Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Windows 7 -> Harde schijf blijft maar ratelen

Anoniem
None
4 antwoorden
  • Hallo,
    Sinds enkele dagen (weken?) is mijn laptop traag geworden, en ik merk dat de harde schijf continue actief is.
    Indexeren staat uit, dus daar kan het niet aan liggen.
    Heeft iemand een idee?

    Ik heb de volgende programma's laten lopen:
    MBAM, DDS en GMER.
    Logjes staan hieronder.
    Alvast bedankt !

    *************** MBAM ***************
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.04.05.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jan :: JAN-PC [administrator]

    5-4-2012 19:07:24
    mbam-log-2012-04-05 (19-07-24).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 206596
    Verstreken tijd: 24 minuut/minuten, 42 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    ************ DDS ***************
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Jan at 6:58:24,19 on vr 06-04-2012
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3070.1657 [GMT 2:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Windows\Explorer.EXE
    c:\xampp\apache\bin\apache.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Allway Sync\Bin\SyncService.exe
    c:\xampp\mysql\bin\mysqld-nt.exe
    C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\dllhost.exe
    C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\xampp\apache\bin\apache.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\msdtc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Belgium Identity Card\beid35gui.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\3aoxtd86.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uStart Page = hxxp://www.google.be/
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant =
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files
    uance\pdf professional 6\bin\PlusIEContextMenu.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [AdobeBridge]
    uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
    mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: UseOEMBackground = 0 (0x0)
    mPolicies-system: DisplayLastLogonInfo = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Verzenden naar OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF-bestand - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Openen in PDF Professional 6 - c:\program files
    uance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Openen met Nuance PDF Converter 6.0 - c:\program files
    uance\pdf professional 6\cnvres_dut.dll /100
    IE: PDF-bestand maken - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: PDF-bestand maken van koppelingsinhoud - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: PDF-bestanden maken van geselecteerde koppelingen - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: Toevoegen aan bestaand PDF-bestand - c:\program files
    uance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jan\appdata\roaming\mozilla\firefox\profiles\3aoxtd86.default\
    FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air
    ppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\google\picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.111
    pGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin
    ew_plugin
    pdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0
    pctrlui.dll
    FF - plugin: c:\program files\microsoft\office live
    pOLW.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins
    pdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins
    picaN.dll
    FF - plugin: c:\program files
    uance\pdf professional 6\bin
    ppdf.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

    ============= SERVICES / DRIVERS ===============

    R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-1-14 63104]
    R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-1-14 25216]
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-1-16 609984]
    R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [2011-8-25 453752]
    R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-9-14 77696]
    R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-19 126144]
    R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2011-11-19 84544]
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-3-1 74832]
    R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-12-6 90704]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-1-14 81920]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-11-19 3450832]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-1-14 176128]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-6-14 17408]
    R2 BotkindSyncService;Botkind Service;c:\program files\allway sync\bin\syncservice.exe service –> c:\program files\allway sync\bin\SyncService.exe service [?]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
    R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers
    pf_devolo.sys [2009-7-13 35840]
    R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files
    uance\pdf professional 6\PDFProFiltSrv.exe [2009-8-25 134944]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-14 1153368]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-12-14 5120]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168]
    R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-11-10 5890144]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-2-8 50128]
    R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-12-15 37632]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-11-19 234752]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-1-14 5586432]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-1-14 209920]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-7-15 240184]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-7-15 446696]
    R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-3-5 516152]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 59904]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-14 257568]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-1-14 30392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update-service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-24 136176]
    S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-24 136176]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 reparse;reparse;c:\windows\system32\drivers\cbreparse.sys [2011-8-25 440832]
    S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-7-22 307544]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-7-19 82736]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-21 1343400]
    S4 COSService.exe;Comodo Online Storage Service;c:\program files\comodo\comodo backup\COSService.exe [2011-6-2 579888]
    S4 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2011-6-2 1359664]

