Ga naar inhoud
  • 0

opstartherstel mislukt

anoniem

Gevraagd door anoniem,

Vraag

anoniem Nieuwkomer

anoniem

Geplaatst:
Geplaatst:
Ik hoop dat iemand mij kan en wil helpen met het volgende probleem: Het is allemaal begonnen met foutmeldingen "ongeldige installatiekopie", dit bij het opstarten van mijn laptop en vervolgens bij het starten van verschillende programma's. Op aanraden van één van de leden heb ik een systeemherstel toegepast. Het probleem leek opgelost, maar bij opnieuw opstarten kom ik telkens in "opstartherstel" terecht. (zie topic http://forum.computertotaal.nl/phpBB/viewtopic.php?p=1453006#1453006) Vervolgens gescand met Malwarebytes, Anti-Malware en Hijackthis. Hieronder de resultaten. Is er een reddende engel voor mij aanwezig? Alvast bedankt! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6479 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19048 30-4-2011 20:10:41 mbam-log-2011-04-30 (20-10-41).txt Scantype: Volledige scan (C:\|E:\|) Objecten gescand: 324946 Verstreken tijd: 51 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 7 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDNS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultDns (Adware.ResultDNS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. Mappen geïnfecteerd: c:\programdata\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. c:\program files\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\programdata\resultdns\resultdns115.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\resultdns\resultdns.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\resultdns\uninstall.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\youruninstaller2008\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Emsisoft Anti-Malware - Versie 5.1 Laatste Update: 1-5-2011 15:28:09 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, E:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 1-5-2011 15:28:36 C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe Ontdekt: Trojan.Generic!IK C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe Ontdekt: Virus.Win32.Trojan!IK C:\Users\Annelie\Downloads\rcoasterty.rar/rcoasterty\rcttrn.EXE Ontdekt: BehavesLikeWin32.RemoteInjector!IK C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll Ontdekt: Riskware.AdWare.Win32.Zwangi!IK C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe Ontdekt: BHO.Win32.Zwangi!IK Gescand Bestanden: 399666 Sporen: 399197 Cookies: 1 Processen: 22 Gevonden Bestanden: 6 Sporen: 0 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1-5-2011 18:25:54 Scantijd: 2:57:18 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe In Quarantaine BHO.Win32.Zwangi!IK C:\Users\Annelie\Downloads\rcoasterty.rar/rcoasterty\rcttrn.EXE In Quarantaine BehavesLikeWin32.RemoteInjector!IK C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe In Quarantaine Virus.Win32.Trojan!IK C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe In Quarantaine Trojan.Generic!IK In Quarantaine Bestanden: 6 Sporen: 0 Cookies: 0 Verwijderd Bestanden: 1 Sporen: 0 Cookies: 0 Dit kon niet verwijderd worden: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll - File not found Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:31:20, on 2-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file) O23 - Service: AVGIDSAgent - AVAST Software - (no file) O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - (no file) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing) O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12584 bytes
Link naar reactie
  • Antwoorden 63
  • Aangemaakt
  • Laatste reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

63 antwoorden op deze vraag

Aanbevolen berichten

  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: TOSHIBA BIOS Manufacturer: INSYDE System Manufacturer: TOSHIBA System Product Name: Satellite L350 Logical Drives Mask: 0x0000007c Kernel Drivers (total 173): 0x8284C000 \SystemRoot\system32\ntkrnlpa.exe 0x82819000 \SystemRoot\system32\hal.dll 0x8040E000 \SystemRoot\system32\kdcom.dll 0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80485000 \SystemRoot\system32\PSHED.dll 0x80496000 \SystemRoot\system32\BOOTVID.dll 0x8049E000 \SystemRoot\system32\CLFS.SYS 0x804DF000 \SystemRoot\system32\CI.dll 0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80694000 \SystemRoot\System32\Drivers\spji.sys 0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x82E08000 \SystemRoot\system32\drivers\acpi.sys 0x82E4E000 \SystemRoot\system32\drivers\msisadrv.sys 0x82E56000 \SystemRoot\system32\drivers\pci.sys 0x82E7D000 \SystemRoot\System32\drivers\partmgr.sys 0x82E8C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x82E8F000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82E99000 \SystemRoot\system32\drivers\volmgr.sys 0x82EA8000 \SystemRoot\System32\drivers\volmgrx.sys 0x82EF2000 \SystemRoot\System32\drivers\mountmgr.sys 0x82F02000 \SystemRoot\system32\DRIVERS\pciide.sys 0x82F09000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x82F17000 \SystemRoot\System32\drivers\sfsync02.sys 0x8A80E000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8A9C3000 \SystemRoot\system32\drivers\atapi.sys 0x8A9CB000 \SystemRoot\system32\drivers\ataport.SYS 0x8A9E9000 \SystemRoot\system32\drivers\msahci.sys 0x82F20000 \SystemRoot\system32\drivers\fltmgr.sys 0x82F52000 \SystemRoot\system32\drivers\fileinfo.sys 0x82F62000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x8A9F3000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x82F71000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AA02000 \SystemRoot\system32\drivers\ndis.sys 0x8AB0D000 \SystemRoot\system32\drivers\msrpc.sys 0x8AB38000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AB73000 \SystemRoot\System32\Drivers\vbtenum.sys 0x8AC0B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AD1B000 \SystemRoot\system32\drivers\volsnap.sys 0x8AD54000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0x8AD59000 \SystemRoot\system32\DRIVERS\tos_sps32.sys 0x8AD9C000 \SystemRoot\System32\Drivers\spldr.sys 0x8ADA4000 \SystemRoot\System32\drivers\sfhlp02.sys 0x8ADAC000 \SystemRoot\System32\drivers\sfdrv01.sys 0x8ADBF000 \SystemRoot\System32\Drivers\mup.sys 0x8ADCE000 \SystemRoot\System32\drivers\ecache.sys 0x8AB77000 \SystemRoot\system32\drivers\disk.sys 0x8AB88000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8ADF5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AC00000 \SystemRoot\System32\Drivers\BTHidMgr.sys 0x8E7CE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8E7D7000 \SystemRoot\system32\DRIVERS\FwLnk.sys 0x8E7DF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8E7EE000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8F407000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8FD27000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FDC7000 \SystemRoot\System32\drivers\watchdog.sys 0x8FDD3000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8ABB6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8FDDE000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8EA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8EA9A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8EAE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8EAF9000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys 0x8EAFB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8EB06000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8EB36000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8EB38000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys 0x8EB48000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8EB53000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0x8EB57000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8EB6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8EB75000 \SystemRoot\System32\Drivers\atdbv5fx.SYS 0x8EBAD000 \SystemRoot\System32\Drivers\VcommMgr.sys 0x8EBB7000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x805BF000 \SystemRoot\system32\DRIVERS\storport.sys 0x8EBE6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8EBF1000 \SystemRoot\system32\DRIVERS\blueletaudio.sys 0x807C4000 \SystemRoot\system32\DRIVERS\portcls.sys 0x8FE00000 \SystemRoot\system32\DRIVERS\drmk.sys 0x8FE25000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FE4F000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys 0x8FE55000 \SystemRoot\System32\Drivers\RootMdm.sys 0x8FE5D000 \SystemRoot\system32\drivers\modem.sys 0x8FE6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8FE81000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FE8C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FEAF000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FEBE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FED2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FEE7000 \SystemRoot\system32\DRIVERS\btnetdrv.sys 0x8FEEA000 \SystemRoot\system32\DRIVERS\VComm.sys 0x8FEF1000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FEFB000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FF0B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FF0D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FF17000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FF24000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FF59000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90207000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x90609000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x90725000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9073C000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0x90744000 \SystemRoot\System32\Drivers\usbvideo.sys 0x90765000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x907D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x907DE000 \SystemRoot\System32\Drivers\Null.SYS 0x907E5000 \SystemRoot\System32\Drivers\Beep.SYS 0x907EC000 \??\C:\Windows\System32\Drivers\KMWDFilter.SYS 0x907F1000 \SystemRoot\System32\drivers\vga.sys 0x90516000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90600000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x90537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x90547000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x9054E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90556000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9055E000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90569000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys 0x9056F000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9057D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x90585000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x90A0A000 \SystemRoot\System32\drivers\tcpip.sys 0x90AF4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x90B0F000 \SystemRoot\system32\DRIVERS\RTL8187B.sys 0x90B6D000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90B83000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x90B8D000 \SystemRoot\system32\DRIVERS\smb.sys 0x90BA1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9058E000 \SystemRoot\system32\drivers\afd.sys 0x90BD3000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x90BD8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x90BEE000 \SystemRoot\system32\DRIVERS\rtlprot.sys 0x905D6000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90BF8000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x905E4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FF6A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 0x90A00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8FF8C000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FFC8000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90E0A000 \SystemRoot\system32\drivers\mfehidk.sys 0x90E3D000 \SystemRoot\System32\Drivers\dfsc.sys 0x90E54000 \SystemRoot\System32\Drivers\aswSP.SYS 0x90E9D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8E600000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9A2E0000 \SystemRoot\System32\win32k.sys 0x90EAA000 \SystemRoot\System32\drivers\Dxapi.sys 0x90EB4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A500000 \SystemRoot\System32\TSDDD.dll 0x9A520000 \SystemRoot\System32\cdd.dll 0x90EC3000 \SystemRoot\system32\drivers\luafv.sys 0x90EDE000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x90F16000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x90F19000 \SystemRoot\system32\drivers\spsys.sys 0x90FC9000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8FFD2000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x90FD9000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x90FE3000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xB0801000 \SystemRoot\system32\drivers\HTTP.sys 0xB086E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xB088B000 \SystemRoot\system32\DRIVERS\bowser.sys 0xB08A4000 \SystemRoot\System32\drivers\mpsdrv.sys 0xB08B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB08D8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xB0911000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xB0929000 \SystemRoot\System32\DRIVERS\srv2.sys 0xB0951000 \SystemRoot\System32\DRIVERS\srv.sys 0xB2A0C000 \SystemRoot\system32\drivers\peauth.sys 0xB2AEA000 \SystemRoot\System32\Drivers\secdrv.SYS 0xB2AF4000 \SystemRoot\System32\drivers\tcpipreg.sys 0xB2B00000 \SystemRoot\system32\DRIVERS\psi_mf.sys 0xB2B03000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77110000 \Windows\System32\ntdll.dll Processes (total 88): 0 System Idle Process 4 System 548 C:\Windows\System32\smss.exe 676 csrss.exe 716 C:\Windows\System32\wininit.exe 728 csrss.exe 764 C:\Windows\System32\services.exe 792 C:\Windows\System32\lsass.exe 800 C:\Windows\System32\winlogon.exe 812 C:\Windows\System32\lsm.exe 964 C:\Windows\System32\svchost.exe 1024 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 1068 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1204 C:\Windows\System32\svchost.exe 1236 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\svchost.exe 1360 C:\Windows\System32\audiodg.exe 1392 C:\Windows\System32\svchost.exe 1408 C:\Windows\System32\SLsvc.exe 1492 C:\Windows\servicing\TrustedInstaller.exe 1512 C:\Windows\System32\svchost.exe 1608 C:\Windows\System32\svchost.exe 1740 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 352 C:\Windows\System32\spoolsv.exe 476 C:\Windows\System32\svchost.exe 564 C:\Windows\System32\agrsmsvc.exe 1820 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1792 C:\Program Files\Bonjour\mDNSResponder.exe 1064 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 1552 C:\Windows\System32\svchost.exe 1332 C:\Program Files\Mouse Driver\KMWDSrv.exe 840 C:\Windows\System32\svchost.exe 2084 C:\Windows\System32\svchost.exe 2096 C:\Windows\System32\svchost.exe 2160 C:\Program Files\Secunia\PSI\psia.exe 2428 C:\Windows\System32\svchost.exe 2444 C:\Program Files\FIGHTERS\FighterSuiteService.exe 2500 C:\Program Files\Toshiba TEMPRO\TemproSvc.exe 2624 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 2644 C:\Windows\System32\TODDSrv.exe 2664 C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe 2684 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2744 C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe 2760 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe 2800 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2820 C:\Windows\System32\svchost.exe 2840 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3420 C:\Program Files\Secunia\PSI\sua.exe 3460 C:\Windows\System32\SearchIndexer.exe 3660 C:\Windows\System32\taskeng.exe 1784 C:\Windows\System32\taskeng.exe 636 C:\Windows\System32\dwm.exe 1980 C:\Windows\explorer.exe 2392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2388 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe 3436 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3088 C:\Program Files\Mouse Driver\StartAutorun.exe 1108 C:\Program Files\Toshiba TEMPRO\TemproTray.exe 3096 C:\Program Files\HP\HP Software Update\hpwuschd2.exe 1716 C:\Windows\System32\igfxtray.exe 3352 C:\Windows\System32\hkcmd.exe 1504 C:\Windows\System32\igfxpers.exe 3724 C:\Program Files\AVAST Software\Avast\AvastUI.exe 3780 C:\Windows\System32\igfxsrvc.exe 3548 C:\Program Files\Common Files\Java\Java Update\jusched.exe 796 C:\Program Files\Windows Media Player\wmpnscfg.exe 2336 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2328 C:\Program Files\Secunia\PSI\psi_tray.exe 3060 C:\Program Files\Mouse Driver\KMCONFIG.exe 3624 C:\Program Files\Windows Media Player\wmpnetwk.exe 2208 C:\Windows\System32\wbem\unsecapp.exe 3964 WmiPrvSE.exe 4168 C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe 4188 C:\Program Files\Mouse Driver\KMProcess.exe 4444 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 4480 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 4772 WmiPrvSE.exe 4988 C:\Windows\System32\svchost.exe 5320 C:\Windows\System32\SearchProtocolHost.exe 5520 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4836 C:\Windows\System32\SearchProtocolHost.exe 5292 C:\Windows\System32\SearchFilterHost.exe 3784 C:\Users\Annelie\Desktop\MBRCheck.exe 3120 Sf.bin 4928 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK1652GSX, Rev: LV010M Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Ik gebruik trouwens ook een oude versie van Internet Explorer. Als ik IE 9 wil gebruiken dan moet ik die afsluiten want "hij werkt niet meer". Heb secunia inmiddels gedownload; dan doet de scan het wel goed. (resultaat beschikbaar)
