Vraag & Antwoord

Beveiliging & privacy

Stagnerende laptop

Anoniem
None
31 antwoorden
  • Ik zit met het volgende probleem (pje). Als ik op mijn laptop werk 'bevriest' plotseling het apparaat. Het lampje van de harde schijf brandt dan onafgebroken waarna zonder zelf actie te ondernemen het apparaat weer 'losschiet'. Ik kan die periode iets verkorten door naar taakbeheer te gaan en op annuleren te klikken. Ik krijg dus niet de kans om te kijken of er wellicht een vreemde service o.i.d. draait. Er is geen enkele logica te ontdekken om welke reden het euvel zich voordoet. Ik heb zelf de volgende actie (s) ondernomen: Avast, Malwarebytes en Microsoft Safety Scan gedraaid. Deze vonden niets. Eset Online scan vond het volgende

    C:\Users\Gerard\AppData\Roaming\Apple Computer\MobileSync\Backup\9047de6b6eb71e3b02a01d1f0986068084b7c87f\a86eb556c850f61d9a557c435f5d60a0be152084 Win32/SpeedUpMyPC application deleted - quarantined
    D:\Tools\Plasq\Comic Life\CL13671_CRK.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined

    Deze zijn dus verwijdert. Zou een HJT expert eens even naar mijn logje willen kijken of hier misschien iets bijzonders in is te zien?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:04:19, on 7-8-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\taskhost.exe
    D:\Tools\Total Commander\TC.exe
    C:\Windows\system32\taskeng.exe
    D:\Tools\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upclive.nl/?toolbar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Internet Toolbar - {3BE093E7-4650-438B-AC6F-C944C30F81AD} - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HTC Sync Loader] "D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted IP range: http://192.168.1.254
    O15 - ESC Trusted IP range: http://192.168.1.254
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    End of file - 6736 bytes
  • Je log ziet er goed uit.
    Maar: dat hoeft nog niks te zeggen.

  • Allereerst mijn dank voor de snelle reactie. aswMBR.exe leverde geen probleem op. TDSSKiller gaf de melding dat er niets gevonden was maar als ik op report klikte kwam de melding:Het document C:\TDSSKiller 2.5.14.0_2011_21.21.27_log.txt wordt gebruikt door een andere toepassing en kan niet worden geopend.
    Dus hier alleen de awsMBR log.

    aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
    Run date: 2011-08-07 21:04:15
    —————————–
    21:04:15.480 OS Version: Windows 6.1.7601 Service Pack 1
    21:04:15.480 Number of processors: 2 586 0x1706
    21:04:15.480 ComputerName: GERARD-PC UserName: Gerard
    21:04:17.445 Initialize success
    21:04:17.757 AVAST engine defs: 11080700
    21:04:35.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    21:04:35.900 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
    21:04:37.944 Disk 0 MBR read successfully
    21:04:37.944 Disk 0 MBR scan
    21:04:37.959 Disk 0 Windows 7 default MBR code
    21:04:37.975 Disk 0 scanning sectors +625139712
    21:04:38.069 Disk 0 scanning C:\Windows\system32\drivers
    21:04:47.288 Service scanning
    21:04:48.755 Modules scanning
    21:04:57.959 Disk 0 trace - called modules:
    21:04:57.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
    21:04:57.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863dc030]
    21:04:57.990 3 CLASSPNP.SYS[8b9b859e] -> nt!IofCallDriver -> [0x86302b90]
    21:04:58.489 5 ACPI.sys[8b09f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x862aa030]
    21:04:59.191 AVAST engine scan C:\Windows
    21:05:01.047 AVAST engine scan C:\Windows\system32
    21:06:20.951 AVAST engine scan C:\Windows\system32\drivers
    21:06:31.028 AVAST engine scan C:\Users\Gerard
    21:12:21.298 AVAST engine scan C:\ProgramData
    21:13:13.168 Scan finished successfully
    21:16:26.234 Disk 0 MBR has been saved successfully to "C:\Users\Gerard\Desktop\MBR.dat"
    21:16:26.250 The log file has been saved successfully to "C:\Users\Gerard\Desktop\aswMBR.txt"
  • Toch nog gelukt!
    2011/08/07 21:18:41.0763 4236 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
    2011/08/07 21:18:42.0059 4236 ================================================================================
    2011/08/07 21:18:42.0059 4236 SystemInfo:
    2011/08/07 21:18:42.0059 4236
    2011/08/07 21:18:42.0059 4236 OS Version: 6.1.7601 ServicePack: 1.0
    2011/08/07 21:18:42.0059 4236 Product type: Workstation
    2011/08/07 21:18:42.0059 4236 ComputerName: GERARD-PC
    2011/08/07 21:18:42.0059 4236 UserName: Gerard
    2011/08/07 21:18:42.0059 4236 Windows directory: C:\Windows
    2011/08/07 21:18:42.0059 4236 System windows directory: C:\Windows
    2011/08/07 21:18:42.0059 4236 Processor architecture: Intel x86
    2011/08/07 21:18:42.0059 4236 Number of processors: 2
    2011/08/07 21:18:42.0059 4236 Page size: 0x1000
    2011/08/07 21:18:42.0059 4236 Boot type: Normal boot
    2011/08/07 21:18:42.0059 4236 ================================================================================
    2011/08/07 21:18:43.0136 4236 Initialize success
    2011/08/07 21:18:57.0831 4004 ================================================================================
    2011/08/07 21:18:57.0831 4004 Scan started
    2011/08/07 21:18:57.0831 4004 Mode: Manual;
    2011/08/07 21:18:57.0831 4004 ================================================================================
    2011/08/07 21:18:58.0845 4004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    2011/08/07 21:18:58.0923 4004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    2011/08/07 21:18:58.0954 4004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    2011/08/07 21:18:59.0017 4004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/08/07 21:18:59.0064 4004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/08/07 21:18:59.0095 4004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/08/07 21:18:59.0142 4004 afcdp (4bda0a1a340d2787e0dd3f61276a36a2) C:\Windows\system32\DRIVERS\afcdp.sys
    2011/08/07 21:18:59.0188 4004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    2011/08/07 21:18:59.0251 4004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    2011/08/07 21:18:59.0282 4004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/08/07 21:18:59.0329 4004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    2011/08/07 21:18:59.0360 4004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    2011/08/07 21:18:59.0376 4004 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    2011/08/07 21:18:59.0407 4004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/08/07 21:18:59.0438 4004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/08/07 21:18:59.0469 4004 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    2011/08/07 21:18:59.0500 4004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/08/07 21:18:59.0547 4004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    2011/08/07 21:18:59.0578 4004 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    2011/08/07 21:18:59.0625 4004 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/08/07 21:18:59.0656 4004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/08/07 21:18:59.0703 4004 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/08/07 21:18:59.0750 4004 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/08/07 21:18:59.0781 4004 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
    2011/08/07 21:18:59.0812 4004 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
    2011/08/07 21:18:59.0844 4004 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
    2011/08/07 21:18:59.0875 4004 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
    2011/08/07 21:18:59.0906 4004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/08/07 21:18:59.0937 4004 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    2011/08/07 21:18:59.0984 4004 AtcL001 (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
    2011/08/07 21:19:00.0031 4004 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
    2011/08/07 21:19:00.0124 4004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/08/07 21:19:00.0156 4004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/08/07 21:19:00.0187 4004 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/08/07 21:19:00.0234 4004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/08/07 21:19:00.0312 4004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    2011/08/07 21:19:00.0343 4004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/08/07 21:19:00.0358 4004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/08/07 21:19:00.0405 4004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/08/07 21:19:00.0421 4004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/08/07 21:19:00.0452 4004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/08/07 21:19:00.0483 4004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/08/07 21:19:00.0530 4004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    2011/08/07 21:19:00.0546 4004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/08/07 21:19:00.0592 4004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/08/07 21:19:00.0639 4004 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    2011/08/07 21:19:00.0686 4004 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/08/07 21:19:00.0702 4004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/08/07 21:19:00.0748 4004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    2011/08/07 21:19:00.0780 4004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/08/07 21:19:00.0826 4004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/08/07 21:19:00.0889 4004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/08/07 21:19:00.0904 4004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    2011/08/07 21:19:00.0951 4004 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/08/07 21:19:00.0982 4004 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/08/07 21:19:00.0998 4004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    2011/08/07 21:19:01.0123 4004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/08/07 21:19:01.0185 4004 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    2011/08/07 21:19:01.0216 4004 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/08/07 21:19:01.0263 4004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/08/07 21:19:01.0326 4004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/08/07 21:19:01.0372 4004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/08/07 21:19:01.0513 4004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/08/07 21:19:01.0669 4004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/08/07 21:19:01.0700 4004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    2011/08/07 21:19:01.0762 4004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/08/07 21:19:01.0794 4004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/08/07 21:19:01.0840 4004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/08/07 21:19:01.0872 4004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/08/07 21:19:01.0887 4004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/08/07 21:19:01.0918 4004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/08/07 21:19:01.0950 4004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/08/07 21:19:01.0981 4004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/08/07 21:19:01.0996 4004 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/08/07 21:19:02.0043 4004 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/08/07 21:19:02.0074 4004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/08/07 21:19:02.0121 4004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/07 21:19:02.0152 4004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/08/07 21:19:02.0199 4004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    2011/08/07 21:19:02.0230 4004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    2011/08/07 21:19:02.0262 4004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/08/07 21:19:02.0293 4004 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/08/07 21:19:02.0308 4004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/08/07 21:19:02.0355 4004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/08/07 21:19:02.0402 4004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    2011/08/07 21:19:02.0449 4004 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/08/07 21:19:02.0496 4004 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
    2011/08/07 21:19:02.0542 4004 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    2011/08/07 21:19:02.0589 4004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    2011/08/07 21:19:02.0620 4004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    2011/08/07 21:19:02.0667 4004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    2011/08/07 21:19:02.0714 4004 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/08/07 21:19:02.0808 4004 IntcAzAudAddService (251e85a3bac210fff6bad3d1f33113e8) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/08/07 21:19:02.0917 4004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    2011/08/07 21:19:02.0948 4004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/08/07 21:19:02.0979 4004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/08/07 21:19:03.0010 4004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/08/07 21:19:03.0042 4004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/08/07 21:19:03.0073 4004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/08/07 21:19:03.0104 4004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    2011/08/07 21:19:03.0135 4004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    2011/08/07 21:19:03.0166 4004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    2011/08/07 21:19:03.0198 4004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    2011/08/07 21:19:03.0229 4004 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    2011/08/07 21:19:03.0260 4004 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/08/07 21:19:03.0322 4004 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/08/07 21:19:03.0354 4004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/08/07 21:19:03.0385 4004 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/08/07 21:19:03.0416 4004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/08/07 21:19:03.0432 4004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/08/07 21:19:03.0463 4004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/08/07 21:19:03.0478 4004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/08/07 21:19:03.0510 4004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/08/07 21:19:03.0541 4004 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
    2011/08/07 21:19:03.0572 4004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/08/07 21:19:03.0603 4004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/08/07 21:19:03.0634 4004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/08/07 21:19:03.0650 4004 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/08/07 21:19:03.0697 4004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    2011/08/07 21:19:03.0728 4004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/08/07 21:19:03.0775 4004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    2011/08/07 21:19:03.0806 4004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    2011/08/07 21:19:03.0837 4004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/08/07 21:19:03.0868 4004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    2011/08/07 21:19:03.0915 4004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/08/07 21:19:03.0946 4004 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/08/07 21:19:03.0978 4004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/08/07 21:19:04.0040 4004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    2011/08/07 21:19:04.0102 4004 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    2011/08/07 21:19:04.0165 4004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/08/07 21:19:04.0196 4004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/08/07 21:19:04.0212 4004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    2011/08/07 21:19:04.0258 4004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/08/07 21:19:04.0274 4004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/08/07 21:19:04.0290 4004 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/08/07 21:19:04.0336 4004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/08/07 21:19:04.0368 4004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    2011/08/07 21:19:04.0383 4004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/08/07 21:19:04.0399 4004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/08/07 21:19:04.0430 4004 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/08/07 21:19:04.0461 4004 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/08/07 21:19:04.0492 4004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/08/07 21:19:04.0555 4004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    2011/08/07 21:19:04.0617 4004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/08/07 21:19:04.0648 4004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/08/07 21:19:04.0695 4004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/08/07 21:19:04.0726 4004 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/08/07 21:19:04.0773 4004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    2011/08/07 21:19:04.0804 4004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/08/07 21:19:04.0836 4004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    2011/08/07 21:19:04.0898 4004 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
    2011/08/07 21:19:05.0023 4004 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/08/07 21:19:05.0257 4004 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    2011/08/07 21:19:05.0444 4004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/08/07 21:19:05.0475 4004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/08/07 21:19:05.0506 4004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/08/07 21:19:05.0569 4004 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    2011/08/07 21:19:05.0647 4004 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/08/07 21:19:05.0912 4004 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/08/07 21:19:06.0208 4004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    2011/08/07 21:19:06.0255 4004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    2011/08/07 21:19:06.0302 4004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    2011/08/07 21:19:06.0333 4004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    2011/08/07 21:19:06.0380 4004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/08/07 21:19:06.0427 4004 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    2011/08/07 21:19:06.0458 4004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/08/07 21:19:06.0489 4004 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    2011/08/07 21:19:06.0520 4004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    2011/08/07 21:19:06.0552 4004 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/08/07 21:19:06.0583 4004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/08/07 21:19:06.0614 4004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/08/07 21:19:06.0708 4004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/08/07 21:19:06.0739 4004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/08/07 21:19:06.0786 4004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/08/07 21:19:06.0848 4004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/08/07 21:19:06.0910 4004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/08/07 21:19:06.0942 4004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/08/07 21:19:06.0973 4004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/08/07 21:19:07.0004 4004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/08/07 21:19:07.0035 4004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/08/07 21:19:07.0066 4004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/08/07 21:19:07.0098 4004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/08/07 21:19:07.0144 4004 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/08/07 21:19:07.0176 4004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/08/07 21:19:07.0222 4004 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/08/07 21:19:07.0254 4004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/08/07 21:19:07.0300 4004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/08/07 21:19:07.0332 4004 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    2011/08/07 21:19:07.0378 4004 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    2011/08/07 21:19:07.0441 4004 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/08/07 21:19:07.0472 4004 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/08/07 21:19:07.0503 4004 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/08/07 21:19:07.0519 4004 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/08/07 21:19:07.0581 4004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/08/07 21:19:07.0628 4004 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    2011/08/07 21:19:07.0675 4004 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/08/07 21:19:07.0722 4004 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    2011/08/07 21:19:07.0753 4004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/08/07 21:19:07.0800 4004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/08/07 21:19:07.0831 4004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/08/07 21:19:07.0862 4004 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/08/07 21:19:07.0924 4004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/08/07 21:19:07.0956 4004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/08/07 21:19:07.0971 4004 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/08/07 21:19:08.0002 4004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/08/07 21:19:08.0080 4004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    2011/08/07 21:19:08.0112 4004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/08/07 21:19:08.0127 4004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/08/07 21:19:08.0143 4004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/08/07 21:19:08.0236 4004 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
    2011/08/07 21:19:08.0314 4004 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\Windows\system32\DRIVERS\snapman.sys
    2011/08/07 21:19:08.0346 4004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/08/07 21:19:08.0424 4004 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    2011/08/07 21:19:08.0455 4004 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    2011/08/07 21:19:08.0486 4004 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/08/07 21:19:08.0517 4004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/08/07 21:19:08.0548 4004 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    2011/08/07 21:19:08.0595 4004 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    2011/08/07 21:19:08.0673 4004 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
    2011/08/07 21:19:08.0751 4004 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/08/07 21:19:08.0798 4004 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/08/07 21:19:08.0829 4004 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    2011/08/07 21:19:08.0892 4004 tdrpman255 (dc1ba6e904491a46124cb90c401e8a31) C:\Windows\system32\DRIVERS\tdrpm255.sys
    2011/08/07 21:19:08.0938 4004 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    2011/08/07 21:19:08.0970 4004 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    2011/08/07 21:19:09.0016 4004 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    2011/08/07 21:19:09.0079 4004 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\Windows\system32\DRIVERS\timntr.sys
    2011/08/07 21:19:09.0141 4004 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/08/07 21:19:09.0188 4004 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    2011/08/07 21:19:09.0219 4004 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/08/07 21:19:09.0266 4004 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\Windows\system32\DRIVERS\TVICHW32.SYS
    2011/08/07 21:19:09.0313 4004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/08/07 21:19:09.0375 4004 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    2011/08/07 21:19:09.0422 4004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    2011/08/07 21:19:09.0469 4004 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    2011/08/07 21:19:09.0500 4004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/08/07 21:19:09.0562 4004 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Tools\Unlocker\UnlockerDriver5.sys
    2011/08/07 21:19:09.0625 4004 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    2011/08/07 21:19:09.0672 4004 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    2011/08/07 21:19:09.0703 4004 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/08/07 21:19:09.0750 4004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    2011/08/07 21:19:09.0781 4004 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/08/07 21:19:09.0812 4004 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/08/07 21:19:09.0843 4004 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    2011/08/07 21:19:09.0890 4004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/08/07 21:19:09.0921 4004 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/08/07 21:19:09.0952 4004 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/08/07 21:19:09.0999 4004 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
    2011/08/07 21:19:10.0046 4004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    2011/08/07 21:19:10.0077 4004 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/08/07 21:19:10.0108 4004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/08/07 21:19:10.0140 4004 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    2011/08/07 21:19:10.0171 4004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    2011/08/07 21:19:10.0186 4004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/08/07 21:19:10.0218 4004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    2011/08/07 21:19:10.0249 4004 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    2011/08/07 21:19:10.0280 4004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/08/07 21:19:10.0311 4004 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    2011/08/07 21:19:10.0342 4004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/08/07 21:19:10.0374 4004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/08/07 21:19:10.0405 4004 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/08/07 21:19:10.0452 4004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/08/07 21:19:10.0483 4004 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/07 21:19:10.0498 4004 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/07 21:19:10.0545 4004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/08/07 21:19:10.0592 4004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/08/07 21:19:10.0654 4004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/08/07 21:19:10.0686 4004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/08/07 21:19:10.0779 4004 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/08/07 21:19:10.0842 4004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/08/07 21:19:10.0904 4004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/08/07 21:19:10.0951 4004 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    2011/08/07 21:19:10.0982 4004 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/08/07 21:19:11.0044 4004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/08/07 21:19:11.0060 4004 Boot (0x1200) (ba493e6aac3d7b948637952027de37b5) \Device\Harddisk0\DR0\Partition0
    2011/08/07 21:19:11.0091 4004 Boot (0x1200) (5e501b52c48a3bc710e3e5db3dbe87e6) \Device\Harddisk0\DR0\Partition1
    2011/08/07 21:19:11.0122 4004 Boot (0x1200) (58914c1019d6a2a723794c704a712d67) \Device\Harddisk0\DR0\Partition2
    2011/08/07 21:19:11.0122 4004 ================================================================================
    2011/08/07 21:19:11.0122 4004 Scan finished
    2011/08/07 21:19:11.0122 4004 ================================================================================
    2011/08/07 21:19:11.0138 4672 Detected object count: 0
    2011/08/07 21:19:11.0138 4672 Actual detected object count: 0
    2011/08/07 21:21:20.0333 5716 Deinitialize success
  • Jij mag het volgende doen:

    [b:cd8220bd18]Welk programma[/b:cd8220bd18]: ComboFix
    [b:cd8220bd18]Waarvoor/waarom[/b:cd8220bd18]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:cd8220bd18]Moeilijkheidsgraad[/b:cd8220bd18]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:cd8220bd18]Downloadlokatie[/b:cd8220bd18]: Dit programma absoluut naar het bureaublad downloaden!
    [b:cd8220bd18]Download ComboFix via één van deze locaties[/b:cd8220bd18]:
    [list:cd8220bd18][*:cd8220bd18][b:cd8220bd18]Bleepingcomputer[/b:cd8220bd18]
    [*:cd8220bd18][b:cd8220bd18]ForoSpyware[/b:cd8220bd18]
    [*:cd8220bd18][b:cd8220bd18]Geekstogo[/b:cd8220bd18][/list:u:cd8220bd18]
    [b:cd8220bd18]Hier[/b:cd8220bd18] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:cd8220bd18]Hier[/b:cd8220bd18] en [b:cd8220bd18]hier[/b:cd8220bd18] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:cd8220bd18]Voor alle duidelijkheid nogmaals[/b:cd8220bd18]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:cd8220bd18]Opmerkingen[/b:cd8220bd18]:
    [list:cd8220bd18][*:cd8220bd18] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:cd8220bd18]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:cd8220bd18]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:cd8220bd18]
    [b:cd8220bd18]ComboFix is opgestart[/b:cd8220bd18]:
    [list:cd8220bd18][*:cd8220bd18]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:cd8220bd18]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:cd8220bd18]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:cd8220bd18]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:cd8220bd18]Post de inhoud van dit logbestand in je volgende bericht.
    [*:cd8220bd18]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:cd8220bd18]
    [b:cd8220bd18]Belangrijke opmerking[/b:cd8220bd18]:
    [list:cd8220bd18][*:cd8220bd18][b:cd8220bd18]
  • Hier is het Combofix-logje. Ter informatie: de verwijzing (en) naar 'G' betreffen mijn USB stick.