    =============== Created Last 30 ================

    2012-04-04 19:23:53 0 d—–w- c:\windows\Downloaded Program Files
    2012-03-31 14:17:17 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-31 14:08:39 0 d—–w- c:\program files\iPod
    2012-03-22 19:12:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
    2012-03-14 21:48:03 3968368 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-03-14 21:48:02 3913584 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-03-14 06:32:52 2343424 —-a-w- c:\windows\system32\win32k.sys
    2012-03-14 06:32:50 1077248 —-a-w- c:\windows\system32\DWrite.dll
    2012-03-14 06:32:17 8192 —-a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 06:32:17 58880 —-a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 06:32:17 129536 —-a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 06:32:15 826880 —-a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 06:32:14 24576 —-a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-14 06:32:14 183808 —-a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-11 08:39:09 0 d—–w- c:\program files\iTunes
    2012-03-10 14:16:35 0 d—–w- c:\programdata\Freemake

    ==================== Find3M ====================

    2012-02-15 10:01:50 4547944 —-a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 10:01:50 43520 —-a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-02-08 17:08:01 63056 —-a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-02-08 17:07:54 360976 —-a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-02-08 17:07:38 609984 —-a-w- c:\windows\system32\drivers\avc3.sys
    2012-02-08 17:07:29 446696 —-a-w- c:\windows\system32\drivers\avckf.sys
    2010-11-16 11:49:24 148195 —-a-w- c:\program files\common files\BookViewer.xap
    2010-06-27 01:49:20 330400 —-a-w- c:\program files\common files\MediaOrganizer.dll
    2010-06-27 01:45:16 31392 —-a-w- c:\program files\common files\FlickrProvider.dll
    2010-06-27 01:45:02 401056 —-a-w- c:\program files\common files\facebook.dll
    2010-06-27 01:45:00 128672 —-a-w- c:\program files\common files\PluginCommon.dll
    2010-06-27 01:44:44 463520 —-a-w- c:\program files\common files\AppFramework.dll
    2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 –sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
    2010-10-23 07:21:38 16384 –sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-10-23 10:01:37 32768 –sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-10-23 10:01:37 16384 –sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-10-23 10:01:37 16384 –sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-10-23 10:01:37 32768 –sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2011-06-04 15:08:12 16384 –sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-08-14 11:25:12 262144 –sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-10-23 07:21:37 16384 –sha-w- c:\windows\serviceprofiles
    etworkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-10-23 07:21:37 32768 –sha-w- c:\windows\serviceprofiles
    etworkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-10-23 07:21:37 16384 –sha-w- c:\windows\serviceprofiles
    etworkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-08-14 11:25:12 262144 –sha-w- c:\windows\serviceprofiles
    etworkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

    ============= FINISH: 6:59:45,67 ===============

    **********GMER *****************
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-06 06:57:29
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006f WDC_WD50 rev.02.0
    Running: gmer.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys


    —- System - GMER 1.0.15 —-

    SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8BCC4000

    —- Kernel code sections - GMER 1.0.15 —-

    .text ntkrnlpa.exe!ZwSaveKey + 13C1 8304E3D9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83087D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, …] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92613000, 0x2FBAB4, 0xE8000020]
    .text msvcrt.dll!_lock + 29 773AA472 5 Bytes [E9, 5A, C1, 96, FC] {JMP 0xfffffffffc96c15f}
    .text msvcrt.dll!__p__fmode 773B27CE 5 Bytes [E9, 1E, F7, 95, FC] {JMP 0xfffffffffc95f723}
    .text msvcrt.dll!__p__environ 773BE6CF 5 Bytes [E9, 8D, 37, 95, FC] {JMP 0xfffffffffc953792}
    .text kernel32.dll!GetStartupInfoA 75A41E10 5 Bytes [E9, 8C, 02, 2D, FE] {JMP 0xfffffffffe2d0291}
    .text kernel32.dll!CreateProcessA 75A42082 5 Bytes [E9, EA, 0B, 2D, FE] {JMP 0xfffffffffe2d0bef}
    .text kernel32.dll!CopyFileExW 75A7B238 5 Bytes [E9, 64, 65, 29, FE] {JMP 0xfffffffffe296569}
    .text kernel32.dll!CreateToolhelp32Snapshot 75A7FCE1 5 Bytes [E9, BB, 2C, 29, FE] {JMP 0xfffffffffe292cc0}
    .text kernel32.dll!Process32NextW 75A8007A 5 Bytes [E9, 62, 61, 29, FE] {JMP 0xfffffffffe296167}
    .text kernel32.dll!MoveFileWithProgressW 75A88D8C 5 Bytes [E9, 50, 8C, 28, FE] {JMP 0xfffffffffe288c55}
    .text kernel32.dll!LoadLibraryA 75A8DC65 5 Bytes [E9, 17, 4C, 28, FE] {JMP 0xfffffffffe284c1c}
    .text kernel32.dll!CreateProcessInternalW 75A907A2 5 Bytes [E9, 6A, 2A, 28, FE] {JMP 0xfffffffffe282a6f}
    .text kernel32.dll!ReadConsoleW 75AA26BE 5 Bytes [E9, 5E, 22, 27, FE] {JMP 0xfffffffffe272263}
    .text kernel32.dll!WinExec 75ACEDB2 5 Bytes [E9, 9A, 3D, 24, FE] {JMP 0xfffffffffe243d9f}
    .text kernel32.dll!ReadConsoleA 75AEC938 5 Bytes [E9, C4, 7E, 22, FE] {JMP 0xfffffffffe227ec9}
    .text kernel32.dll!ReadConsoleInputA 75AED05F 5 Bytes [E9, 5D, 75, 22, FE] {JMP 0xfffffffffe227562}
    .text kernel32.dll!ReadConsoleInputW 75AED082 5 Bytes [E9, 5A, 76, 22, FE] {JMP 0xfffffffffe22765f}
    .text user32.dll!FindWindowExA 75876F69 5 Bytes [E9, 33, F0, 49, FE] {JMP 0xfffffffffe49f038}
    .text user32.dll!FindWindowA 75878FF3 5 Bytes [E9, 19, CF, 49, FE] {JMP 0xfffffffffe49cf1e}
    .text user32.dll!CallNextHookEx 7587ABE1 5 Bytes [E9, EB, 9E, 49, FE] {JMP 0xfffffffffe499ef0}
    .text user32.dll!UnhookWindowsHookEx 7587ADF9 5 Bytes [E9, 63, 9D, 49, FE] {JMP 0xfffffffffe499d68}
    .text user32.dll!FindWindowW 7587AE0D 5 Bytes [E9, 1F, B2, 49, FE] {JMP 0xfffffffffe49b224}