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Fijn, in ieder geval geen MBR-rootkit in de harde schijf! Nu mag je het volgende gaan doen: Download [b:51f5715e10]GMER[/b:51f5715e10] van één van de volgende locaties, en sla het op je Bureaublad op:[list:51f5715e10] [*:51f5715e10][b:51f5715e10][url=http://gmer.net/download.php]Primaire downloadlocatie[/url][/b:51f5715e10] [i:51f5715e10]Deze mirror zal een random genaamd bestand geven (Aanbevolen)[/i:51f5715e10] [*:51f5715e10][b:51f5715e10][url=http://gmer.net/gmer.zip]Gezipt bestand[/url][/b:51f5715e10] [i:51f5715e10]Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.[/i:51f5715e10][/list:u:51f5715e10][list:51f5715e10] [*:51f5715e10]Verbreek je internetverbinding en [b:51f5715e10]sluit alle openstaande programma's[/b:51f5715e10]. [*:51f5715e10]Schakel tijdelijk je real-time beveiligingssoftware uit. [*:51f5715e10]Dubbelklik op het [b:51f5715e10]random vernoemd[/b:51f5715e10] GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de [b:51f5715e10]gmer.sys[/b:51f5715e10] driver wordt geladen, als dit gevraagd wordt. [*:51f5715e10][i:51f5715e10][color=green:51f5715e10]Let op: Als je de gezipte vesie hebt gedownload, pak het bestand dan uit naar een vaste map, zoals bijvoorbeeld C:\gmer en dubbelklik dan op gmer.exe.[/color:51f5715e10][/i:51f5715e10] [img:51f5715e10]http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif[/img:51f5715e10] [*:51f5715e10]GMER zal het Rootkit/Malware tabblad openen, en een automatische snelle scan uitvoeren wanneer GMER voor de eerste keer uitgevoerd wordt. [i:51f5715e10](gebruik de computer niet tijdens de scan)[/i:51f5715e10] [*:51f5715e10]Als je een [b:51f5715e10]WARNING!!![/b:51f5715e10] over rootkit activiteit ontvangt, en je wordt gevraagd om je systeem geheel te scannen...klik dan op [b:51f5715e10]NO[/b:51f5715e10]. [*:51f5715e10]Klik nu op de [b:51f5715e10]Scan[/b:51f5715e10] knop. Als je een rootkit waarschuwingsvenster krijgt, klik dan op OK. [*:51f5715e10]Klik op de [b:51f5715e10]Save...[/b:51f5715e10] knop als de scan voltooid is, en sla het logbestand op je bureaublad op. Sla het bestand op als [b:51f5715e10]gmer.log[/b:51f5715e10]. [*:51f5715e10]Klik op de [b:51f5715e10]Copy[/b:51f5715e10] knop en post de log in je volgende bericht. [*:51f5715e10]Sluit GMER en zet alle real-time protectie weer aan.[/list:u:51f5715e10][i:51f5715e10][color=green:51f5715e10]-- Als je enige problemen hebt, probeer GMER dan in [b:51f5715e10][url=http://www.computerhope.com/issues/chsafe.htm]veilige modus[/url][/b:51f5715e10] uit te voeren[/color:51f5715e10][/i:51f5715e10].
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-07 14:47:31 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01 Running: 63jpfi5y.exe; Driver: C:\Users\Annelie\AppData\Local\Temp\agriiaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90778202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9077A7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9077A848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9077A95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9077A746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9077A898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9077A79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9077A90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90778226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90777FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9077824A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9077AD56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90778CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9077A820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9077A870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9077A988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9077A772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9077A8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9077A7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9077A936] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90778BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9077826E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90778292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9077804A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90778186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90778162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x907781AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x907782B6] INT 0x62 ? 88823F00 INT 0x82 ? 88823F00 INT 0x82 ? 88823F00 INT 0x82 ? 88823F00 INT 0x92 ? 88823F00 INT 0xA2 ? 88823F00 INT 0xB2 ? 85E43BF8 INT 0xB2 ? 88823F00 INT 0xB2 ? 88823F00 INT 0xB2 ? 85E43BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E73762] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828F8890 4 Bytes [02, 82, 77, 90] .text ntkrnlpa.exe!KeSetEvent + 1D1 828F8954 8 Bytes [F0, A7, 77, 90, 48, A8, 77, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828F8960 4 Bytes [5E, A9, 77, 90] .text ntkrnlpa.exe!KeSetEvent + 1F5 828F8978 4 Bytes [46, A7, 77, 90] {INC ESI; CMPSD ; JA 0xffffffffffffff94} .text ntkrnlpa.exe!KeSetEvent + 215 828F8998 8 Bytes [98, A8, 77, 90, 9A, A7, 77, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A235C7 5 Bytes JMP 90E6F11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82A7C4F3 5 Bytes JMP 90E70BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A85E18 4 Bytes CALL 9077934B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A89A8C 4 Bytes CALL 90779361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ADDDAE 7 Bytes JMP 90E73766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spji.sys Het systeem kan het opgegeven pad niet vinden. ! PAGE ataport.SYS!DllUnload 8A9DCB2E 5 Bytes JMP 85E3F1D8 .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD59480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9A900, 0x3CA, 0x48000040] .text USBPORT.SYS!DllUnload 8ABE641B 5 Bytes JMP 888234E0 .text atdbv5fx.SYS 8EB76000 22 Bytes [82, 03, 82, 82, 6C, 02, 82, ...] .text atdbv5fx.SYS 8EB76017 137 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...] .text atdbv5fx.SYS 8EB760A1 43 Bytes [50, 8F, 82, 74, 46, 89, 82, ...] .text atdbv5fx.SYS 8EB760CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text atdbv5fx.SYS 8EB760DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text ... .text win32k.sys!EngCreateRectRgn + 4537 9A2FFC90 5 Bytes JMP 9077B440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 9A318EB9 5 Bytes JMP 9077BE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 9A319CA5 5 Bytes JMP 9077BF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 9A322407 5 Bytes JMP 9077AD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9A323350 5 Bytes JMP 9077BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F1 9A32EA84 5 Bytes JMP 9077B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 455C 9A32FEEF 5 Bytes JMP 9077AF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119C6 9A349A25 5 Bytes JMP 