    ComboFix 11-08-07.03 - Gerard 08-08-2011 10:55:02.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2168 [GMT 2:00]
    Gestart vanuit: c:\users\Gerard\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\security\Database\tmp.edb
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-07-08 to 2011-08-08 ))))))))))))))))))))))))))))))
    .
    .
    2011-08-08 09:01 . 2011-08-08 09:01 ——– d—–w- c:\users\Gerard\AppData\Local\temp
    2011-08-05 08:34 . 2011-07-13 03:39 6881616 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90395621-C665-44F4-ABD6-17E21A087A21}\mpengine.dll
    2011-08-03 18:40 . 2011-08-04 07:36 ——– d—–w- c:\users\Gerard\AppData\Local\Conduit
    2011-07-31 18:05 . 2011-08-04 07:42 ——– d—–w- c:\users\Gerard\AppData\Roaming\Spotify
    2011-07-31 18:05 . 2011-08-03 08:47 ——– d—–w- c:\users\Gerard\AppData\Local\Spotify
    2011-07-29 13:03 . 2011-08-08 08:44 ——– d—–w- c:\users\Gerard\AppData\Local\Htc
    2011-07-29 07:57 . 2011-07-29 07:57 ——– d—–w- c:\users\Gerard\AppData\Roaming\NCH Software
    2011-07-26 15:01 . 2011-07-29 13:03 ——– d—–w- c:\users\Gerard\AppData\Roaming\HTC
    2011-07-26 14:59 . 2011-07-29 13:01 ——– d—–w- c:\users\Gerard\AppData\Local\Downloaded Installations
    2011-07-26 14:58 . 2011-07-29 12:52 ——– d—–w- c:\program files\Spirent Communications
    2011-07-26 14:58 . 2011-07-29 12:52 ——– d—–w- c:\program files\HTC
    2011-07-26 14:58 . 2011-07-29 13:00 ——– d—–w- c:\program files\Common Files\Adobe AIR
    2011-07-26 14:58 . 2011-07-26 14:58 ——– d—–w- c:\users\Gerard\AppData\Local\Adobe
    2011-07-23 18:53 . 2011-07-23 18:53 ——– d—–w- c:\program files\iPod
    2011-07-23 18:53 . 2011-07-23 18:54 ——– d—–w- c:\program files\iTunes
    2011-07-23 18:51 . 2011-07-23 18:51 ——– d—–w- c:\program files\Bonjour
    2011-07-23 18:45 . 2011-07-23 18:45 ——– d—–w- c:\program files\Apple Software Update
    2011-07-14 19:27 . 2011-07-14 19:27 ——– d—–w- c:\windows\system32\wbem\Logs
    2011-07-14 18:24 . 2011-07-14 18:24 ——– d—–w- c:\programdata\Atheros
    2011-07-14 14:53 . 2011-07-14 14:53 ——– d—–w- c:\users\Gerard\AppData\Roaming\UPC Broadband Operations BV
    2011-07-14 13:02 . 2011-04-28 03:15 60416 —-a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2011-07-14 13:02 . 2011-04-28 03:15 393728 —-a-w- c:\windows\system32\drivers\bthport.sys
    2011-07-13 14:43 . 2011-05-04 04:34 1549312 —-a-w- c:\windows\system32\tquery.dll
    2011-07-13 14:43 . 2011-05-04 04:32 1401344 —-a-w- c:\windows\system32\mssrch.dll
    2011-07-13 14:43 . 2011-05-04 04:32 666624 —-a-w- c:\windows\system32\mssvp.dll
    2011-07-13 14:43 . 2011-05-04 04:32 337408 —-a-w- c:\windows\system32\mssph.dll
    2011-07-13 14:43 . 2011-05-04 04:32 197120 —-a-w- c:\windows\system32\mssphtb.dll
    2011-07-13 14:43 . 2011-05-04 04:32 59392 —-a-w- c:\windows\system32\msscntrs.dll
    2011-07-13 14:43 . 2011-05-04 04:28 86528 —-a-w- c:\windows\system32\SearchFilterHost.exe
    2011-07-13 14:43 . 2011-05-04 04:28 427520 —-a-w- c:\windows\system32\SearchIndexer.exe
    2011-07-13 14:43 . 2011-05-04 04:28 164352 —-a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-07-12 09:20 . 2011-07-12 09:20 83816 —-a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 09:20 . 2011-07-12 09:20 73064 —-a-w- c:\windows\system32\dnssd.dll
    2011-07-12 09:20 . 2011-07-12 09:20 50536 —-a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 09:20 . 2011-07-12 09:20 178536 —-a-w- c:\windows\system32\dnssdX.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-06 17:52 . 2009-10-28 21:00 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 17:52 . 2009-10-28 20:59 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43 . 2011-05-13 21:29 40112 —-a-w- c:\windows\avastSS.scr
    2011-07-04 11:43 . 2011-05-13 21:29 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-07-04 11:36 . 2011-05-13 21:30 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:36 . 2011-05-13 21:30 309848 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-04 11:35 . 2011-05-13 21:30 43608 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-04 11:32 . 2011-05-13 21:30 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2011-05-13 21:30 54104 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-04 11:32 . 2011-05-13 21:30 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-22 19:00 . 2011-05-14 10:11 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 18:05 . 2011-06-23 11:05 17712 —-a-w- c:\windows\system32\nitrolocalui2.dll
    2011-06-21 18:05 . 2011-06-23 11:05 26416 —-a-w- c:\windows\system32\nitrolocalmon2.dll
    2011-05-24 17:14 . 2009-10-28 19:22 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-14 07:56 . 2009-07-14 02:05 152576 —-a-w- c:\windows\system32\msclmd.dll
    2011-05-13 21:29 . 2011-05-13 21:29 86528 —-a-w- c:\windows\system32\iesysprep.dll
    2011-05-13 21:29 . 2011-05-13 21:29 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-13 21:29 . 2011-05-13 21:29 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-13 21:29 . 2011-05-13 21:29 74752 —-a-w- c:\windows\system32\iesetup.dll
    2011-05-13 21:29 . 2011-05-13 21:29 63488 —-a-w- c:\windows\system32\tdc.ocx
    2011-05-13 21:29 . 2011-05-13 21:29 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-05-13 21:29 . 2011-05-13 21:29 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-05-13 21:29 . 2011-05-13 21:29 367104 —-a-w- c:\windows\system32\html.iec
    2011-05-13 21:29 . 2011-05-13 21:29 35840 —-a-w- c:\windows\system32\imgutil.dll
    2011-05-13 21:29 . 2011-05-13 21:29 23552 —-a-w- c:\windows\system32\licmgr10.dll
    2011-05-13 21:29 . 2011-05-13 21:29 161792 —-a-w- c:\windows\system32\msls31.dll
    2011-05-13 21:29 . 2011-05-13 21:29 152064 —-a-w- c:\windows\system32\wextract.exe
    2011-05-13 21:29 . 2011-05-13 21:29 150528 —-a-w- c:\windows\system32\iexpress.exe
    2011-05-13 21:29 . 2011-05-13 21:29 142848 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-05-13 21:29 . 2011-05-13 21:29 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-05-13 21:29 . 2011-05-13 21:29 11776 —-a-w- c:\windows\system32\mshta.exe
    2011-05-13 21:29 . 2011-05-13 21:29 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-05-13 21:29 . 2011-05-13 21:29 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-13 21:29 . 2011-05-13 21:29 101888 —-a-w- c:\windows\system32\admparse.dll
    2011-05-13 21:00 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-06-22 19:46 . 2011-05-17 15:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
    "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "HTC Sync Loader"="d:\htc\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 813584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 10:28 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Gerard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
    path=c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
    backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
    2006-11-02 07:27 61440 —-a-w- c:\program files\ASUS\ATK Media\DMedia.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-07-02 00:56 13789728 —-a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-08-27 12:10 4702208 —-a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-08-03 12:22 1826816 —-a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-01-07 11:12 253672 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-04-22 12:21 104880 —-a-w- d:\program files\TomTom HOME 2\TomTomHOME.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51 17408 —-a-w- d:\tools\Unlocker\UnlockerAssistant.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 cpuz131;cpuz131;c:\users\Gerard\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1343400]
    R4 MBAMService;MBAMService;d:\tools\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2009-12-08 911552]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-08 2475952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
    S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
    S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-08 159296]
    S3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.upclive.nl/?toolbar=home
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    FF - ProfilePath - c:\users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Advanced LAN Scanner v1.0 BETA 1 - g:\utilities\LAN Scanner\uninstal.exe
    AddRemove-HijackThis - g:\utilities\HijackThis.exe
    AddRemove-Spotify - d:\tools\Spotify\uninstall.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-08-08 11:03:33
    ComboFix-quarantined-files.txt 2011-08-08 09:03
    .
    Pre-Run: 27.539.972.096 bytes beschikbaar
    Post-Run: 27.460.780.032 bytes beschikbaar
    .
    - - End Of File - - C9425466A0FBE02E02B48D9900313800
  • Is het "bevriezingsprobleem" er nog?
  • Is moeilijk te zeggen, het gebeurt n.l. op de meest rare tijdstippen. De laatste keer was toen ik gisteravond de scan draaide.

    Ik snap weinig van de Combo log, maar is er iets onrechtmatigs te zien wat is verwijdert?
  • Dat is het ém nu juist, alles ziet er goed uit in principe.

    Maar we gaan wat doen:

    [b:f170aa09d8]Welk programma[/b:f170aa09d8]: RSIT
    [b:f170aa09d8]Waarvoor/waarom[/b:f170aa09d8]: geeft een zeer uitgebreid overzicht van Windows
    [b:f170aa09d8]Moeilijkheidsgraad[/b:f170aa09d8]: geen
    [b:f170aa09d8]Downloadlokatie[/b:f170aa09d8]: Dit programma absoluut naar het bureaublad downloaden!
    [b:f170aa09d8]Download RSIT[/b:f170aa09d8] [b:f170aa09d8]hier[/b:f170aa09d8]
    [b:f170aa09d8]Het gebruik van RSIT,[/b:f170aa09d8]
    [list:f170aa09d8][*:f170aa09d8]Windows 2000 en Windows XP: start RSIT middels dubbelklik op de snelkoppeling.
    [*:f170aa09d8]Windows Vista en Windows 7: start RSIT middels rechtsklik op de snelkoppeling en kies dan voor "Uitvoeren als administrator".[/list:u:f170aa09d8]
    [b:f170aa09d8]Nadat de scan beëindigd is, zullen twee logs openen.[/b:f170aa09d8]
    [list:f170aa09d8][*:f170aa09d8] Post vervolgens de inhoud van 'log.txt' ('log.txt' zal gemaximaliseerd zijn)
    [*:f170aa09d8] Post ook 'info.txt' ('info.txt', dit log zal eerst geminimaliseerd zijn in de Taakbalk)
    [*:f170aa09d8] Indien je [b:f170aa09d8]info.txt[/b:f170aa09d8] niet vindt, kijk dan in C:\ er naar.[/list:u:f170aa09d8]
    [b:f170aa09d8]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt nog het volgende:[/b:f170aa09d8]
    [list:f170aa09d8][*:f170aa09d8]RSIT dient dan namelijk in 'compatibiliteitsmodus' uitgevoerd te worden.
    [*:f170aa09d8] Middels rechtsklik op 'RSIT.exe' kies je voor 'Eigenschappen',
    [*:f170aa09d8] klik nu op de tab 'Compatibiliteit'.
    [*:f170aa09d8] Vink 'Dit programma uitvoeren in compatibiliteitsmodus' aan en kies vervolgens voor 'Windows XP Service Pack 3'[/list:u:f170aa09d8]
    RSIT produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.

