Event Code: 4625
Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091028185938.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: 37L4247D28-05
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091028185922.138071-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: 37L4247D28-05$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x1c4
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091028185922.138071-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247D28-05
Event Code: 4902
Message: De tabel voor controlebeleid per gebruiker is gemaakt.
Aantal elementen: 0
Beleids-id: 0x24d37
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091028185915.773260-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-0-0
Accountnaam: -
Accountdomein: -
Aanmeldings-id: 0x0
Aanmeldingstype: 0
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x4
Naam proces:
Netwerkgegevens:
Naam van werkstation: -
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: -
Verificatiepakket: -
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091028185914.384857-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows wordt opgestart.
Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091028185914.369257-000
Event Type: Controle geslaagd
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Acronis\SnapAPI;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
—————–EOF—————–
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gerard at 2011-08-08 17:31:13
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 26 GB (43%) free of 62 GB
Total RAM: 3071 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:19, on 8-8-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gerard\Desktop\RSIT.exe
D:\Tools\Trend Micro\HiJackThis\Gerard.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upclive.nl/?toolbar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Internet Toolbar - {3BE093E7-4650-438B-AC6F-C944C30F81AD} - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
–
End of file - 6155 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.nl"
prefs.js - "extensions.enabledItems" - "clickclean@hotcleaner.com:3.6.5.0, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, smarterwiki@wikiatic.com:4.1.8, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, ffxtlbr@Facemoods.com:1.2.0, {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p="
"clickclean@hotcleaner.com"=D:\Utilities\ClickClean\clickclean
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=D:\Tools\Nitro PDF\Reader\npnitromozilla.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
vandale-nl.xml
wikipedia-nl.xml
C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\extensions\
ietab@ip.cn
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
{3BE093E7-4650-438B-AC6F-C944C30F81AD} - Internet Toolbar - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll [2008-12-02 110592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-13 5075776]
"Acronis Scheduler2Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-11-13 357304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]
"HTC Sync Loader"=D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 593920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-08-27 4702208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-08-03 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
D:\Program Files\TomTom HOME 2\TomTomHOME.exe [2011-04-22 104880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
D:\Tools\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
C:\PROGRA~1\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2010-03-15 172544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gerard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2008-11-07 517384]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-13 203776]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2011-08-08 17:31:13 —-D—- C:\rsit
2011-08-08 11:03:39 —-SHD—- C:\$RECYCLE.BIN
2011-08-08 11:03:34 —-A—- C:\ComboFix.txt
2011-08-08 10:53:51 —-A—- C:\Windows\zip.exe
2011-08-08 10:53:51 —-A—- C:\Windows\SWSC.exe
2011-08-08 10:53:51 —-A—- C:\Windows\SWREG.exe
2011-08-08 10:53:51 —-A—- C:\Windows\sed.exe
2011-08-08 10:53:51 —-A—- C:\Windows\PEV.exe
2011-08-08 10:53:51 —-A—- C:\Windows\NIRCMD.exe
2011-08-08 10:53:51 —-A—- C:\Windows\MBR.exe
2011-08-08 10:53:51 —-A—- C:\Windows\grep.exe
2011-08-08 10:53:45 —-D—- C:\Windows\ERDNT
2011-08-08 10:53:44 —-D—- C:\ComboFix
2011-08-08 10:53:42 —-D—- C:\Qoobox
2011-08-07 21:34:18 —-A—- C:\TDSSKiller.2.5.14.0_07.08.2011_21.34.18_log.txt