9077B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A1A 9A349A79 5 Bytes JMP 9077B326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 9A370A12 5 Bytes JMP 9077BB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 9A373371 5 Bytes JMP 9077AE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3A 9A379CA9 5 Bytes JMP 9077AFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B42 9A384110 1 Byte [E9] .text win32k.sys!EngStretchBlt + 2B42 9A384110 5 Bytes JMP 9077C014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 9A386FFC 5 Bytes JMP 9077AE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 81C 9A3A5415 5 Bytes JMP 9077BD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6EBA 9A3ABAB3 5 Bytes JMP 9077BBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 9A3AF22A 5 Bytes JMP 9077BCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 9A3B6B49 5 Bytes JMP 9077AEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 9A3D50A6 5 Bytes JMP 9077B0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9A3DA902 5 Bytes JMP 9077B008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9A3DE43A 5 Bytes JMP 9077BECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 9A3FD707 5 Bytes JMP 9077B03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D23F 9A409F37 5 Bytes JMP 9077B0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 90F6603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 1 Byte [16] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 90F66130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 90F66137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[352] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001A0600 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001A0804 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001A0A08 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001A01F8 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[476] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000801F8 .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000803FC .text C:\Windows\system32\agrsmsvc.exe[564] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000A03FC .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000A0600 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000A1014 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000A0804 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000A0A08 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000A0C0C .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000A0E10 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00090600 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00090804 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000903FC .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[716] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00180600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00180804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00190600 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00190804 .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00190A08 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001901F8 .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001903FC .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00BC0600 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00BC0804 .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00BC0A08 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 00BC01F8 .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 00BC03FC .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001D0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001D0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001D0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001D01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001D03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 001E0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 001E1014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 001E0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 001E0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 001E0C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 001E0E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001E01F8 .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00910600 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00910804 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00910A08 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 009101F8 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 009103FC .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001E0600 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001E0804 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001E0A08 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001E01F8 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001E03FC .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-07 14:47:31 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01 Running: 63jpfi5y.exe; Driver: C:\Users\Annelie\AppData\Local\Temp\agriiaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90778202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9077A7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9077A848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9077A95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9077A746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9077A898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9077A79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9077A90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90778226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90777FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9077824A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9077AD56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90778CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9077A820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9077A870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9077A988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9077A772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9077A8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9077A7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9077A936] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90778BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9077826E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90778292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9077804A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90778186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90778162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x907781AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x907782B6] INT 0x62 ? 88823F00 INT 0x82 ? 88823F00 INT 0x82 ? 88823F00 INT 0x82 ? 88823F00 INT 0x92 ? 88823F00 INT 0xA2 ? 88823F00 INT 0xB2 ? 85E43BF8 INT 0xB2 ? 88823F00 INT 0xB2 ? 88823F00 INT 0xB2 ? 85E43BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E73762] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828F8890 4 Bytes [02, 82, 77, 90] .text ntkrnlpa.exe!KeSetEvent + 1D1 828F8954 8 Bytes [F0, A7, 77, 90, 48, A8, 77, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828F8960 4 Bytes [5E, A9, 77, 90] .text ntkrnlpa.exe!KeSetEvent + 1F5 828F8978 4 Bytes [46, A7, 77, 90] {INC ESI; CMPSD ; JA 0xffffffffffffff94} .text ntkrnlpa.exe!KeSetEvent + 215 828F8998 8 Bytes [98, A8, 77, 90, 9A, A7, 77, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A235C7 5 Bytes JMP 90E6F11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82A7C4F3 5 Bytes JMP 90E70BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A85E18 4 Bytes CALL 9077934B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A89A8C 4 Bytes CALL 90779361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ADDDAE 7 Bytes JMP 90E73766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spji.sys Het systeem kan het opgegeven pad niet vinden. ! PAGE ataport.SYS!DllUnload 8A9DCB2E 5 Bytes JMP 85E3F1D8 .