Vraag & Antwoord

Beveiliging & privacy

opstartherstel mislukt

Anoniem
None
64 antwoorden
  • Ik snap er niks meer van. Adobe flash player verwijderd en nieuwe flashplayer geïnstalleerd:

    [b:7856672c6a]You have version 10,2,159,1 installed[/b:7856672c6a]

    Draai opnieuw secunia, en krijg wéér hetzelfde te zien……..
  • [quote:7a38f256d1="eline"]Ik snap er niks meer van. Adobe flash player verwijderd en nieuwe flashplayer geïnstalleerd:

    [b:7a38f256d1]You have version 10,2,159,1 installed[/b:7a38f256d1]

    Draai opnieuw secunia, en krijg wéér hetzelfde te zien……..[/quote:7a38f256d1]
    Dat is de nieuwste (16-04-2011 ) Dus prima toch ;)
  • Hoi Eline, gezien er toch noch problemen zijn, wil nu dan het volgende doen:

    [b:d62a884e02]Welk programma[/b:d62a884e02]: MBRCheck.exe
    [b:d62a884e02]Waarvoor/waarom[/b:d62a884e02]: speciale scan op mbr-rootkits
    [b:d62a884e02]Moeilijkheidsgraad[/b:d62a884e02]: geen.
    [b:d62a884e02]Download MBRCheck.exe[/b:d62a884e02]