    .text user32.dll!PostMessageA 7587B446 5 Bytes [E9, D6, AF, 49, FE] {JMP 0xfffffffffe49afdb}
    .text user32.dll!CreateWindowExA 7587BF40 5 Bytes [E9, 5C, 97, 49, FE] {JMP 0xfffffffffe499761}
    .text user32.dll!SetWindowsHookExW 7587E30C 5 Bytes [E9, 10, 4B, 49, FE] {JMP 0xfffffffffe494b15}
    .text user32.dll!CreateWindowExW 7587EC7C 5 Bytes [E9, 90, 69, 49, FE] {JMP 0xfffffffffe496995}
    .text user32.dll!ShowWindow 7587F2A9 5 Bytes [E9, 83, 64, 49, FE] {JMP 0xfffffffffe496488}
    .text user32.dll!GetMessageA 75881899 5 Bytes [E9, 53, 2A, 49, FE] {JMP 0xfffffffffe492a58}
    .text user32.dll!PeekMessageA 758819A5 5 Bytes [E9, 67, 2A, 49, FE] {JMP 0xfffffffffe492a6c}
    .text user32.dll!PostMessageW 7588447B 5 Bytes [E9, 31, 20, 49, FE] {JMP 0xfffffffffe492036}
    .text user32.dll!SetWindowTextW 7588612B 5 Bytes [E9, 61, F9, 48, FE] {JMP 0xfffffffffe48f966}
    .text user32.dll!PeekMessageW 7588634A 5 Bytes [E9, 52, E1, 48, FE] {JMP 0xfffffffffe48e157}
    .text user32.dll!GetMessageW 7588CDE8 5 Bytes [E9, 94, 75, 48, FE] {JMP 0xfffffffffe487599}
    .text user32.dll!UserClientDllInitialize 7588D711 5 Bytes [E9, 4B, 8F, 48, FE] {JMP 0xfffffffffe488f50}
    .text user32.dll!SetWindowTextA 758A0C5B 5 Bytes [E9, A1, 4D, 47, FE] {JMP 0xfffffffffe474da6}
    .text user32.dll!DialogBoxIndirectParamAorW 758A3B40 5 Bytes [E9, 0C, 1D, 47, FE] {JMP 0xfffffffffe471d11}
    .text user32.dll!CreateDialogIndirectParamAorW 758A5327 5 Bytes [E9, 95, 04, 47, FE] {JMP 0xfffffffffe47049a}
    .text user32.dll!SetWindowsHookExA 758A6D0C 5 Bytes [E9, 80, C0, 46, FE] {JMP 0xfffffffffe46c085}
    .text user32.dll!FindWindowExW 758A712B 5 Bytes [E9, 91, EF, 46, FE] {JMP 0xfffffffffe46ef96}
    .text user32.dll!MessageBoxExA 758CE9C9 5 Bytes [E9, 13, 6F, 44, FE] {JMP 0xfffffffffe446f18}
    .text user32.dll!MessageBoxExW 758CE9ED 5 Bytes [E9, 7F, 6F, 44, FE] {JMP 0xfffffffffe446f84}
    .text advapi32.dll!OpenServiceW 7570CA4C 5 Bytes [E9, E0, 71, 60, FE] {JMP 0xfffffffffe6071e5}
    .text advapi32.dll!OpenServiceA 75712BF0 5 Bytes [E9, AC, 0F, 60, FE] {JMP 0xfffffffffe600fb1}
    .text advapi32.dll!CloseServiceHandle 7571369C 5 Bytes [E9, 80, 09, 60, FE] {JMP 0xfffffffffe600985}
    .text advapi32.dll!RegOpenKeyExA + DE 757149E5 5 Bytes [E9, 57, 1B, 60, FE] {JMP 0xfffffffffe601b5c}
    .text advapi32.dll!CreateServiceW 7572712C 5 Bytes [E9, 30, D1, 5E, FE] {JMP 0xfffffffffe5ed135}
    .text advapi32.dll!ControlService 75727144 5 Bytes [E9, 98, CC, 5E, FE] {JMP 0xfffffffffe5ecc9d}