    [b:f170aa09d8]Post enkel de inhoud van
  • Heb ondertussen alweer een aantal vastlopers gehad dus hier de gevraagde logjes.

    info.txt logfile of random's system information tool 1.09 2011-08-08 17:31:22

    ======Uninstall list======

    Update for Microsoft Office 2007 (KB2508958)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
    32 Bit HP CIO Components Installer–>MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
    Acronis True Image Home–>MsiExec.exe /X{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}
    Adobe AIR–>c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR–>MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
    Adobe Digital Editions–>"C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"
    Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
    Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
    Apple Application Support–>MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992}
    Apple Mobile Device Support–>MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E}
    Apple Software Update–>MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
    Ashampoo Burning Studio 9.21–>"D:\Program Files\Ashampoo\Ashampoo Burning Studio 9\unins000.exe"
    ATK Hotkey–>C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0013 -removeonly
    ATK Media–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
    ATKOSD2–>C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    AuthenTec TrueSuite–>MsiExec.exe /X{E6C44758-FF49-47D1-8182-65E3818ACE23}
    avast! Free Antivirus–>C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
    Bonjour–>MsiExec.exe /X{D03482C5-9AD8-496D-B388-692AE04C93AF}
    C@shflow V3.3–>MsiExec.exe /X{49A884EB-E020-4D63-842F-6D76D6946590}
    Cashflow 4–>MsiExec.exe /X{516F203B-619A-4DDB-A631-C6960FFA6855}
    CCleaner–>"D:\Utilities\CCleaner\uninst.exe"
    CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
    Davi-Adres 7 DeLuxe–>C:\Windows\DAVILEX\UNINSTAL.EXE C:\PROGRA~1\DAVIAD~1\INSTADR.LOG
    DriverAgent by eSupport.com–>RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
    erLT–>MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
    FrostWire 4.18.3–>D:\Program Files\FrostWire\Uninstall.exe
    GOM Player–>"D:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    HP Imaging Device Functions 13.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart All-In-One Driver Software 13.0 Rel. A–>C:\Program Files\HP\Digital Imaging\{17016DA1-F040-4032-BD36-34DD317BC9D5}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
    HP Solution Center 13.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
    HTC BMP USB Driver–>MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752}
    HTC Driver Installer–>MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
    HTC Sync–>MsiExec.exe /I{DD8D87E5-C372-462F-B168-94612B1D9451}
    Intel(R) PROSet/Wireless Software–>C:\Windows\Installer\iProInst.exe
    Internet Toolbar 1.0.1 Build 845–>D:\Tools\Jaytown\Internet Toolbar\uninst.exe
    iTunes–>MsiExec.exe /I{C73CA646-73B3-4AEF-A136-C37505745174}
    Java(TM) 6 Update 25–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
    Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
    KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Logitech SetPoint–>"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0013 -removeonly
    Malwarebytes' Anti-Malware versie 1.51.1.1800–>"D:\Tools\Malwarebytes' Anti-Malware\unins000.exe"
    mCore–>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
    mDriver–>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mHelp–>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft .NET Framework 4 Client Profile–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
    Microsoft .NET Framework 4 Client Profile–>MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
    Microsoft Office File Validation Add-In–>MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007–>"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007–>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (Dutch) 2007–>MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
    Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
    Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server Compact 3.5 SP1 English–>MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
    Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570–>MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148–>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    mMHouse–>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Mozilla Firefox 5.0 (x86 nl)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (5.0)–>C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    mPfMgr–>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
    MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    MSXML 4.0 SP3 Parser (KB973685)–>MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
    MSXML 4.0 SP3 Parser–>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
    Nitro PDF Reader 2–>MsiExec.exe /X{07B4E11E-A65D-412D-9242-874708127C45}
    NVIDIA Drivers–>C:\Windows\system32\nvuninst.exe UninstallGUI
    OGA Notifier 2.0.0048.0–>MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
    PHOTOfunSTUDIO 5.1 HD Edition–>"C:\Program Files\InstallShield Installation Information\{959282E3-55A9-49D8-B885-D27CF8A2FD82}\setup.exe" -runfromtemp -l0x0409 -z"Uninstall" -removeonly
    Picasa 3–>"C:\Program Files\Google\Picasa3\Uninstall.exe"
    QuickTime–>MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
    Realtek High Definition Audio Driver–>RtlUpd.exe -r -m
    Revo Uninstaller 1.92–>D:\Tools\VS Revo Group\Revo Uninstaller\uninst.exe
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
    Security Update for 2007 Microsoft Office System (KB2288621)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
    Security Update for 2007 Microsoft Office System (KB2288931)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
    Security Update for 2007 Microsoft Office System (KB2345043)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
    Security Update for 2007 Microsoft Office System (KB2509488)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
    Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB976321)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
    Security Update for Microsoft Office 2007 System (KB2541012)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
    Security Update for Microsoft Office Excel 2007 (KB2541007)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
    Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
    Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    Security Update for Microsoft Office Word 2007 (KB2344993)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
    TomTom HOME 2.8.2.2264–>D:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    TomTom HOME Visual Studio Merge Modules–>MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
    Unlocker 1.9.0–>D:\Tools\Unlocker\uninst.exe
    Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office 2007 System (KB2539530)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
    Update for Microsoft Office OneNote 2007 (KB980729)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
    Update voor Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
    Update voor Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
    Verzoek of wijziging voorlopige aanslag 2011–>D:\Belastingdienst_Programma's_Div_Jaren\Verzoek of wijziging voorlopige aanslag\2011\va2011u.exe
    Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
    Windows Live Essentials–>C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
    Windows Live ID Sign-in Assistant–>MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
    Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
    Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
    Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
    Windows Live MIME IFilter–>MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
    Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
    Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
    Windows Live PIMT Platform–>MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
    Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
    Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
    Windows Live UX Platform Language Pack–>MsiExec.exe /I{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}
    Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
    Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
    Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
    Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Wireless Console 2–>C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly

    =====HijackThis Backups=====

    O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\utilities\a-squared Free\a2service.exe (file missing) [2010-10-21]
    O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - D:\Utilities\ClickClean\ClickClean.exe (file missing) [2011-05-15]

    ======System event log======

    Computer Name: Gerard-PC
    Event Code: 7036
    Message: De Windows Management Instrumentation-service heeft nu de status gestopt.
    Record Number: 10788
    Source Name: Service Control Manager
    Time Written: 20091120123252.098699-000
    Event Type: Informatie
    User:

    Computer Name: Gerard-PC
    Event Code: 7036
    Message: De Security Center-service heeft nu de status gestopt.
    Record Number: 10787
    Source Name: Service Control Manager
    Time Written: 20091120123252.020699-000
    Event Type: Informatie
    User:

    Computer Name: Gerard-PC
    Event Code: 7036
    Message: De Peer Name Resolution Protocol-service heeft nu de status gestopt.
    Record Number: 10786
    Source Name: Service Control Manager
    Time Written: 20091120123251.833499-000
    Event Type: Informatie
    User:

    Computer Name: Gerard-PC
    Event Code: 7036
    Message: De Windows Modules Installer-service heeft nu de status gestopt.
    Record Number: 10785
    Source Name: Service Control Manager
    Time Written: 20091120123251.817899-000
    Event Type: Informatie
    User:

    Computer Name: Gerard-PC
    Event Code: 7036
    Message: De Peer Networking Grouping-service heeft nu de status gestopt.
    Record Number: 10784
    Source Name: Service Control Manager
    Time Written: 20091120123251.817899-000
    Event Type: Informatie
    User:

    =====Application event log=====

    Computer Name: 37L4247D28-05
    Event Code: 1001
    Message: Foutbucket , type 0
    Naam van gebeurtenis: PnPDriverNotFound
    Antwoord: Niet beschikbaar
    Id van CAB-bestand: 0

    Handtekening van probleem:
    P1: x86
    P2: ACPI\ATK0100
    P3:
    P4:
    P5:
    P6:
    P7:
    P8:
    P9:
    P10:

    Bijgevoegde bestanden:
    C:\Windows\Temp\DMI8390.tmp.log.xml

    Deze bestanden zijn mogelijk hier beschikbaar:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_e3aed78fa5326e284d9379e9e532681a71d64aea_cab_07fd840d

    Analysesymbool:
    Opnieuw zoeken naar oplossing: 0nRapport-id: 2267fa39-c3f4-11de-bb6b-8d2c27b90db0
    Rapportstatus: 6
    Record Number: 5
    Source Name: Windows Error Reporting
    Time Written: 20091028190019.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247D28-05
    Event Code: 5617
    Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
    Record Number: 4
    Source Name: Microsoft-Windows-WMI
    Time Written: 20091028185945.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247D28-05
    Event Code: 5615
    Message: De Windows Management Instrumentation-service is gestart
    Record Number: 3
    Source Name: Microsoft-Windows-WMI
    Time Written: 20091028185942.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247D28-05
    Event Code: 1531
    Message: De User Profile-service is gestart.


    Record Number: 2
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20091028185938.923700-000
    Event Type: Informatie
    User: NT AUTHORITY\SYSTEM

    Computer Name: 37L4247D28-05
    Event Code: 4625
    Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
    Record Number: 1
    Source Name: Microsoft-Windows-EventSystem
    Time Written: 20091028185938.000000-000
    Event Type: Informatie
    User:

    =====Security event log=====

    Computer Name: 37L4247D28-05
    Event Code: 4672
    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 5
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091028185922.138071-000
    Event Type: Controle geslaagd
    User:

    Computer Name: 37L4247D28-05
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: 37L4247D28-05$
    Accountdomein: WORKGROUP
    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 5

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x1c4
    Naam proces: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Naam van werkstation:
    Netwerkadres van bron: -
    Poort van bron: -

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: Advapi
    Verificatiepakket: Negotiate
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 4
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091028185922.138071-000
    Event Type: Controle geslaagd
    User:

    Computer Name: 37L4247D28-05
    Event Code: 4902
    Message: De tabel voor controlebeleid per gebruiker is gemaakt.

    Aantal elementen: 0
    Beleids-id: 0x24d37
    Record Number: 3
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091028185915.773260-000
    Event Type: Controle geslaagd
    User:

    Computer Name: 37L4247D28-05
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-0-0
    Accountnaam: -
    Accountdomein: -
    Aanmeldings-id: 0x0

    Aanmeldingstype: 0

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x4
    Naam proces:

    Netwerkgegevens:
    Naam van werkstation: -
    Netwerkadres van bron: -
    Poort van bron: -

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: -
    Verificatiepakket: -
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 2
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091028185914.384857-000
    Event Type: Controle geslaagd
    User:

    Computer Name: 37L4247D28-05
    Event Code: 4608
    Message: Windows wordt opgestart.

    Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
    Record Number: 1
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091028185914.369257-000
    Event Type: Controle geslaagd
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Acronis\SnapAPI;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
    "NUMBER_OF_PROCESSORS"=2
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "asl.log"=Destination=file
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    —————–EOF—————–

    Logfile of random's system information tool 1.09 (written by random/random)
    Run by Gerard at 2011-08-08 17:31:13
    Microsoft Windows 7 Home Premium Service Pack 1
    System drive C: has 26 GB (43%) free of 62 GB
    Total RAM: 3071 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:31:19, on 8-8-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Gerard\Desktop\RSIT.exe
    D:\Tools\Trend Micro\HiJackThis\Gerard.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upclive.nl/?toolbar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Internet Toolbar - {3BE093E7-4650-438B-AC6F-C944C30F81AD} - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HTC Sync Loader] "D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted IP range: http://192.168.1.254
    O15 - ESC Trusted IP range: http://192.168.1.254
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    End of file - 6155 bytes

    =========Mozilla firefox=========

    ProfilePath - C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default

    prefs.js - "browser.search.useDBForOrder" - true
    prefs.js - "browser.startup.homepage" - "www.google.nl"
    prefs.js - "extensions.enabledItems" - "clickclean@hotcleaner.com:3.6.5.0, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, smarterwiki@wikiatic.com:4.1.8, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, ffxtlbr@Facemoods.com:1.2.0, {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71"
    prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p="

    "clickclean@hotcleaner.com"=D:\Utilities\ClickClean\clickclean
    "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 10.1 Plugin
    "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
    "Description"=iTunes Detector Plug-in
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
    "Description"=
    "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
    "Description"=Picasa3 plugin
    "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
    "Description"=
    "Path"=disabled

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\NitroPDF]
    "Description"=NitroPDF Web Browser Plugin
    "Path"=D:\Tools\Nitro PDF\Reader\npnitromozilla.dll

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd}

    C:\Program Files\Mozilla Firefox\components\
    binary.manifest
    browsercomps.dll
    nsIQTScriptablePlugin.xpt

    C:\Program Files\Mozilla Firefox\plugins\
    WMP Firefox Plugin License.rtf
    WMP Firefox Plugin RelNotes.txt

    C:\Program Files\Mozilla Firefox\searchplugins\
    bing.xml
    bolcom-nl.xml
    google.xml
    marktplaats-nl.xml
    vandale-nl.xml
    wikipedia-nl.xml

    C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\extensions\
    ietab@ip.cn
    {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    {b9db16a4-6edc-47ec-a1f4-b86292ed211d}

    C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\gcx7qehd.default\searchplugins\
    conduit.xml

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
    avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
    {3BE093E7-4650-438B-AC6F-C944C30F81AD} - Internet Toolbar - D:\Tools\Jaytown\Internet Toolbar\ChelloMediaShell.dll [2008-12-02 110592]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
    "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-13 5075776]
    "Acronis Scheduler2Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-11-13 357304]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]
    "HTC Sync Loader"=D:\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 593920]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"=D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    C:\Windows\RtHDVCpl.exe [2007-08-27 4702208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    C:\Windows\Skytel.exe [2007-08-03 1826816]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    D:\Program Files\TomTom HOME 2\TomTomHOME.exe [2011-04-22 104880]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    D:\Tools\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
    C:\PROGRA~1\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2010-03-15 172544]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gerard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
    C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2008-11-07 517384]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-13 203776]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "ConsentPromptBehaviorUser"=3
    "EnableLUA"=0
    "EnableUIADesktopToggle"=0
    "PromptOnSecureDesktop"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "VIDC.UYVY"=msyuv.dll
    "VIDC.YUY2"=msyuv.dll
    "VIDC.YVYU"=msyuv.dll
    "VIDC.IYUV"=iyuv_32.dll
    "vidc.i420"=iyuv_32.dll
    "VIDC.YVU9"=tsbyuv.dll
    "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
    "vidc.cvid"=iccvid.dll
    "MSVideo8"=VfWWDM32.dll
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv
    "msacm.divxa32"=msaud32_divx.acm
    "wave1"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "aux1"=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 month======