    [b:d62a884e02]MBRCheck.exe opstarten[/b:d62a884e02]:
    Windows 2000 en Windows XP: start MBRCheck.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBRCheck.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [list:d62a884e02][*:d62a884e02]een zwart scherm toont zich met enkele data erin.
    [*:d62a884e02]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:d62a884e02]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:d62a884e02]
  • MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: INSYDE
    System Manufacturer: TOSHIBA
    System Product Name: Satellite L350
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 173):
    0x8284C000 \SystemRoot\system32\ntkrnlpa.exe
    0x82819000 \SystemRoot\system32\hal.dll
    0x8040E000 \SystemRoot\system32\kdcom.dll
    0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80485000 \SystemRoot\system32\PSHED.dll
    0x80496000 \SystemRoot\system32\BOOTVID.dll
    0x8049E000 \SystemRoot\system32\CLFS.SYS
    0x804DF000 \SystemRoot\system32\CI.dll
    0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80694000 \SystemRoot\System32\Drivers\spji.sys
    0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x82E08000 \SystemRoot\system32\drivers\acpi.sys
    0x82E4E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x82E56000 \SystemRoot\system32\drivers\pci.sys
    0x82E7D000 \SystemRoot\System32\drivers\partmgr.sys
    0x82E8C000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x82E8F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82E99000 \SystemRoot\system32\drivers\volmgr.sys
    0x82EA8000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82EF2000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82F02000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x82F09000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x82F17000 \SystemRoot\System32\drivers\sfsync02.sys
    0x8A80E000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8A9C3000 \SystemRoot\system32\drivers\atapi.sys
    0x8A9CB000 \SystemRoot\system32\drivers\ataport.SYS
    0x8A9E9000 \SystemRoot\system32\drivers\msahci.sys
    0x82F20000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82F52000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82F62000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x8A9F3000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82F71000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8AA02000 \SystemRoot\system32\drivers\ndis.sys
    0x8AB0D000 \SystemRoot\system32\drivers\msrpc.sys
    0x8AB38000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8AB73000 \SystemRoot\System32\Drivers\vbtenum.sys
    0x8AC0B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8AD1B000 \SystemRoot\system32\drivers\volsnap.sys
    0x8AD54000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x8AD59000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
    0x8AD9C000 \SystemRoot\System32\Drivers\spldr.sys
    0x8ADA4000 \SystemRoot\System32\drivers\sfhlp02.sys
    0x8ADAC000 \SystemRoot\System32\drivers\sfdrv01.sys
    0x8ADBF000 \SystemRoot\System32\Drivers\mup.sys
    0x8ADCE000 \SystemRoot\System32\drivers\ecache.sys
    0x8AB77000 \SystemRoot\system32\drivers\disk.sys
    0x8AB88000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8ADF5000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8AC00000 \SystemRoot\System32\Drivers\BTHidMgr.sys
    0x8E7CE000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8E7D7000 \SystemRoot\system32\DRIVERS\FwLnk.sys
    0x8E7DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8E7EE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F407000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8FD27000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8FDC7000 \SystemRoot\System32\drivers\watchdog.sys
    0x8FDD3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8ABB6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8FDDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8EA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8EA9A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8EAE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8EAF9000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys
    0x8EAFB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8EB06000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8EB36000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8EB38000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys
    0x8EB48000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8EB53000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x8EB57000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8EB6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8EB75000 \SystemRoot\System32\Drivers\atdbv5fx.SYS
    0x8EBAD000 \SystemRoot\System32\Drivers\VcommMgr.sys
    0x8EBB7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x805BF000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8EBE6000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8EBF1000 \SystemRoot\system32\DRIVERS\blueletaudio.sys
    0x807C4000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x8FE00000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x8FE25000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FE4F000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
    0x8FE55000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x8FE5D000 \SystemRoot\system32\drivers\modem.sys
    0x8FE6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FE81000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FE8C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FEAF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FEBE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FED2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FEE7000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
    0x8FEEA000 \SystemRoot\system32\DRIVERS\VComm.sys
    0x8FEF1000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8FEFB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FF0B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FF0D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FF17000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FF24000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FF59000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x90207000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x90609000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x90725000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9073C000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    0x90744000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x90765000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x907D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x907DE000 \SystemRoot\System32\Drivers\Null.SYS
    0x907E5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x907EC000 \??\C:\Windows\System32\Drivers\KMWDFilter.SYS
    0x907F1000 \SystemRoot\System32\drivers\vga.sys
    0x90516000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x90600000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x90537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x90547000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x9054E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x90556000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x9055E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x90569000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys
    0x9056F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x9057D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x90585000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x90A0A000 \SystemRoot\System32\drivers\tcpip.sys
    0x90AF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x90B0F000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
    0x90B6D000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90B83000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x90B8D000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90BA1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x9058E000 \SystemRoot\system32\drivers\afd.sys
    0x90BD3000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x90BD8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x90BEE000 \SystemRoot\system32\DRIVERS\rtlprot.sys
    0x905D6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90BF8000 \SystemRoot\System32\Drivers\StarOpen.SYS
    0x905E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8FF6A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x90A00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x8FF8C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8FFC8000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90E0A000 \SystemRoot\system32\drivers\mfehidk.sys
    0x90E3D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x90E54000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x90E9D000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8E600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x9A2E0000 \SystemRoot\System32\win32k.sys
    0x90EAA000 \SystemRoot\System32\drivers\Dxapi.sys
    0x90EB4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9A500000 \SystemRoot\System32\TSDDD.dll
    0x9A520000 \SystemRoot\System32\cdd.dll
    0x90EC3000 \SystemRoot\system32\drivers\luafv.sys
    0x90EDE000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x90F16000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x90F19000 \SystemRoot\system32\drivers\spsys.sys
    0x90FC9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8FFD2000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x90FD9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x90FE3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xB0801000 \SystemRoot\system32\drivers\HTTP.sys
    0xB086E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xB088B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xB08A4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xB08B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB08D8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xB0911000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xB0929000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xB0951000 \SystemRoot\System32\DRIVERS\srv.sys
    0xB2A0C000 \SystemRoot\system32\drivers\peauth.sys
    0xB2AEA000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB2AF4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB2B00000 \SystemRoot\system32\DRIVERS\psi_mf.sys
    0xB2B03000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77110000 \Windows\System32\ntdll.dll