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD59480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9A900, 0x3CA, 0x48000040] .text USBPORT.SYS!DllUnload 8ABE641B 5 Bytes JMP 888234E0 .text atdbv5fx.SYS 8EB76000 22 Bytes [82, 03, 82, 82, 6C, 02, 82, ...] .text atdbv5fx.SYS 8EB76017 137 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...] .text atdbv5fx.SYS 8EB760A1 43 Bytes [50, 8F, 82, 74, 46, 89, 82, ...] .text atdbv5fx.SYS 8EB760CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text atdbv5fx.SYS 8EB760DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text ... .text win32k.sys!EngCreateRectRgn + 4537 9A2FFC90 5 Bytes JMP 9077B440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 9A318EB9 5 Bytes JMP 9077BE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 9A319CA5 5 Bytes JMP 9077BF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 9A322407 5 Bytes JMP 9077AD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9A323350 5 Bytes JMP 9077BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F1 9A32EA84 5 Bytes JMP 9077B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 455C 9A32FEEF 5 Bytes JMP 9077AF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119C6 9A349A25 5 Bytes JMP 9077B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A1A 9A349A79 5 Bytes JMP 9077B326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 9A370A12 5 Bytes JMP 9077BB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 9A373371 5 Bytes JMP 9077AE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3A 9A379CA9 5 Bytes JMP 9077AFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B42 9A384110 1 Byte [E9] .text win32k.sys!EngStretchBlt + 2B42 9A384110 5 Bytes JMP 9077C014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 9A386FFC 5 Bytes JMP 9077AE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 81C 9A3A5415 5 Bytes JMP 9077BD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6EBA 9A3ABAB3 5 Bytes JMP 9077BBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 9A3AF22A 5 Bytes JMP 9077BCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 9A3B6B49 5 Bytes JMP 9077AEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 9A3D50A6 5 Bytes JMP 9077B0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9A3DA902 5 Bytes JMP 9077B008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9A3DE43A 5 Bytes JMP 9077BECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 9A3FD707 5 Bytes JMP 9077B03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D23F 9A409F37 5 Bytes JMP 9077B0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 90F6603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 1 Byte [16] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 90F66130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 90F66137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[352] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001A0600 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001A0804 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001A0A08 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001A01F8 .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[476] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000801F8 .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000803FC .text C:\Windows\system32\agrsmsvc.exe[564] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000A03FC .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000A0600 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000A1014 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000A0804 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000A0A08 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000A0C0C .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000A0E10 .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00090600 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00090804 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000903FC .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[716] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[764] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00180600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00180804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00190600 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00190804 .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00190A08 .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001901F8 .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001903FC .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00BC0600 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00BC0804 .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00BC0A08 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 00BC01F8 .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 00BC03FC .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001D0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001D0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001D0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001D01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001D03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 001E0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 001E1014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 001E0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 001E0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 001E0C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 001E0E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001E01F8 .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00910600 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00910804 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00910A08 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 009101F8 .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 009103FC .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001E0600 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001E0804 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001E0A08 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001E01F8 .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001E03FC .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Hoi Eline, we hebben weer ComboFix nodig om een rootkit te verwijdederen! [b:7fd691557f]Download ComboFix via één van deze locaties[/b:7fd691557f]: [list:7fd691557f][*:7fd691557f][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:7fd691557f]Bleepingcomputer[/b:7fd691557f][/url] [*:7fd691557f][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:7fd691557f]ForoSpyware[/b:7fd691557f][/url] [*:7fd691557f][url=http://subs.geekstogo.com/ComboFix.exe][b:7fd691557f]Geekstogo[/b:7fd691557f][/url][/list:u:7fd691557f] ComboFix dient wederom op je bureaublad te staan! Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:7fd691557f]Kladblok[/b:7fd691557f]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:7fd691557f][color=Blue:7fd691557f]File:: C:\Users\Annelie\AppData\Local\Temp\agriiaod.sys Driver:: agriiaod[/color:7fd691557f][/b:7fd691557f] Sla dit kladblokbestand op je bureaublad op als [b:7fd691557f]CFScript.txt[/b:7fd691557f]. [b:7fd691557f][color=Red:7fd691557f]Nu eerst de antivirus deaktiveren![/color:7fd691557f][/b:7fd691557f] Sleep CFScript.txt in ComboFix.exe [img:7fd691557f]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:7fd691557f] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Ik begrijp echt niet waar ik mee bezig ben, maar ik vertrouw op jou: :roll: ComboFix 11-05-06.05 - Annelie 07-05-2011 16:38:05.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1411 [GMT 2:00] Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Annelie\AppData\Local\Temp\agriiaod.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AGRIIAOD -------\Service_agriiaod . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))) . . 2011-05-07 14:47 . 2011-05-07 14:50 -------- d-----w- c:\users\Annelie\AppData\Local\temp 2011-05-07 14:47 . 2011-05-07 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-07 07:11 . 2011-05-07 07:11 -------- d-----w- c:\users\Annelie\AppData\Local\Secunia PSI 2011-05-07 07:11 . 2011-05-07 07:11 -------- d-----w- c:\program files\Secunia 2011-05-06 17:30 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01D7D332-4CAC-40D0-82D6-1142E84782DB}\mpengine.dll 2011-05-05 18:02 . 