2011-08-07 21:21:37 —-A—- C:\TDSSKiller.2.5.14.0_07.08.2011_21.21.37_log.txt
2011-07-31 20:05:56 —-D—- C:\Users\Gerard\AppData\Roaming\Spotify
2011-07-29 15:03:56 —-D—- C:\Users\Gerard\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-07-29 09:57:35 —-D—- C:\Users\Gerard\AppData\Roaming\NCH Software
2011-07-26 17:01:36 —-D—- C:\Users\Gerard\AppData\Roaming\HTC
2011-07-26 16:58:48 —-D—- C:\Program Files\Spirent Communications
2011-07-26 16:58:22 —-D—- C:\Program Files\HTC
2011-07-26 16:58:18 —-D—- C:\ProgramData\Adobe
2011-07-26 16:58:18 —-D—- C:\Program Files\Common Files\Adobe AIR
2011-07-23 20:53:49 —-D—- C:\Program Files\iPod
2011-07-23 20:53:48 —-D—- C:\Program Files\iTunes
2011-07-23 20:51:59 —-D—- C:\Program Files\Bonjour
2011-07-23 20:45:17 —-D—- C:\Program Files\Apple Software Update
2011-07-15 10:01:16 —-D—- C:\Windows\Prefetch
2011-07-14 20:24:01 —-D—- C:\ProgramData\Atheros
2011-07-14 16:53:09 —-D—- C:\Users\Gerard\AppData\Roaming\UPC Broadband Operations BV
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbuhci.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbport.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbohci.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbhub.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbehci.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbd.sys
2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbccgp.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\fsutil.exe
2011-07-14 15:03:01 —-A—- C:\Windows\system32\esent.dll
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\USBSTOR.SYS
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\storport.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\nvstor.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\nvraid.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\ntfs.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\iaStorV.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\amdxata.sys
2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\amdsata.sys
2011-07-14 15:02:58 —-A—- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-14 15:02:58 —-A—- C:\Windows\system32\drivers\bthport.sys
2011-07-13 16:43:01 —-A—- C:\Windows\system32\tquery.dll
2011-07-13 16:43:01 —-A—- C:\Windows\system32\mssrch.dll
2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchProtocolHost.exe
2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchIndexer.exe
2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchFilterHost.exe
2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssvp.dll
2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssphtb.dll
2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssph.dll
2011-07-13 16:43:00 —-A—- C:\Windows\system32\msscntrs.dll
2011-07-13 16:42:56 —-A—- C:\Windows\system32\umpnpmgr.dll
2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 16:42:55 —-A—- C:\Windows\system32\KernelBase.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 16:42:52 —-A—- C:\Windows\system32\kernel32.dll
2011-07-13 16:42:51 —-A—- C:\Windows\system32\winsrv.dll
2011-07-13 16:42:51 —-A—- C:\Windows\system32\conhost.exe
2011-07-13 16:42:49 —-A—- C:\Windows\system32\win32k.sys
2011-07-12 11:20:54 —-A—- C:\Windows\system32\jdns_sd.dll
2011-07-12 11:20:54 —-A—- C:\Windows\system32\dnssdX.dll
2011-07-12 11:20:54 —-A—- C:\Windows\system32\dns-sd.exe
2011-07-12 11:20:54 —-A—- C:\Windows\system32\dnssd.dll
======List of files/folders modified in the last 1 month======
2011-08-08 17:31:16 —-D—- C:\Windows\Temp
2011-08-08 17:18:02 —-D—- C:\Windows\system32\config
2011-08-08 17:09:24 —-D—- C:\Windows\System32
2011-08-08 17:09:24 —-D—- C:\Windows\inf
2011-08-08 17:09:24 —-A—- C:\Windows\system32\PerfStringBackup.INI
2011-08-08 17:04:32 —-D—- C:\Windows
2011-08-08 11:02:43 —-D—- C:\Windows\system32\Tasks
2011-08-08 11:02:38 —-D—- C:\Windows\Tasks
2011-08-08 11:01:20 —-A—- C:\Windows\system.ini
2011-08-08 11:01:14 —-D—- C:\Windows\system32\drivers\etc
2011-08-08 10:58:12 —-D—- C:\Windows\system32\drivers
2011-08-08 10:58:11 —-D—- C:\Windows\AppPatch
2011-08-08 10:58:10 —-D—- C:\Program Files\Common Files
2011-08-08 10:54:06 —-SHD—- C:\System Volume Information
2011-08-07 21:30:44 —-RD—- C:\Program Files
2011-08-07 18:11:51 —-D—- C:\Windows\Downloaded Program Files
2011-08-06 13:18:44 —-D—- C:\Windows\system32\NDF
2011-08-04 13:18:01 —-D—- C:\Windows\debug
2011-08-04 09:43:51 —-D—- C:\Windows\system32\wfp
2011-08-04 09:43:49 —-D—- C:\Windows\system32\wbem
2011-08-04 09:43:01 —-D—- C:\Windows\system32\DriverStore