    2011-08-08 17:31:13 —-D—- C:\rsit
    2011-08-08 11:03:39 —-SHD—- C:\$RECYCLE.BIN
    2011-08-08 11:03:34 —-A—- C:\ComboFix.txt
    2011-08-08 10:53:51 —-A—- C:\Windows\zip.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\SWSC.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\SWREG.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\sed.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\PEV.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\NIRCMD.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\MBR.exe
    2011-08-08 10:53:51 —-A—- C:\Windows\grep.exe
    2011-08-08 10:53:45 —-D—- C:\Windows\ERDNT
    2011-08-08 10:53:44 —-D—- C:\ComboFix
    2011-08-08 10:53:42 —-D—- C:\Qoobox
    2011-08-07 21:34:18 —-A—- C:\TDSSKiller.2.5.14.0_07.08.2011_21.34.18_log.txt
    2011-08-07 21:21:37 —-A—- C:\TDSSKiller.2.5.14.0_07.08.2011_21.21.37_log.txt
    2011-07-31 20:05:56 —-D—- C:\Users\Gerard\AppData\Roaming\Spotify
    2011-07-29 15:03:56 —-D—- C:\Users\Gerard\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    2011-07-29 09:57:35 —-D—- C:\Users\Gerard\AppData\Roaming\NCH Software
    2011-07-26 17:01:36 —-D—- C:\Users\Gerard\AppData\Roaming\HTC
    2011-07-26 16:58:48 —-D—- C:\Program Files\Spirent Communications
    2011-07-26 16:58:22 —-D—- C:\Program Files\HTC
    2011-07-26 16:58:18 —-D—- C:\ProgramData\Adobe
    2011-07-26 16:58:18 —-D—- C:\Program Files\Common Files\Adobe AIR
    2011-07-23 20:53:49 —-D—- C:\Program Files\iPod
    2011-07-23 20:53:48 —-D—- C:\Program Files\iTunes
    2011-07-23 20:51:59 —-D—- C:\Program Files\Bonjour
    2011-07-23 20:45:17 —-D—- C:\Program Files\Apple Software Update
    2011-07-15 10:01:16 —-D—- C:\Windows\Prefetch
    2011-07-14 20:24:01 —-D—- C:\ProgramData\Atheros
    2011-07-14 16:53:09 —-D—- C:\Users\Gerard\AppData\Roaming\UPC Broadband Operations BV
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbuhci.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbport.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbohci.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbhub.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbehci.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbd.sys
    2011-07-14 15:03:05 —-A—- C:\Windows\system32\drivers\usbccgp.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\fsutil.exe
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\esent.dll
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\USBSTOR.SYS
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\storport.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\nvstor.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\nvraid.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\ntfs.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\iaStorV.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\amdxata.sys
    2011-07-14 15:03:01 —-A—- C:\Windows\system32\drivers\amdsata.sys
    2011-07-14 15:02:58 —-A—- C:\Windows\system32\drivers\BTHUSB.SYS
    2011-07-14 15:02:58 —-A—- C:\Windows\system32\drivers\bthport.sys
    2011-07-13 16:43:01 —-A—- C:\Windows\system32\tquery.dll
    2011-07-13 16:43:01 —-A—- C:\Windows\system32\mssrch.dll
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchProtocolHost.exe
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchIndexer.exe
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\SearchFilterHost.exe
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssvp.dll
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssphtb.dll
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\mssph.dll
    2011-07-13 16:43:00 —-A—- C:\Windows\system32\msscntrs.dll
    2011-07-13 16:42:56 —-A—- C:\Windows\system32\umpnpmgr.dll
    2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-13 16:42:55 —-AH—- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-13 16:42:55 —-A—- C:\Windows\system32\KernelBase.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-13 16:42:54 —-AH—- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-13 16:42:52 —-A—- C:\Windows\system32\kernel32.dll
    2011-07-13 16:42:51 —-A—- C:\Windows\system32\winsrv.dll
    2011-07-13 16:42:51 —-A—- C:\Windows\system32\conhost.exe
    2011-07-13 16:42:49 —-A—- C:\Windows\system32\win32k.sys
    2011-07-12 11:20:54 —-A—- C:\Windows\system32\jdns_sd.dll
    2011-07-12 11:20:54 —-A—- C:\Windows\system32\dnssdX.dll
    2011-07-12 11:20:54 —-A—- C:\Windows\system32\dns-sd.exe
    2011-07-12 11:20:54 —-A—- C:\Windows\system32\dnssd.dll

    ======List of files/folders modified in the last 1 month======

    2011-08-08 17:31:16 —-D—- C:\Windows\Temp
    2011-08-08 17:18:02 —-D—- C:\Windows\system32\config
    2011-08-08 17:09:24 —-D—- C:\Windows\System32
    2011-08-08 17:09:24 —-D—- C:\Windows\inf
    2011-08-08 17:09:24 —-A—- C:\Windows\system32\PerfStringBackup.INI
    2011-08-08 17:04:32 —-D—- C:\Windows
    2011-08-08 11:02:43 —-D—- C:\Windows\system32\Tasks
    2011-08-08 11:02:38 —-D—- C:\Windows\Tasks
    2011-08-08 11:01:20 —-A—- C:\Windows\system.ini
    2011-08-08 11:01:14 —-D—- C:\Windows\system32\drivers\etc
    2011-08-08 10:58:12 —-D—- C:\Windows\system32\drivers
    2011-08-08 10:58:11 —-D—- C:\Windows\AppPatch
    2011-08-08 10:58:10 —-D—- C:\Program Files\Common Files
    2011-08-08 10:54:06 —-SHD—- C:\System Volume Information
    2011-08-07 21:30:44 —-RD—- C:\Program Files
    2011-08-07 18:11:51 —-D—- C:\Windows\Downloaded Program Files
    2011-08-06 13:18:44 —-D—- C:\Windows\system32\NDF
    2011-08-04 13:18:01 —-D—- C:\Windows\debug
    2011-08-04 09:43:51 —-D—- C:\Windows\system32\wfp
    2011-08-04 09:43:49 —-D—- C:\Windows\system32\wbem
    2011-08-04 09:43:01 —-D—- C:\Windows\system32\DriverStore
    2011-08-04 09:43:01 —-D—- C:\Windows\system32\catroot2
    2011-08-04 09:43:01 —-D—- C:\Users\Gerard\AppData\Roaming\GHISLER
    2011-08-04 09:43:00 —-D—- C:\Windows\system32\CodeIntegrity
    2011-08-04 09:42:58 —-D—- C:\Windows\AppCompat
    2011-08-04 09:42:55 —-D—- C:\Windows\registration
    2011-08-03 20:41:33 —-D—- C:\Users\Gerard\AppData\Roaming\Ashampoo
    2011-07-30 13:52:43 —-SD—- C:\Users\Gerard\AppData\Roaming\Microsoft
    2011-07-29 15:55:13 —-D—- C:\Windows\system32\catroot
    2011-07-29 15:55:07 —-SHD—- C:\Windows\Installer
    2011-07-29 15:55:07 —-D—- C:\Config.Msi
    2011-07-29 15:55:03 —-D—- C:\Windows\winsxs
    2011-07-29 15:00:38 —-D—- C:\Users\Gerard\AppData\Roaming\Adobe
    2011-07-29 10:21:40 —-D—- C:\Users\Gerard\AppData\Roaming\Vso
    2011-07-26 16:58:18 —-D—- C:\ProgramData
    2011-07-26 16:58:18 —-D—- C:\Program Files\Adobe
    2011-07-26 16:58:00 —-D—- C:\Program Files\MSXML 4.0
    2011-07-24 21:52:42 —-D—- C:\Program Files\Microsoft Office
    2011-07-24 17:34:37 —-D—- C:\Windows\rescache
    2011-07-23 20:53:49 —-D—- C:\Program Files\Common Files\Apple
    2011-07-23 20:53:01 —-D—- C:\Windows\SoftwareDistribution
    2011-07-20 20:30:17 —-D—- C:\Program Files\Mozilla Thunderbird
    2011-07-20 16:11:15 —-D—- C:\ProgramData\Microsoft Help
    2011-07-18 13:26:01 —-D—- C:\Users\Gerard\AppData\Roaming\FrostWire
    2011-07-15 11:10:58 —-D—- C:\Boot
    2011-07-15 10:12:44 —-D—- C:\Windows\system32\nl-NL
    2011-07-14 21:45:04 —-D—- C:\Users\Gerard\AppData\Roaming\Macromedia
    2011-07-14 21:40:55 —-D—- C:\Windows\Microsoft.NET
    2011-07-14 21:40:54 —-RSD—- C:\Windows\assembly
    2011-07-14 09:34:16 —-RSD—- C:\Windows\Fonts
    2011-07-14 09:16:49 —-A—- C:\Windows\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
    R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2009-12-08 157248]
    R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255); C:\Windows\system32\DRIVERS\tdrpm255.sys [2009-12-08 911552]
    R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-12-08 570016]
    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
    R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
    R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
    R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
    R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2009-12-08 159296]
    R3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros; C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-14 47104]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-28 1951000]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
    R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
    R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
    R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
    R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
    S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
    S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
    S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
    S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
    S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
    S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
    S3 catchme;catchme; \??\C:\Users\Gerard\AppData\Local\Temp\catchme.sys []
    S3 cpuz131;cpuz131; \??\C:\Users\Gerard\AppData\Local\Temp\cpuz131\cpuz_x32.sys []
    S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
    S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
    S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-14 657408]
    S3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 2222080]
    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
    S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
    S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
    S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-12-04 23600]
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
    S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
    S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-11-13 660432]
    R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-08 2475952]
    R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
    R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
    R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
    R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; D:\Tools\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
    R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
    R2 TomTomHOMEService;TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1343400]
    S4 MBAMService;MBAMService; D:\Tools\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