2011-05-05 18:02 -------- d-----w- c:\programdata\Enkord 2011-05-05 14:42 . 2011-05-06 20:27 -------- d-----w- c:\programdata\Family Farm 2011-05-05 13:01 . 2011-05-05 13:02 -------- d-----w- c:\users\Annelie\AppData\Local\{C0D9C370-CAA1-4D6E-ADE1-60D6D88A2A6E} 2011-05-05 10:17 . 2011-05-05 10:17 -------- d-----w- c:\users\Annelie\AppData\Local\Adobe 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-05-05 10:03 . 2011-05-05 17:28 -------- d-----w- c:\program files\QuickTime 2011-05-05 10:03 . 2011-05-05 10:03 -------- d-----w- c:\programdata\Apple Computer 2011-05-05 10:00 . 2011-05-05 10:00 -------- d-----w- c:\users\Annelie\AppData\Local\Apple 2011-05-05 10:00 . 2011-05-05 10:00 -------- d-----w- c:\program files\Apple Software Update 2011-05-05 09:00 . 2011-05-05 09:00 -------- d-----w- c:\program files\Common Files\Java 2011-05-04 12:23 . 2011-05-04 12:23 -------- d-----w- c:\program files\ESET 2011-05-03 19:24 . 2011-05-03 19:24 388096 ----a-r- c:\users\Annelie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-03 19:24 . 2011-05-03 19:24 -------- d-----w- c:\program files\Trend Micro 2011-04-29 17:36 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-29 17:06 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-29 17:06 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-29 16:02 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-04-29 16:02 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-29 16:02 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-29 16:02 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-04-29 16:02 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-04-29 16:02 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-04-29 16:01 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr 2011-04-29 16:01 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-04-29 15:35 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-29 15:35 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-29 15:35 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-29 07:47 . 2011-04-29 07:47 -------- d-----w- c:\program files\Panda Security 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\programdata\AVAST Software 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\program files\AVAST Software 2011-04-28 19:15 . 2011-04-28 19:15 -------- d-----w- c:\users\Annelie\AppData\Local\Sunbelt Software 2011-04-28 19:14 . 2011-04-28 19:14 -------- dc-h--w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3} 2011-04-28 19:13 . 2011-04-28 19:15 -------- d-----w- c:\programdata\Lavasoft 2011-04-28 19:13 . 2011-04-28 19:13 -------- d-----w- c:\program files\Lavasoft 2011-04-28 12:11 . 2011-05-05 07:02 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-04-28 11:15 . 2011-04-28 11:15 -------- d-----w- c:\users\Annelie\AppData\Roaming\Malwarebytes 2011-04-28 11:14 . 2011-04-28 11:14 -------- d-----w- c:\programdata\Malwarebytes 2011-04-28 11:14 . 2011-04-30 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-27 20:21 . 2011-04-27 20:21 -------- d-----w- c:\users\Annelie\AppData\Roaming\Skype 2011-04-27 18:59 . 2011-04-27 18:59 -------- d-----w- c:\program files\Loaris 2011-04-27 18:16 . 2011-04-27 18:58 -------- d-----w- c:\program files\Loaris Trojan Remover 2011-04-26 10:23 . 2011-04-26 10:23 -------- d-----w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5} 2011-04-24 19:11 . 2011-04-24 19:12 -------- d-----w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73} 2011-04-23 10:55 . 2011-04-23 10:55 -------- d-----w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia 2011-04-23 10:30 . 2011-04-23 10:31 -------- d-----w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8} 2011-04-22 19:45 . 2011-04-22 19:45 -------- d-----w- c:\program files\Shangri La 2 Deluxe 2011-04-22 18:22 . 2011-04-22 18:22 -------- d-----w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816} 2011-04-21 18:28 . 2011-04-21 18:33 -------- d-----w- c:\program files\Farmscapes Collectors Edition 2011-04-21 11:13 . 2011-04-21 11:13 -------- d-----w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6} 2011-04-20 10:58 . 2011-04-20 10:58 -------- d-----w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics 2011-04-20 10:56 . 2011-04-20 10:56 -------- d-----w- c:\program files\Microsoft ATS 2011-04-20 10:47 . 2011-04-20 10:47 -------- d-----w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E} 2011-04-19 13:03 . 2011-04-19 13:03 -------- d-----w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901} 2011-04-18 08:38 . 2011-04-18 08:38 -------- d-----w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B} 2011-04-17 15:13 . 2011-05-03 11:34 -------- d-----w- c:\program files\Campfire Legends - The Babysitter 2011-04-17 12:56 . 2011-04-29 16:11 -------- d-----w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe 2011-04-17 10:55 . 2011-04-17 10:55 -------- d-----w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3} 2011-04-16 10:37 . 2011-04-16 10:37 -------- d-----w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551} 2011-04-14 18:02 . 2011-04-14 18:02 -------- d-----w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da} 2011-04-14 10:56 . 2011-04-14 10:56 -------- d-----w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591} 2011-04-12 14:43 . 2011-04-12 14:43 -------- d-----w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC} 2011-04-11 18:19 . 2011-04-11 18:20 -------- d-----w- c:\program files\Little Shop - World Traveler Deluxe 2011-04-10 19:49 . 2011-04-10 19:49 -------- d-----w- c:\users\Annelie\AppData\Roaming\NevoSoft 2011-04-08 07:34 . 2011-04-08 07:35 -------- d-----w- c:\users\Annelie\AppData\Roaming\thejoyoffarming . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-05 12:56 . 2008-11-21 17:35 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-05 12:56 . 2008-11-21 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-05 08:47 . 2010-06-05 13:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-09 11:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-07 15:16 . 2010-01-19 13:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-03-07 15:16 . 2010-01-19 13:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-03-03 15:40 . 2011-04-29 15:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-29 15:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-29 15:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-29 15:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 12:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 12:25 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 12:25 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-02-11 17:26 . 2011-02-11 17:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe 2011-02-11 17:26 . 2009-07-17 14:48 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-02-11 17:26 . 2009-07-17 14:48 267800 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-02-11 17:26 . 2009-07-17 14:48 172568 ----a-w- c:\windows\system32\igfxpers.exe 2011-02-11 17:26 . 2009-07-17 14:48 179224 ----a-w- c:\windows\system32\igfxext.exe 2011-02-11 17:26 . 2009-07-17 14:48 171032 ----a-w- c:\windows\system32\hkcmd.exe 2011-02-11 17:26 . 2011-02-11 17:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe 2011-02-11 17:20 . 2011-02-11 17:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll 2011-02-11 17:12 . 2011-02-11 17:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-02-11 17:12 . 2008-08-19 11:04 4967424 ----a-w- c:\windows\system32\igdumd32.dll 2011-02-11 17:09 . 2008-08-19 11:04 571904 ----a-w- c:\windows\system32\igdumdx32.dll 2011-02-11 17:04 . 2011-02-11 17:04 4411392 ----a-w- c:\windows\system32\igd10umd32.dll 2011-02-11 16:51 . 2011-02-11 16:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc 2011-02-11 16:44 . 2009-07-17 14:48 86016 ----a-w- c:\windows\system32\igfxrnld.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc 2011-02-11 16:41 . 2011-02-11 16:41 195584 ----a-w- c:\windows\system32\igfxpph.dll 2011-02-11 16:41 . 2011-02-11 16:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-02-11 16:41 . 2008-08-19 11:04 261632 ----a-w- c:\windows\system32\igfxTMM.dll 2011-02-11 16:41 . 