2011-08-04 09:43:01 —-D—- C:\Windows\system32\catroot2
2011-08-04 09:43:01 —-D—- C:\Users\Gerard\AppData\Roaming\GHISLER
2011-08-04 09:43:00 —-D—- C:\Windows\system32\CodeIntegrity
2011-08-04 09:42:58 —-D—- C:\Windows\AppCompat
2011-08-04 09:42:55 —-D—- C:\Windows\registration
2011-08-03 20:41:33 —-D—- C:\Users\Gerard\AppData\Roaming\Ashampoo
2011-07-30 13:52:43 —-SD—- C:\Users\Gerard\AppData\Roaming\Microsoft
2011-07-29 15:55:13 —-D—- C:\Windows\system32\catroot
2011-07-29 15:55:07 —-SHD—- C:\Windows\Installer
2011-07-29 15:55:07 —-D—- C:\Config.Msi
2011-07-29 15:55:03 —-D—- C:\Windows\winsxs
2011-07-29 15:00:38 —-D—- C:\Users\Gerard\AppData\Roaming\Adobe
2011-07-29 10:21:40 —-D—- C:\Users\Gerard\AppData\Roaming\Vso
2011-07-26 16:58:18 —-D—- C:\ProgramData
2011-07-26 16:58:18 —-D—- C:\Program Files\Adobe
2011-07-26 16:58:00 —-D—- C:\Program Files\MSXML 4.0
2011-07-24 21:52:42 —-D—- C:\Program Files\Microsoft Office
2011-07-24 17:34:37 —-D—- C:\Windows\rescache
2011-07-23 20:53:49 —-D—- C:\Program Files\Common Files\Apple
2011-07-23 20:53:01 —-D—- C:\Windows\SoftwareDistribution
2011-07-20 20:30:17 —-D—- C:\Program Files\Mozilla Thunderbird
2011-07-20 16:11:15 —-D—- C:\ProgramData\Microsoft Help
2011-07-18 13:26:01 —-D—- C:\Users\Gerard\AppData\Roaming\FrostWire
2011-07-15 11:10:58 —-D—- C:\Boot
2011-07-15 10:12:44 —-D—- C:\Windows\system32\nl-NL
2011-07-14 21:45:04 —-D—- C:\Users\Gerard\AppData\Roaming\Macromedia
2011-07-14 21:40:55 —-D—- C:\Windows\Microsoft.NET
2011-07-14 21:40:54 —-RSD—- C:\Windows\assembly
2011-07-14 09:34:16 —-RSD—- C:\Windows\Fonts
2011-07-14 09:16:49 —-A—- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2009-12-08 157248]
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255); C:\Windows\system32\DRIVERS\tdrpm255.sys [2009-12-08 911552]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-12-08 570016]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2009-12-08 159296]
R3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros; C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-14 47104]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-28 1951000]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\Gerard\AppData\Local\Temp\catchme.sys []
S3 cpuz131;cpuz131; \??\C:\Users\Gerard\AppData\Local\Temp\cpuz131\cpuz_x32.sys []
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-14 657408]
S3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 2222080]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-12-04 23600]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-11-13 660432]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-08 2475952]
R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 TomTomHOMEService;TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1343400]
S4 MBAMService;MBAMService; D:\Tools\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
—————–EOF—————– - Hoi Gerard, dat notebook van jouw, is deze met Windows 7 gekomen of heb jijzelf Windows 7 erin gezet?
Wat is overigens het merk en de typeaanduiding van jouw notebook? - Abraham,
Mijn Asus laptop is ruim 2 1/2 jaar oud en is gekocht met Windows Vista. Ik heb echter gelijk in oktober 2009 toen W7 uitkwam deze gekocht en een nieuwe installatie uitgevoerd. Dus de C partitie geformatteerd.
De volledige naam van het apparaat is: ASUS X56SN-AP124C. - Welke Biosversie heeft jouw notebook?
Versie 305 is laatste versie.
http://support.asus.com/Download.aspx?SLanguage=en&m=X56SN&p=3&s=145 - Ik heb ook versie 305.
- Windows 8 heeft een klein probleempje in jouw notebook, omdat er niet helemaal goed met het bios gecommuniceerd kan worden door Windows.[code:1:256a37a13d]Event Code: 1001
Message: Foutbucket , type 0
Naam van gebeurtenis: PnPDriverNotFound
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0
Handtekening van probleem:
P1: x86
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Bijgevoegde bestanden:
C:\Windows\Temp\DMI8390.tmp.log.xml
Deze bestanden zijn mogelijk hier beschikbaar:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_e3aed78fa5326e284d9379e9e532681a71d64aea_cab_07fd840d
[/code:1:256a37a13d]
En doe het volgende:
Download [b:256a37a13d]
naar je [b:256a37a13d]Bureaublad[/b:256a37a13d].
Platform:
Windows 2000 Professional (Service Pack 4 or higher)
Windows XP (Service Pack 2 or higher)
Windows Vista (32-Bit)
Windows 7
Start op in veilige Modus.
Weet je niet hoe in Veilige modus op te starten kijk dan hier: http://www.nationaalcomputerforum.nl/showthread.php?t=27396
Dubbelklik op het installatie bestand om het programma te installeren.