    Processes (total 88):
    0 System Idle Process
    4 System
    548 C:\Windows\System32\smss.exe
    676 csrss.exe
    716 C:\Windows\System32\wininit.exe
    728 csrss.exe
    764 C:\Windows\System32\services.exe
    792 C:\Windows\System32\lsass.exe
    800 C:\Windows\System32\winlogon.exe
    812 C:\Windows\System32\lsm.exe
    964 C:\Windows\System32\svchost.exe
    1024 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    1068 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\audiodg.exe
    1392 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\SLsvc.exe
    1492 C:\Windows\servicing\TrustedInstaller.exe
    1512 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\svchost.exe
    1740 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    352 C:\Windows\System32\spoolsv.exe
    476 C:\Windows\System32\svchost.exe
    564 C:\Windows\System32\agrsmsvc.exe
    1820 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1792 C:\Program Files\Bonjour\mDNSResponder.exe
    1064 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    1552 C:\Windows\System32\svchost.exe
    1332 C:\Program Files\Mouse Driver\KMWDSrv.exe
    840 C:\Windows\System32\svchost.exe
    2084 C:\Windows\System32\svchost.exe
    2096 C:\Windows\System32\svchost.exe
    2160 C:\Program Files\Secunia\PSI\psia.exe
    2428 C:\Windows\System32\svchost.exe
    2444 C:\Program Files\FIGHTERS\FighterSuiteService.exe
    2500 C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    2624 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    2644 C:\Windows\System32\TODDSrv.exe
    2664 C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
    2684 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    2744 C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
    2760 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    2800 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    2820 C:\Windows\System32\svchost.exe
    2840 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3420 C:\Program Files\Secunia\PSI\sua.exe
    3460 C:\Windows\System32\SearchIndexer.exe
    3660 C:\Windows\System32\taskeng.exe
    1784 C:\Windows\System32\taskeng.exe
    636 C:\Windows\System32\dwm.exe
    1980 C:\Windows\explorer.exe
    2392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2388 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    3436 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3088 C:\Program Files\Mouse Driver\StartAutorun.exe
    1108 C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    3096 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    1716 C:\Windows\System32\igfxtray.exe
    3352 C:\Windows\System32\hkcmd.exe
    1504 C:\Windows\System32\igfxpers.exe
    3724 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    3780 C:\Windows\System32\igfxsrvc.exe
    3548 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    796 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2336 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2328 C:\Program Files\Secunia\PSI\psi_tray.exe
    3060 C:\Program Files\Mouse Driver\KMCONFIG.exe
    3624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2208 C:\Windows\System32\wbem\unsecapp.exe
    3964 WmiPrvSE.exe
    4168 C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
    4188 C:\Program Files\Mouse Driver\KMProcess.exe
    4444 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4480 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    4512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    4772 WmiPrvSE.exe
    4988 C:\Windows\System32\svchost.exe
    5320 C:\Windows\System32\SearchProtocolHost.exe
    5520 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4836 C:\Windows\System32\SearchProtocolHost.exe
    5292 C:\Windows\System32\SearchFilterHost.exe
    3784 C:\Users\Annelie\Desktop\MBRCheck.exe
    3120 Sf.bin
    4928 C:\Windows\System32\conime.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
    \\.\E: –> \\.\PhysicalDrive0 at offset 0x00000012`f5700000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK1652GSX, Rev: LV010M

    Size Device Name MBR Status
    ——————————————–
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!


    Ik gebruik trouwens ook een oude versie van Internet Explorer. Als ik IE 9 wil gebruiken dan moet ik die afsluiten want "hij werkt niet meer".
    Heb secunia inmiddels gedownload; dan doet de scan het wel goed. (resultaat beschikbaar)
  • hoi eline - maak je niet ongerust, dit alles had eigenlijk al eerder onderzocht moeten zijn!

    Maar beter laat dan helemaal nooit, goed zo, 2 rootkits verwijderd.


    Open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:19500c1191]Kladblok[/b:19500c1191]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:19500c1191]
  • Fijn, in ieder geval geen MBR-rootkit in de harde schijf!

    Nu mag je het volgende gaan doen:

    Download [b:51f5715e10]GMER[/b:51f5715e10] van één van de volgende locaties, en sla het op je Bureaublad op:[list:51f5715e10]
    [*:51f5715e10][b:51f5715e10]Primaire downloadlocatie[/b:51f5715e10]
    [i:51f5715e10]Deze mirror zal een random genaamd bestand geven (Aanbevolen)[/i:51f5715e10]
    [*:51f5715e10][b:51f5715e10]Gezipt bestand[/b:51f5715e10]
    [i:51f5715e10]Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.[/i:51f5715e10][/list:u:51f5715e10][list:51f5715e10]
    [*:51f5715e10]Verbreek je internetverbinding en [b:51f5715e10]sluit alle openstaande programma's[/b:51f5715e10].
    [*:51f5715e10]Schakel tijdelijk je real-time beveiligingssoftware uit.
    [*:51f5715e10]Dubbelklik op het [b:51f5715e10]random vernoemd[/b:51f5715e10] GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de [b:51f5715e10]gmer.sys[/b:51f5715e10] driver wordt geladen, als dit gevraagd wordt.
    [*:51f5715e10][i:51f5715e10]
  • GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-07 14:47:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01
    Running: 63jpfi5y.exe; Driver: C:\Users\Annelie\AppData\Local\Temp\agriiaod.sys