    .text advapi32.dll!DeleteService 7572715C 5 Bytes [E9, 10, CD, 5E, FE] {JMP 0xfffffffffe5ecd15}
    .text advapi32.dll!ChangeServiceConfigA 757430E8 5 Bytes [E9, 14, 0E, 5D, FE] {JMP 0xfffffffffe5d0e19}
    .text advapi32.dll!ChangeServiceConfigW 757430F8 5 Bytes [E9, 94, 0E, 5D, FE] {JMP 0xfffffffffe5d0e99}
    .text advapi32.dll!ControlServiceExA 75743108 5 Bytes [E9, B4, 0B, 5D, FE] {JMP 0xfffffffffe5d0bb9}
    .text advapi32.dll!ControlServiceExW 75743118 5 Bytes [E9, 34, 0C, 5D, FE] {JMP 0xfffffffffe5d0c39}
    .text advapi32.dll!CreateServiceA 75743158 5 Bytes [E9, 74, 10, 5D, FE] {JMP 0xfffffffffe5d1079}
    .text KernelBase.dll!Sleep 756A1809 5 Bytes [E9, C3, 0E, 67, FE] {JMP 0xfffffffffe670ec8}
    .text KernelBase.dll!SleepEx 756A1821 5 Bytes [E9, FB, 0C, 67, FE] {JMP 0xfffffffffe670d00}
    .text KernelBase.dll!CloseHandle 756A6B71 5 Bytes [E9, 9B, CF, 66, FE] {JMP 0xfffffffffe66cfa0}
    .text KernelBase.dll!GetProcAddress 756A6C81 5 Bytes [E9, DB, BA, 66, FE] {JMP 0xfffffffffe66bae0}
    .text KernelBase.dll!GetSystemTimeAsFileTime 756A77B5 5 Bytes [E9, 87, A5, 66, FE] {JMP 0xfffffffffe66a58c}
    .text KernelBase.dll!GetModuleHandleW 756A897B 5 Bytes [E9, 31, 93, 66, FE] {JMP 0xfffffffffe669336}
    .text KernelBase.dll!GetModuleHandleA 756A8A58 5 Bytes [E9, C4, 91, 66, FE] {JMP 0xfffffffffe6691c9}
    .text KernelBase.dll!FreeLibrary 756A8A9A 5 Bytes [E9, E2, D3, 66, FE] {JMP 0xfffffffffe66d3e7}
    .text KernelBase.dll!OpenMutexW 756A8F01 5 Bytes [E9, EB, AA, 66, FE] {JMP 0xfffffffffe66aaf0}
    .text KernelBase.dll!LoadLibraryExA 756A8FBE 5 Bytes [E9, 9E, CD, 66, FE] {JMP 0xfffffffffe66cda3}
    .text KernelBase.dll!CreateMutexW 756AAD15 5 Bytes [E9, 67, 8D, 66, FE] {JMP 0xfffffffffe668d6c}
    .text KernelBase.dll!LoadLibraryExW 756AB4C8 5 Bytes [E9, 24, A9, 66, FE] {JMP 0xfffffffffe66a929}
    .text KernelBase.dll!GetStartupInfoW 756B1AD7 5 Bytes [E9, 55, 06, 66, FE] {JMP 0xfffffffffe66065a}
    .text KernelBase.dll!WriteProcessMemory 756C44CF 5 Bytes [E9, 2D, F1, 64, FE] {JMP 0xfffffffffe64f132}
    .text KernelBase.dll!ExitProcess 756D378E 5 Bytes [E9, AE, EE, 63, FE] {JMP 0xfffffffffe63eeb3}
    .text KernelBase.dll!CreateThread 756D3EAA 5 Bytes [E9, C2, F6, 63, FE] {JMP 0xfffffffffe63f6c7}
    .text KernelBase.dll!CreateRemoteThread 756D3ED3 5 Bytes [E9, D9, EF, 63, FE] {JMP 0xfffffffffe63efde}
    .text KernelBase.dll!CreateFileA 756D62D1 5 Bytes [E9, 5B, C7, 63, FE] {JMP 0xfffffffffe63c760}