Zorg ervoor dat de volgende items zijn aangevinkt[list:256a37a13d][*:256a37a13d]Hidden startup objects[*:256a37a13d]System memory[*:256a37a13d]Disk boot sectors[list:256a37a13d][*:256a37a13d]Deze Computer
[*:256a37a13d]De schijf waar Windows is geïnstalleerd[*:256a37a13d]Alle verwisselbare schijven[/list:u:256a37a13d]
Klik: [b:256a37a13d]Start scan[/b:256a37a13d][/list:u:256a37a13d]
Wanneer de scanner blijft hangen bij C:\Program Files\Malwarebytes Anti-Malware\[b:256a37a13d]mbamext.dll[/b:256a37a13d]
Stop dan vervolgens de scanner!
Verwijder nu via Software [b:256a37a13d]Malwarebytes Anti-Malware[/b:256a37a13d] en start de PC [b:256a37a13d]NIET[/b:256a37a13d] opnieuw op
Start de scanner weer en kies “[b:256a37a13d]Resume scan[/b:256a37a13d]”
Bij een Infectie word door middel van een Pop-Up aangegeven wat te doen
“[b:256a37a13d]Disinfect[/b:256a37a13d] (recommended)” en/of “[b:256a37a13d]Delete[/b:256a37a13d] (recommended)”
Klik aan het eind van de scan op “Report”
Klik op het plus([b:256a37a13d]+[/b:256a37a13d]) teken voor Autoscan
Rechtermuisklik >>kies “select all” dan
Rechtermuisklik >>kies “Copy”
Ga via Start\Programma’s\Bureau accesoires naar Kladblok(Editor)
Rechtermuisklik >>kies “Plakken”
Geef het tekstbestandje een naam b.v [b:256a37a13d]kav.txt [/b:256a37a13d]en sla het op je Bureaublad op
Sluit AVP en er komt de volgende vraag,klik [b:256a37a13d]Yes[/b:256a37a13d]
Post de inhoud van het logje in je volgende bericht.
[b:256a37a13d]Deaktiveer de aanwezige antivirussoftware - de scan kan lang duren dus heb geduld.[/b:256a37a13d] - Abraham,
Het heeft even geduurd maar ik had vandaag andere zaken dus geen computer…
Ik heb even een vraagje: heb je die code alleen opgeschreven om duidelijk te maken waar de fout zit? Ik vond ze nl. terug in mijn logje. Die bestanden staan overigens niet in de genoemde mappen.
Verder vraag ik mij het volgende af. De laptop heeft 1 jaar en 8 maanden probleemloos gedraaid op W7, alleen de laatste weken gaat het mis. Had zich dit euvel dan niet eerder moeten manifesteren of is dit een min of meer toevallig ontdekte onvolkomenheid?
Begrijp ik goed dat ik alleen de Kaspersky Tool moet gebruiken? - [quote:8cbb643fda="gerardb"]Abraham,
Het heeft even geduurd maar ik had vandaag andere zaken dus geen computer…
Ik heb even een vraagje: heb je die code alleen opgeschreven om duidelijk te maken waar de fout zit? Ik vond ze nl. terug in mijn logje. Die bestanden staan overigens niet in de genoemde mappen.
Verder vraag ik mij het volgende af. De laptop heeft 1 jaar en 8 maanden probleemloos gedraaid op W7, alleen de laatste weken gaat het mis. Had zich dit euvel dan niet eerder moeten manifesteren of is dit een min of meer toevallig ontdekte onvolkomenheid?
Begrijp ik goed dat ik alleen de Kaspersky Tool moet gebruiken?[/quote:8cbb643fda]
Heb deze inmiddels gedraaid, ruim 2 uur duurde het. Ik kan helaas geen logje meesturen want de mogelijkheid om op 'Report' was bij mij nergens te bekennen. Ik kreeg wel de melding "No treats found" dus ik neem aan dat er geen bijzonders was. - Die code geeft enkel aan dat Windows 7 een klein probleempje heeft in de samenwerking met het bios.
Dat doet normaal gesproken verder niks af aan de goede werking van Windows 7 en heeft niks met je huidige problemen te maken.
En doe nu de scan met dat specialistiche Kapserky tool. - Ok, bedankt.
In de quote schreef ik reeds dat ik Kaspersky gedraaid heb maar dat de optie 'Report' niet te vinden was. Kon dus geen log opslaan. Doe ik iets verkeerd? - Een vraag: doen de "bevriezingsverschijnselen" zich nog steeds voor?
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.