    —- System - GMER 1.0.15 —-

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90778202]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9077A7F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9077A848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9077A95E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9077A746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9077A898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9077A79A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9077A90C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90778226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90777FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9077824A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9077AD56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90778CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9077A820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9077A870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9077A988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9077A772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9077A8D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9077A7C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9077A936]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90778BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9077826E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90778292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9077804A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90778186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90778162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x907781AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x907782B6]

    INT 0x62 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x92 ? 88823F00
    INT 0xA2 ? 88823F00
    INT 0xB2 ? 85E43BF8
    INT 0xB2 ? 88823F00
    INT 0xB2 ? 88823F00
    INT 0xB2 ? 85E43BF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E73762]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    —- Kernel code sections - GMER 1.0.15 —-

    .text ntkrnlpa.exe!KeSetEvent + 10D 828F8890 4 Bytes [02, 82, 77, 90]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 828F8954 8 Bytes [F0, A7, 77, 90, 48, A8, 77, …]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 828F8960 4 Bytes [5E, A9, 77, 90]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 828F8978 4 Bytes [46, A7, 77, 90] {INC ESI; CMPSD ; JA 0xffffffffffffff94}
    .text ntkrnlpa.exe!KeSetEvent + 215 828F8998 8 Bytes [98, A8, 77, 90, 9A, A7, 77, …]
    .text …
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A235C7 5 Bytes JMP 90E6F11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82A7C4F3 5 Bytes JMP 90E70BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A85E18 4 Bytes CALL 9077934B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A89A8C 4 Bytes CALL 90779361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ADDDAE 7 Bytes JMP 90E73766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\Drivers\spji.sys Het systeem kan het opgegeven pad niet vinden. !
    PAGE ataport.SYS!DllUnload 8A9DCB2E 5 Bytes JMP 85E3F1D8
    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD59480, 0x3C939, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9A900, 0x3CA, 0x48000040]
    .text USBPORT.SYS!DllUnload 8ABE641B 5 Bytes JMP 888234E0
    .text atdbv5fx.SYS 8EB76000 22 Bytes [82, 03, 82, 82, 6C, 02, 82, …]
    .text atdbv5fx.SYS 8EB76017 137 Bytes [00, 32, 07, 7A, 80, 3D, 05, …]
    .text atdbv5fx.SYS 8EB760A1 43 Bytes [50, 8F, 82, 74, 46, 89, 82, …]
    .text atdbv5fx.SYS 8EB760CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, …]
    .text atdbv5fx.SYS 8EB760DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, …]
    .text …
    .text win32k.sys!EngCreateRectRgn + 4537 9A2FFC90 5 Bytes JMP 9077B440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 9A318EB9 5 Bytes JMP 9077BE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 9A319CA5 5 Bytes JMP 9077BF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 9A322407 5 Bytes JMP 9077AD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 9A323350 5 Bytes JMP 9077BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F1 9A32EA84 5 Bytes JMP 9077B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 455C 9A32FEEF 5 Bytes JMP 9077AF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119C6 9A349A25 5 Bytes JMP 9077B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A1A 9A349A79 5 Bytes JMP 9077B326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 9A370A12 5 Bytes JMP 9077BB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 9A373371 5 Bytes JMP 9077AE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3A 9A379CA9 5 Bytes JMP 9077AFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B42 9A384110 1 Byte [E9]
    .text win32k.sys!EngStretchBlt + 2B42 9A384110 5 Bytes JMP 9077C014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 9A386FFC 5 Bytes JMP 9077AE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 81C 9A3A5415 5 Bytes JMP 9077BD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6EBA 9A3ABAB3 5 Bytes JMP 9077BBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 9A3AF22A 5 Bytes JMP 9077BCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 9A3B6B49 5 Bytes JMP 9077AEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 9A3D50A6 5 Bytes JMP 9077B0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 9A3DA902 5 Bytes JMP 9077B008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 9A3DE43A 5 Bytes JMP 9077BECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 9A3FD707 5 Bytes JMP 9077B03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D23F 9A409F37 5 Bytes JMP 9077B0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 90F6603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 1 Byte [16]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 90F66130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 90F66137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, …]
    PAGE …