    —- User code sections - GMER 1.0.15 —-

    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtClose + 5 772A54CD 5 Bytes JMP 73D16271
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateFile + 5 772A55CD 5 Bytes JMP 73D121C1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateProcess + 5 772A569D 5 Bytes JMP 73D13061
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateProcessEx + 5 772A56AD 5 Bytes JMP 73D130F1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateThread + 5 772A571D 5 Bytes JMP 73D12FD1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtCreateThreadEx + 5 772A572D 5 Bytes JMP 73D12F41
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtDuplicateObject + 5 772A589D 5 Bytes JMP 73D134E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtMapViewOfSection + 5 772A5C2D 5 Bytes JMP 73D115F1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtOpenProcess + 5 772A5D8D 5 Bytes JMP 73D133C1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtQueueApcThread + 5 772A627D 5 Bytes JMP 73D13451
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtRaiseHardError + 5 772A62AD 5 Bytes JMP 73D149B1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetContextThread + 5 772A656D 5 Bytes JMP 73D13331
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetInformationProcess + 5 772A667D 5 Bytes JMP 73D15CD1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtSetValueKey + 5 772A680D 5 Bytes JMP 73D125B1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtTerminateProcess + 5 772A68CD 5 Bytes JMP 73D15C41
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtUnmapViewOfSection + 5 772A69BD 5 Bytes JMP 73D11681
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtVdmControl + 5 772A69CD 5 Bytes JMP 73D16301
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!NtWriteVirtualMemory + 5 772A6A9D 5 Bytes JMP 73D132A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlQueryPerformanceCounter 772B30CF 5 Bytes JMP 73D11DD1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlCreateProcessParametersEx 772C6EB9 5 Bytes JMP 73D122E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlReportException 77305F99 5 Bytes JMP 73D14A41
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ntdll.dll!RtlCreateProcessParameters 773098E2 5 Bytes JMP 73D12251
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!GetStartupInfoA 75A41E10 5 Bytes JMP 73D120A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateProcessA 75A42082 5 Bytes JMP 73D12C71
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CopyFileExW 75A7B238 5 Bytes JMP 73D117A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateToolhelp32Snapshot 75A7FCE1 5 Bytes JMP 73D129A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!Process32NextW 75A8007A 5 Bytes JMP 73D161E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!MoveFileWithProgressW 75A88D8C 5 Bytes JMP 73D119E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!LoadLibraryA 75A8DC65 5 Bytes JMP 73D12881
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!CreateProcessInternalW 75A907A2 5 Bytes JMP 73D13211
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleW 75AA26BE 5 Bytes JMP 73D14921
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!WinExec 75ACEDB2 5 Bytes JMP 73D12B51
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleA 75AEC938 5 Bytes JMP 73D14801
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleInputA 75AED05F 5 Bytes JMP 73D145C1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] kernel32.dll!ReadConsoleInputW 75AED082 5 Bytes JMP 73D146E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!_lock + 29 773AA472 5 Bytes JMP 73D164B1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!__p__fmode 773B27CE 5 Bytes JMP 73D11EF1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] msvcrt.dll!__p__environ 773BE6CF 5 Bytes JMP 73D11E61
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowExA 75876F69 5 Bytes JMP 73D15FA1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowA 75878FF3 5 Bytes JMP 73D15F11
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CallNextHookEx 7587ABE1 5 Bytes JMP 73D14AD1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!UnhookWindowsHookEx 7587ADF9 5 Bytes JMP 73D14B61
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowW 7587AE0D 5 Bytes JMP 73D16031
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PostMessageA 7587B446 5 Bytes JMP 73D16391
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateWindowExA 7587BF40 5 Bytes JMP 73D156A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowsHookExW 7587E30C 5 Bytes JMP 73D12E21
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateWindowExW 7587EC7C 5 Bytes JMP 73D15611
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!ShowWindow 7587F2A9 5 Bytes JMP 73D15731
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!GetMessageA 75881899 5 Bytes JMP 73D142F1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PeekMessageA 758819A5 5 Bytes JMP 73D14411
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PostMessageW 7588447B 5 Bytes JMP 73D16421
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowTextW 7588612B 5 Bytes JMP 73D15A91
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!PeekMessageW 7588634A 5 Bytes JMP 73D144A1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!GetMessageW 7588CDE8 5 Bytes JMP 73D14381
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!UserClientDllInitialize 7588D711 5 Bytes JMP 73D16541
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowTextA 758A0C5B 5 Bytes JMP 73D15A01
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!DialogBoxIndirectParamAorW 758A3B40 5 Bytes JMP 73D15851
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!CreateDialogIndirectParamAorW 758A5327 5 Bytes JMP 73D157C1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!SetWindowsHookExA 758A6D0C 5 Bytes JMP 73D12D91
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!FindWindowExW 758A712B 5 Bytes JMP 73D160C1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!MessageBoxExA 758CE9C9 5 Bytes JMP 73D158E1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] USER32.dll!MessageBoxExW 758CE9ED 5 Bytes JMP 73D15971
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!OpenServiceW 7570CA4C 5 Bytes JMP 73D13C31
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!OpenServiceA 75712BF0 5 Bytes JMP 73D13BA1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CloseServiceHandle 7571369C 5 Bytes JMP 73D14021
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!RegOpenKeyExA + DE 757149E5 5 Bytes JMP 73D165D1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CreateServiceW 7572712C 5 Bytes JMP 73D14261
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlService 75727144 5 Bytes JMP 73D13DE1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!DeleteService 7572715C 5 Bytes JMP 73D13E71
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 757430E8 5 Bytes JMP 73D13F01
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 757430F8 5 Bytes JMP 73D13F91
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlServiceExA 75743108 5 Bytes JMP 73D13CC1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!ControlServiceExW 75743118 5 Bytes JMP 73D13D51
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] ADVAPI32.dll!CreateServiceA 75743158 5 Bytes JMP 73D141D1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] SHELL32.dll!Shell_NotifyIconW 766101A9 5 Bytes JMP 73D14BF1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] SHELL32.dll!SHRestricted + 251E 766715C1 5 Bytes JMP 73D166F1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WahWriteLSPEvent 7745145D 5 Bytes JMP 73D16811
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!closesocket 77453918 5 Bytes JMP 73D15BB1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASocketW 77453CD3 5 Bytes JMP 73D15B21
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASend 77454406 3 Bytes JMP 73D12401
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!WSASend + 4 7745440A 1 Byte [FC]
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!GetAddrInfoW 77454889 5 Bytes JMP 73D154F1
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!connect 77456BDD 3 Bytes JMP 73D14141
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!connect + 4 77456BE1 1 Byte [FC]
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!send 77456F01 3 Bytes JMP 73D12371
    .text C:\Program Files\ParetoLogic\PCHA\PCHA.exe[1676] WS2_32.dll!send + 4 77456F05 1 Byte [FC]
    .text C:\Program Files\ParetoLogic\PCHA\PCH






