2008-08-19 11:04 23552 ----a-w- c:\windows\system32\igfxexps.dll 2011-02-11 16:41 . 2008-08-19 11:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 130048 ----a-w- c:\windows\system32\igfxdo.dll 2011-02-11 16:40 . 2008-08-19 11:04 95232 ----a-w- c:\windows\system32\hccutils.dll 2011-02-11 16:40 . 2011-02-11 16:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2011-02-11 16:40 . 2011-02-11 16:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc 2011-02-11 16:40 . 2008-08-19 11:04 828928 ----a-w- c:\windows\system32\igfxress.dll 2011-02-11 16:40 . 2008-08-19 11:04 228864 ----a-w- c:\windows\system32\igfxdev.dll 2011-02-11 16:35 . 2011-02-11 16:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll 2011-02-11 16:35 . 2011-02-11 16:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952] "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-07-02 13:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x] R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 BOHCI;BOHCI; [x] R4 BUHCI;BUHCI; [x] R4 BUSBD;BUSBD; [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104] S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://alawar.co.nl mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local Trusted Zone: microsoft.com\www . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file) MSConfigStartUp-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-07 16:50 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Voltooingstijd: 2011-05-07 16:57:17 - machine werd herstart ComboFix-quarantined-files.txt 2011-05-07 14:56 ComboFix2.txt 2011-05-02 20:17 . Pre-Run: 16.728.879.104 bytes beschikbaar Post-Run: 16.329.916.416 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - E66245D6DD6830CCD1ADC8C15D58F243
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
hoi eline - maak je niet ongerust, dit alles had eigenlijk al eerder onderzocht moeten zijn! Maar beter laat dan helemaal nooit, goed zo, 2 rootkits verwijderd. Open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:19500c1191]Kladblok[/b:19500c1191]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:19500c1191][color=Blue:19500c1191]KILLALL:: FileLook:: 63jpfi5y.exe[/color:19500c1191][/b:19500c1191] Sla dit kladblokbestand op je bureaublad op als [b:19500c1191]CFScript.txt[/b:19500c1191]. [b:19500c1191][color=Red:19500c1191]Nu eerst de antivirus deaktiveren![/color:19500c1191][/b:19500c1191] Sleep CFScript.txt in ComboFix.exe [img:19500c1191]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:19500c1191] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Mijn pc staat wel min of meer vast na die Combofix dingen, de 2e keer heb ik hem geforceerd (aan/uit knop) uit moeten zetten. ComboFix 11-05-06.05 - Annelie 07-05-2011 17:46:25.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1897 [GMT 2:00] Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))) . . 2011-05-07 15:53 . 2011-05-07 15:58 -------- d-----w- c:\users\Annelie\AppData\Local\temp 2011-05-07 15:53 . 2011-05-07 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-07 07:11 . 2011-05-07 07:11 -------- d-----w- c:\users\Annelie\AppData\Local\Secunia PSI 2011-05-07 07:11 . 2011-05-07 07:11 -------- d-----w- c:\program files\Secunia 2011-05-06 17:30 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01D7D332-4CAC-40D0-82D6-1142E84782DB}\mpengine.dll 2011-05-05 18:02 . 2011-05-05 18:02 -------- d-----w- c:\programdata\Enkord 2011-05-05 14:42 . 2011-05-06 20:27 -------- d-----w- c:\programdata\Family Farm 2011-05-05 13:01 . 2011-05-05 13:02 -------- d-----w- c:\users\Annelie\AppData\Local\{C0D9C370-CAA1-4D6E-ADE1-60D6D88A2A6E} 2011-05-05 10:17 . 2011-05-05 10:17 -------- d-----w- c:\users\Annelie\AppData\Local\Adobe 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-05-05 10:03 . 2011-05-05 17:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-05-05 10:03 . 2011-05-05 17:28 -------- d-----w- c:\program files\QuickTime 2011-05-05 10:03 . 2011-05-05 10:03 -------- d-----w- c:\programdata\Apple Computer 2011-05-05 10:00 . 2011-05-05 10:00 -------- d-----w- c:\users\Annelie\AppData\Local\Apple 2011-05-05 10:00 . 2011-05-05 10:00 -------- d-----w- c:\program files\Apple Software Update 2011-05-05 09:00 . 2011-05-05 09:00 -------- d-----w- c:\program files\Common Files\Java 2011-05-04 12:23 . 2011-05-04 12:23 -------- d-----w- c:\program files\ESET 2011-05-03 19:24 . 2011-05-03 19:24 388096 ----a-r- c:\users\Annelie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-03 19:24 . 2011-05-03 19:24 -------- d-----w- c:\program files\Trend Micro 2011-04-29 17:36 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-29 17:06 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-29 17:06 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-29 16:02 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-04-29 16:02 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-29 16:02 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-29 16:02 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-04-29 16:02 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-04-29 16:02 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-04-29 16:01 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr 2011-04-29 16:01 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-04-29 15:35 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-29 15:35 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-29 15:35 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-29 07:47 . 2011-04-29 07:47 -------- d-----w- c:\program files\Panda Security 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\programdata\AVAST Software 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\program files\AVAST Software 2011-04-28 19:15 . 2011-04-28 19:15 -------- d-----w- c:\users\Annelie\AppData\Local\Sunbelt Software 2011-04-28 19:14 . 2011-04-28 19:14 -------- dc-h--w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3} 2011-04-28 19:13 . 2011-04-28 19:15 -------- d-----w- c:\programdata\Lavasoft 2011-04-28 19:13 . 2011-04-28 19:13 -------- d-----w- c:\program files\Lavasoft 2011-04-28 12:11 . 2011-05-05 07:02 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-04-28 11:15 . 2011-04-28 11:15 -------- d-----w- c:\users\Annelie\AppData\Roaming\Malwarebytes 2011-04-28 11:14 . 2011-04-28 11:14 -------- d-----w- c:\programdata\Malwarebytes 2011-04-28 11:14 . 2011-04-30 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-27 20:21 . 2011-04-27 20:21 -------- d-----w- c:\users\Annelie\AppData\Roaming\Skype 2011-04-27 18:59 . 2011-04-27 18:59 -------- d-----w- c:\program files\Loaris 2011-04-27 18:16 . 2011-04-27 18:58 -------- d-----w- c:\program files\Loaris Trojan Remover 2011-04-26 10:23 . 2011-04-26 10:23 -------- d-----w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5} 2011-04-24 19:11 . 2011-04-24 19:12 -------- d-----w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73} 2011-04-23 10:55 . 2011-04-23 10:55 -------- d-----w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia 2011-04-23 10:30 . 2011-04-23 10:31 -------- d-----w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8} 2011-04-22 19:45 . 2011-04-22 19:45 -------- d-----w- c:\program files\Shangri La 2 Deluxe 2011-04-22 18:22 . 2011-04-22 18:22 -------- d-----w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816} 2011-04-21 18:28 . 2011-04-21 18:33 -------- d-----w- c:\program files\Farmscapes Collectors Edition 2011-04-21 11:13 . 2011-04-21 11:13 -------- d-----w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6} 2011-04-20 10:58 . 2011-04-20 10:58 -------- d-----w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics 2011-04-20 10:56 . 2011-04-20 10:56 -------- d-----w- c:\program files\Microsoft ATS 2011-04-20 10:47 . 2011-04-20 10:47 -------- d-----w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E} 2011-04-19 13:03 . 2011-04-19 13:03 -------- d-----w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901} 2011-04-18 08:38 . 2011-04-18 08:38 -------- d-----w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B} 2011-04-17 15:13 . 2011-05-03 11:34 -------- d-----w- c:\program files\Campfire Legends - The Babysitter 2011-04-17 12:56 . 