    —- User code sections - GMER 1.0.15 —-

    .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[352] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001A0600
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001A0804
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001A0A08
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001A01F8
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001A03FC
    .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[476] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000801F8
    .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000803FC
    .text C:\Windows\system32\agrsmsvc.exe[564] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000A0600
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000A1014
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000A0804
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000A0A08
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000A0C0C
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000A0E10
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00090600
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[716] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00180600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00190600
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00190804
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00190A08
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001901F8
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001903FC
    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00BC0600
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00BC0804
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00BC0A08
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 00BC01F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 00BC03FC
    .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 001501F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 001503FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001D0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001D0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001D0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001D01F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001D03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001E03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 001E0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 001E1014
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 001E0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 001E0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 001E0C0C
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 001E0E10
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001E01F8
    .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00910600
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00910804
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00910A08
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 009101F8
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 009103FC
    .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001E0600
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001E0804
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001E0A08
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001E01F8
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001E03FC
    .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W
  • GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-07 14:47:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01
    Running: 63jpfi5y.exe; Driver: C:\Users\Annelie\AppData\Local\Temp\agriiaod.sys


    —- System - GMER 1.0.15 —-

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90778202]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9077A7F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9077A848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9077A95E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9077A746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9077A898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9077A79A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9077A90C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90778226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90777FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9077824A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9077AD56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90778CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9077A820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9077A870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9077A988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9077A772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9077A8D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9077A7C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9077A936]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90778BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9077826E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90778292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9077804A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90778186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90778162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x907781AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x907782B6]

    INT 0x62 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x82 ? 88823F00
    INT 0x92 ? 88823F00
    INT 0xA2 ? 88823F00
    INT 0xB2 ? 85E43BF8
    INT 0xB2 ? 88823F00
    INT 0xB2 ? 88823F00
    INT 0xB2 ? 85E43BF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E73762]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    —- Kernel code sections - GMER 1.0.15 —-

    .text ntkrnlpa.exe!KeSetEvent + 10D 828F8890 4 Bytes [02, 82, 77, 90]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 828F8954 8 Bytes [F0, A7, 77, 90, 48, A8, 77, …]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 828F8960 4 Bytes [5E, A9, 77, 90]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 828F8978 4 Bytes [46, A7, 77, 90] {INC ESI; CMPSD ; JA 0xffffffffffffff94}
    .text ntkrnlpa.exe!KeSetEvent + 215 828F8998 8 Bytes [98, A8, 77, 90, 9A, A7, 77, …]
    .text …
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A235C7 5 Bytes JMP 90E6F11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82A7C4F3 5 Bytes JMP 90E70BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A85E18 4 Bytes CALL 9077934B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A89A8C 4 Bytes CALL 90779361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ADDDAE 7 Bytes JMP 90E73766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\Drivers\spji.sys Het systeem kan het opgegeven pad niet vinden. !
    PAGE ataport.SYS!DllUnload 8A9DCB2E 5 Bytes JMP 85E3F1D8
    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD59480, 0x3C939, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9A900, 0x3CA, 0x48000040]
    .text USBPORT.SYS!DllUnload 8ABE641B 5 Bytes JMP 888234E0
    .text atdbv5fx.SYS 8EB76000 22 Bytes [82, 03, 82, 82, 6C, 02, 82, …]
    .text atdbv5fx.SYS 8EB76017 137 Bytes [00, 32, 07, 7A, 80, 3D, 05, …]
    .text atdbv5fx.SYS 8EB760A1 43 Bytes [50, 8F, 82, 74, 46, 89, 82, …]
    .text atdbv5fx.SYS 8EB760CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, …]
    .text atdbv5fx.SYS 8EB760DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, …]
    .text …
    .text win32k.sys!EngCreateRectRgn + 4537 9A2FFC90 5 Bytes JMP 9077B440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 9A318EB9 5 Bytes JMP 9077BE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 9A319CA5 5 Bytes JMP 9077BF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 9A322407 5 Bytes JMP 9077AD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 9A323350 5 Bytes JMP 9077BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F1 9A32EA84 5 Bytes JMP 9077B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 455C 9A32FEEF 5 Bytes JMP 9077AF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119C6 9A349A25 5 Bytes JMP 9077B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A1A 9A349A79 5 Bytes JMP 9077B326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 9A370A12 5 Bytes JMP 9077BB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 9A373371 5 Bytes JMP 9077AE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3A 9A379CA9 5 Bytes JMP 9077AFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B42 9A384110 1 Byte [E9]
    .text win32k.sys!EngStretchBlt + 2B42 9A384110 5 Bytes JMP 9077C014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 9A386FFC 5 Bytes JMP 9077AE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 81C 9A3A5415 5 Bytes JMP 9077BD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6EBA 9A3ABAB3 5 Bytes JMP 9077BBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 9A3AF22A 5 Bytes JMP 9077BCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 9A3B6B49 5 Bytes JMP 9077AEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 9A3D50A6 5 Bytes JMP 9077B0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 9A3DA902 5 Bytes JMP 9077B008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 9A3DE43A 5 Bytes JMP 9077BECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 9A3FD707 5 Bytes JMP 9077B03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D23F 9A409F37 5 Bytes JMP 9077B0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 90F6603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 1 Byte [16]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 90F660AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 90F66130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 90F66137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, …]
    PAGE …