  • Als ik zo je logs overzie, dan heeft jouw Windows het behoorlijk druk.
    Mogelijk dat wat jij met je notebook allemaal doet, dat de hardware er niet helemaal op berekend is….

    Wat geeft Taakbeheer aan betreffende processen en cpu-gebruik.

    [b:78c09095b9]Welk programma[/b:78c09095b9]: CrystalDiskInfo
    [b:78c09095b9]Waarvoor/waarom[/b:78c09095b9]: controle van van SMART-gegevens van de harddisk(s)
    [b:78c09095b9]Moeilijkheidsgraad[/b:78c09095b9]: geen.
    [b:78c09095b9]Download CrystalDiskInfo[/b:78c09095b9] [b:78c09095b9]hier[/b:78c09095b9]


    [img:78c09095b9]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:78c09095b9]


    Installeer het tool en start vervolgens CrystalDiskInfo

    Het tool leest daarop de SMART-gegevens van de aangesloten harddisks.
    Is de kleur Blauw - dan volledig gezond.
    Is de kleur Geel - dan zijn er problemen.
    Is de kleur Rood - dan de HD z.s.m. vervangen.

    Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
  • Misschien is je harde schijf boos :oops:
  • [quote:b702cf2524="bloody_banana"]Misschien is je harde schijf boos :oops:[/quote:b702cf2524]

    ????

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.