2011-04-29 16:11 -------- d-----w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe 2011-04-17 10:55 . 2011-04-17 10:55 -------- d-----w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3} 2011-04-16 10:37 . 2011-04-16 10:37 -------- d-----w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551} 2011-04-14 18:02 . 2011-04-14 18:02 -------- d-----w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da} 2011-04-14 10:56 . 2011-04-14 10:56 -------- d-----w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591} 2011-04-12 14:43 . 2011-04-12 14:43 -------- d-----w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC} 2011-04-11 18:19 . 2011-04-11 18:20 -------- d-----w- c:\program files\Little Shop - World Traveler Deluxe 2011-04-10 19:49 . 2011-04-10 19:49 -------- d-----w- c:\users\Annelie\AppData\Roaming\NevoSoft 2011-04-08 07:34 . 2011-04-08 07:35 -------- d-----w- c:\users\Annelie\AppData\Roaming\thejoyoffarming . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-05 12:56 . 2008-11-21 17:35 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-05 12:56 . 2008-11-21 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-05 08:47 . 2010-06-05 13:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-09 11:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-07 15:16 . 2010-01-19 13:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-03-07 15:16 . 2010-01-19 13:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-03-03 15:40 . 2011-04-29 15:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-29 15:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-29 15:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-29 15:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 12:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 12:25 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 12:25 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-02-11 17:26 . 2011-02-11 17:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe 2011-02-11 17:26 . 2009-07-17 14:48 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-02-11 17:26 . 2009-07-17 14:48 267800 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-02-11 17:26 . 2009-07-17 14:48 172568 ----a-w- c:\windows\system32\igfxpers.exe 2011-02-11 17:26 . 2009-07-17 14:48 179224 ----a-w- c:\windows\system32\igfxext.exe 2011-02-11 17:26 . 2009-07-17 14:48 171032 ----a-w- c:\windows\system32\hkcmd.exe 2011-02-11 17:26 . 2011-02-11 17:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe 2011-02-11 17:20 . 2011-02-11 17:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll 2011-02-11 17:12 . 2011-02-11 17:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-02-11 17:12 . 2008-08-19 11:04 4967424 ----a-w- c:\windows\system32\igdumd32.dll 2011-02-11 17:09 . 2008-08-19 11:04 571904 ----a-w- c:\windows\system32\igdumdx32.dll 2011-02-11 17:04 . 2011-02-11 17:04 4411392 ----a-w- c:\windows\system32\igd10umd32.dll 2011-02-11 16:51 . 2011-02-11 16:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc 2011-02-11 16:44 . 2009-07-17 14:48 86016 ----a-w- c:\windows\system32\igfxrnld.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc 2011-02-11 16:41 . 2011-02-11 16:41 195584 ----a-w- c:\windows\system32\igfxpph.dll 2011-02-11 16:41 . 2011-02-11 16:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-02-11 16:41 . 2008-08-19 11:04 261632 ----a-w- c:\windows\system32\igfxTMM.dll 2011-02-11 16:41 . 2008-08-19 11:04 23552 ----a-w- c:\windows\system32\igfxexps.dll 2011-02-11 16:41 . 2008-08-19 11:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 130048 ----a-w- c:\windows\system32\igfxdo.dll 2011-02-11 16:40 . 2008-08-19 11:04 95232 ----a-w- c:\windows\system32\hccutils.dll 2011-02-11 16:40 . 2011-02-11 16:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2011-02-11 16:40 . 2011-02-11 16:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc 2011-02-11 16:40 . 2008-08-19 11:04 828928 ----a-w- c:\windows\system32\igfxress.dll 2011-02-11 16:40 . 2008-08-19 11:04 228864 ----a-w- c:\windows\system32\igfxdev.dll 2011-02-11 16:35 . 2011-02-11 16:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll 2011-02-11 16:35 . 2011-02-11 16:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952] "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-07-02 13:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x] R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 BOHCI;BOHCI; [x] R4 BUHCI;BUHCI; [x] R4 BUSBD;BUSBD; [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104] S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://alawar.co.nl mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local Trusted Zone: microsoft.com\www . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-07 17:57 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Voltooingstijd: 2011-05-07 18:03:11 - machine werd herstart ComboFix-quarantined-files.txt 2011-05-07 16:03 ComboFix2.txt 2011-05-07 14:57 ComboFix3.txt 2011-05-02 20:17 . Pre-Run: 16.290.107.392 bytes beschikbaar Post-Run: 16.244.137.984 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 20AC4F0A34323F6C06772788602513AD
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Vista is net zo oud als jouw PC? Doe het volgende: ga naar [b:90ac5363a7]Start[/b:90ac5363a7] en typ [in de zoekregel [b:90ac5363a7]cmd[/b:90ac5363a7]; bovenaan het startmenu zie je nu de betreffende snelkoppeling. Klik deze snelkoppeling met rechts aan en kies voor [b:90ac5363a7]Als administrator uitvoeren[/b:90ac5363a7]. In het zwarte venster typ je nu [b:90ac5363a7]sfc /scannow[/b:90ac5363a7] gevolgd door indrukken van de Entertoets. Denk wel aan de spatie na 'sfc'. In het zwarte venster zie nu de voortgang van de scan. Is de scan klaar, typ je [b:90ac5363a7]Exit[/b:90ac5363a7] gevolgd door indrukken van de Entertoets. SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zonodig volgt reparatie. Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Waarom niet al te best? Laptop doet het nu prima, ìk heb er geen problemen mee. Toen ik de laptop net had, heb ik wel 2 herstel DVD's gemaakt van Toshiba; neem aan dat je dat niet bedoeld. Ik weet niet eens wat ik met die DVD's doen moet, maar omdat er automatisch zo op aangedrongen werd heb ik ze toen gemaakt. Kan er zelf eigenlijk niks mee... Van Vista heb ik niks. Stond er bij aankoop al op. Wat mij betreft hoeven we niet verder te "wroeten". Hij draait zoals die draait. Toch ? :?
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Wel, dan kunnen we denk ik nu dit topic alsopgelost beschouwen! Wel nog even opruimen: ComboFix mag nu verwijderd worden: [list:825a37dbe8][*:825a37dbe8] ga daarvoor naar Start - Uitvoeren [*:825a37dbe8] kopieer en plak hierin het volgende: [b:825a37dbe8]Combofix /Uninstall[/b:825a37dbe8] [*:825a37dbe8] klik daarna op [b:825a37dbe8]OK[/b:825a37dbe8]. [*:825a37dbe8] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:825a37dbe8] Voorbeeld: [img:825a37dbe8]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:825a37dbe8] Uitvoeren kan ook gestart worden door de toetsencombinatie [img:825a37dbe8]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:825a37dbe8] [i:825a37dbe8]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:825a37dbe8] Download [url=http://oldtimer.geekstogo.com/OTC.exe][b:825a37dbe8][color=#FF0000:825a37dbe8]OTC.exe[/color:825a37dbe8][/b:825a37dbe8][/url] (by OldTimer) [list:825a37dbe8][*:825a37dbe8]Plaats het bestand op je bureaublad. [*:825a37dbe8]Zorg dat er een internetverbinding is. [*:825a37dbe8]Vista / W7 Gebruikers : [list:825a37dbe8][*:825a37dbe8]Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.[/list:u:825a37dbe8] [*:825a37dbe8]XP Gebruikers: [list:825a37dbe8][*:825a37dbe8]Dubbelklik op OTC[/list:u:825a37dbe8] [*:825a37dbe8]Klik nu op de knop "CleanUp!" [*:825a37dbe8]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig. [*:825a37dbe8]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:825a37dbe8] [i:825a37dbe8][b:825a37dbe8]Nota[/b:825a37dbe8]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:825a37dbe8]
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
Ga naar vragenoverzicht
×
×
  • Nieuwe aanmaken...