    —————–EOF—————–
  • Hoi Gerard, dat notebook van jouw, is deze met Windows 7 gekomen of heb jijzelf Windows 7 erin gezet?

    Wat is overigens het merk en de typeaanduiding van jouw notebook?
  • Abraham,
    Mijn Asus laptop is ruim 2 1/2 jaar oud en is gekocht met Windows Vista. Ik heb echter gelijk in oktober 2009 toen W7 uitkwam deze gekocht en een nieuwe installatie uitgevoerd. Dus de C partitie geformatteerd.

    De volledige naam van het apparaat is: ASUS X56SN-AP124C.
  • Welke Biosversie heeft jouw notebook?

    Versie 305 is laatste versie.

    http://support.asus.com/Download.aspx?SLanguage=en&m=X56SN&p=3&s=145
  • Ik heb ook versie 305.
  • Windows 8 heeft een klein probleempje in jouw notebook, omdat er niet helemaal goed met het bios gecommuniceerd kan worden door Windows.[code:1:256a37a13d]Event Code: 1001
    Message: Foutbucket , type 0
    Naam van gebeurtenis: PnPDriverNotFound
    Antwoord: Niet beschikbaar
    Id van CAB-bestand: 0

    Handtekening van probleem:
    P1: x86
    P2: ACPI\ATK0100
    P3:
    P4:
    P5:
    P6:
    P7:
    P8:
    P9:
    P10:

    Bijgevoegde bestanden:
    C:\Windows\Temp\DMI8390.tmp.log.xml

    Deze bestanden zijn mogelijk hier beschikbaar:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_e3aed78fa5326e284d9379e9e532681a71d64aea_cab_07fd840d
    [/code:1:256a37a13d]
    En doe het volgende:

    Download [b:256a37a13d]

    naar je [b:256a37a13d]Bureaublad[/b:256a37a13d].
    Platform:
    Windows 2000 Professional (Service Pack 4 or higher)
    Windows XP (Service Pack 2 or higher)
    Windows Vista (32-Bit)
    Windows 7

    Start op in veilige Modus.

    Weet je niet hoe in Veilige modus op te starten kijk dan hier: http://www.nationaalcomputerforum.nl/showthread.php?t=27396


    Dubbelklik op het installatie bestand om het programma te installeren.

    Zorg ervoor dat de volgende items zijn aangevinkt[list:256a37a13d][*:256a37a13d]Hidden startup objects[*:256a37a13d]System memory[*:256a37a13d]Disk boot sectors[list:256a37a13d][*:256a37a13d]Deze Computer

    [*:256a37a13d]De schijf waar Windows is geïnstalleerd[*:256a37a13d]Alle verwisselbare schijven[/list:u:256a37a13d]
    Klik: [b:256a37a13d]Start scan[/b:256a37a13d][/list:u:256a37a13d]

    Wanneer de scanner blijft hangen bij C:\Program Files\Malwarebytes Anti-Malware\[b:256a37a13d]mbamext.dll[/b:256a37a13d]
    Stop dan vervolgens de scanner!
    Verwijder nu via Software [b:256a37a13d]Malwarebytes Anti-Malware[/b:256a37a13d] en start de PC [b:256a37a13d]NIET[/b:256a37a13d] opnieuw op
    Start de scanner weer en kies “[b:256a37a13d]Resume scan[/b:256a37a13d]”

    Bij een Infectie word door middel van een Pop-Up aangegeven wat te doen
    “[b:256a37a13d]Disinfect[/b:256a37a13d] (recommended)” en/of “[b:256a37a13d]Delete[/b:256a37a13d] (recommended)”

    Klik aan het eind van de scan op “Report”
    Klik op het plus([b:256a37a13d]+[/b:256a37a13d]) teken voor Autoscan
    Rechtermuisklik >>kies “select all” dan
    Rechtermuisklik >>kies “Copy”
    Ga via Start\Programma’s\Bureau accesoires naar Kladblok(Editor)
    Rechtermuisklik >>kies “Plakken”
    Geef het tekstbestandje een naam b.v [b:256a37a13d]kav.txt [/b:256a37a13d]en sla het op je Bureaublad op
    Sluit AVP en er komt de volgende vraag,klik [b:256a37a13d]Yes[/b:256a37a13d]
    Post de inhoud van het logje in je volgende bericht.


    [b:256a37a13d]Deaktiveer de aanwezige antivirussoftware - de scan kan lang duren dus heb geduld.[/b:256a37a13d]
  • Abraham,

    Het heeft even geduurd maar ik had vandaag andere zaken dus geen computer…

    Ik heb even een vraagje: heb je die code alleen opgeschreven om duidelijk te maken waar de fout zit? Ik vond ze nl. terug in mijn logje. Die bestanden staan overigens niet in de genoemde mappen.

    Verder vraag ik mij het volgende af. De laptop heeft 1 jaar en 8 maanden probleemloos gedraaid op W7, alleen de laatste weken gaat het mis. Had zich dit euvel dan niet eerder moeten manifesteren of is dit een min of meer toevallig ontdekte onvolkomenheid?

    Begrijp ik goed dat ik alleen de Kaspersky Tool moet gebruiken?
  • [quote:8cbb643fda="gerardb"]Abraham,

    Het heeft even geduurd maar ik had vandaag andere zaken dus geen computer…

    Ik heb even een vraagje: heb je die code alleen opgeschreven om duidelijk te maken waar de fout zit? Ik vond ze nl. terug in mijn logje. Die bestanden staan overigens niet in de genoemde mappen.

    Verder vraag ik mij het volgende af. De laptop heeft 1 jaar en 8 maanden probleemloos gedraaid op W7, alleen de laatste weken gaat het mis. Had zich dit euvel dan niet eerder moeten manifesteren of is dit een min of meer toevallig ontdekte onvolkomenheid?

    Begrijp ik goed dat ik alleen de Kaspersky Tool moet gebruiken?[/quote:8cbb643fda]


    Heb deze inmiddels gedraaid, ruim 2 uur duurde het. Ik kan helaas geen logje meesturen want de mogelijkheid om op 'Report' was bij mij nergens te bekennen. Ik kreeg wel de melding "No treats found" dus ik neem aan dat er geen bijzonders was.
  • Die code geeft enkel aan dat Windows 7 een klein probleempje heeft in de samenwerking met het bios.
    Dat doet normaal gesproken verder niks af aan de goede werking van Windows 7 en heeft niks met je huidige problemen te maken.

    En doe nu de scan met dat specialistiche Kapserky tool.
  • Ok, bedankt.

    In de quote schreef ik reeds dat ik Kaspersky gedraaid heb maar dat de optie 'Report' niet te vinden was. Kon dus geen log opslaan. Doe ik iets verkeerd?
  • Een vraag: doen de "bevriezingsverschijnselen" zich nog steeds voor?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.