    —- User code sections - GMER 1.0.15 —-

    .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[352] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[352] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[352] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001A0600
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001A0804
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001A0A08
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001A01F8
    .text C:\Windows\System32\spoolsv.exe[352] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001A03FC
    .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[476] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[476] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000801F8
    .text C:\Windows\system32\agrsmsvc.exe[564] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000803FC
    .text C:\Windows\system32\agrsmsvc.exe[564] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000A0600
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000A1014
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000A0804
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000A0A08
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000A0C0C
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000A0E10
    .text C:\Windows\system32\agrsmsvc.exe[564] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\agrsmsvc.exe[564] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[636] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\Dwm.exe[636] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00090600
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\Dwm.exe[636] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[716] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00180600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[796] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00190600
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00190804
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00190A08
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001901F8
    .text C:\Windows\System32\svchost.exe[840] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001903FC
    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00BC0600
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00BC0804
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00BC0A08
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 00BC01F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 00BC03FC
    .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 001501F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 001503FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001D0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001D0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001D0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001D01F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001D03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001E03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 001E0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 001E1014
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 001E0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 001E0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 001E0C0C
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 001E0E10
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1064] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001E01F8
    .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 00910600
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 00910804
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 00910A08
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 009101F8
    .text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 009103FC
    .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 765B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 765B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 768F6322 5 Bytes JMP 001E0600
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 768F87AD 5 Bytes JMP 001E0804
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 768F98DB 5 Bytes JMP 001E0A08
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 768F9F3A 5 Bytes JMP 001E01F8
    .text C:\Windows\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 768FC06F 5 Bytes JMP 001E03FC
    .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7714B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76CD2247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76579EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 7657A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 765B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 765B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 765B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 765B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W
  • Hoi Eline, we hebben weer ComboFix nodig om een rootkit te verwijdederen!

    [b:7fd691557f]Download ComboFix via één van deze locaties[/b:7fd691557f]:
    [list:7fd691557f][*:7fd691557f][b:7fd691557f]Bleepingcomputer[/b:7fd691557f]
    [*:7fd691557f][b:7fd691557f]ForoSpyware[/b:7fd691557f]
    [*:7fd691557f][b:7fd691557f]Geekstogo[/b:7fd691557f][/list:u:7fd691557f]

    ComboFix dient wederom op je bureaublad te staan!


    Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:7fd691557f]Kladblok[/b:7fd691557f]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:7fd691557f]
  • Ik begrijp echt niet waar ik mee bezig ben, maar ik vertrouw op jou: :roll:

    ComboFix 11-05-06.05 - Annelie 07-05-2011 16:38:05.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1411 [GMT 2:00]
    Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Annelie\AppData\Local\Temp\agriiaod.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_AGRIIAOD
    ——-\Service_agriiaod
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-07 to 2011-05-07 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-07 14:47 . 2011-05-07 14:50 ——– d—–w- c:\users\Annelie\AppData\Local\temp
    2011-05-07 14:47 . 2011-05-07 14:47 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-05-07 07:11 . 2011-05-07 07:11 ——– d—–w- c:\users\Annelie\AppData\Local\Secunia PSI
    2011-05-07 07:11 . 2011-05-07 07:11 ——– d—–w- c:\program files\Secunia
    2011-05-06 17:30 . 2011-04-18 07:15 7071056 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01D7D332-4CAC-40D0-82D6-1142E84782DB}\mpengine.dll
    2011-05-05 18:02 . 2011-05-05 18:02 ——– d—–w- c:\programdata\Enkord
    2011-05-05 14:42 . 2011-05-06 20:27 ——– d—–w- c:\programdata\Family Farm
    2011-05-05 13:01 . 2011-05-05 13:02 ——– d—–w- c:\users\Annelie\AppData\Local\{C0D9C370-CAA1-4D6E-ADE1-60D6D88A2A6E}
    2011-05-05 10:17 . 2011-05-05 10:17 ——– d—–w- c:\users\Annelie\AppData\Local\Adobe
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-05-05 10:03 . 2011-05-05 17:28 ——– d—–w- c:\program files\QuickTime
    2011-05-05 10:03 . 2011-05-05 10:03 ——– d—–w- c:\programdata\Apple Computer
    2011-05-05 10:00 . 2011-05-05 10:00 ——– d—–w- c:\users\Annelie\AppData\Local\Apple
    2011-05-05 10:00 . 2011-05-05 10:00 ——– d—–w- c:\program files\Apple Software Update
    2011-05-05 09:00 . 2011-05-05 09:00 ——– d—–w- c:\program files\Common Files\Java
    2011-05-04 12:23 . 2011-05-04 12:23 ——– d—–w- c:\program files\ESET
    2011-05-03 19:24 . 2011-05-03 19:24 388096 —-a-r- c:\users\Annelie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-03 19:24 . 2011-05-03 19:24 ——– d—–w- c:\program files\Trend Micro
    2011-04-29 17:36 . 2011-04-29 10:12 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2011-04-29 17:06 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 17:06 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 16:02 . 2011-04-18 17:17 307288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 16:02 . 2011-04-18 17:12 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 16:02 . 2011-04-18 17:17 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 16:02 . 2011-04-18 17:16 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 16:02 . 2011-04-18 17:13 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 16:02 . 2011-04-18 17:13 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-29 16:01 . 2011-04-18 17:25 40112 —-a-w- c:\windows\avastSS.scr
    2011-04-29 16:01 . 2011-04-18 17:25 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 15:35 . 2011-03-03 15:40 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-29 15:35 . 2011-03-03 13:35 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-29 15:35 . 2011-03-12 21:55 876032 —-a-w- c:\windows\system32\XpsPrint.dll
    2011-04-29 07:47 . 2011-04-29 07:47 ——– d—–w- c:\program files\Panda Security
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\programdata\AVAST Software
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\program files\AVAST Software
    2011-04-28 19:15 . 2011-04-28 19:15 ——– d—–w- c:\users\Annelie\AppData\Local\Sunbelt Software
    2011-04-28 19:14 . 2011-04-28 19:14 ——– dc-h–w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
    2011-04-28 19:13 . 2011-04-28 19:15 ——– d—–w- c:\programdata\Lavasoft
    2011-04-28 19:13 . 2011-04-28 19:13 ——– d—–w- c:\program files\Lavasoft
    2011-04-28 12:11 . 2011-05-05 07:02 ——– d—–w- c:\program files\Emsisoft Anti-Malware
    2011-04-28 11:15 . 2011-04-28 11:15 ——– d—–w- c:\users\Annelie\AppData\Roaming\Malwarebytes
    2011-04-28 11:14 . 2011-04-28 11:14 ——– d—–w- c:\programdata\Malwarebytes
    2011-04-28 11:14 . 2011-04-30 17:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-27 20:21 . 2011-04-27 20:21 ——– d—–w- c:\users\Annelie\AppData\Roaming\Skype
    2011-04-27 18:59 . 2011-04-27 18:59 ——– d—–w- c:\program files\Loaris
    2011-04-27 18:16 . 2011-04-27 18:58 ——– d—–w- c:\program files\Loaris Trojan Remover
    2011-04-26 10:23 . 2011-04-26 10:23 ——– d—–w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5}
    2011-04-24 19:11 . 2011-04-24 19:12 ——– d—–w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73}
    2011-04-23 10:55 . 2011-04-23 10:55 ——– d—–w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia
    2011-04-23 10:30 . 2011-04-23 10:31 ——– d—–w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8}
    2011-04-22 19:45 . 2011-04-22 19:45 ——– d—–w- c:\program files\Shangri La 2 Deluxe
    2011-04-22 18:22 . 2011-04-22 18:22 ——– d—–w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816}
    2011-04-21 18:28 . 2011-04-21 18:33 ——– d—–w- c:\program files\Farmscapes Collectors Edition
    2011-04-21 11:13 . 2011-04-21 11:13 ——– d—–w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6}
    2011-04-20 10:58 . 2011-04-20 10:58 ——– d—–w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics
    2011-04-20 10:56 . 2011-04-20 10:56 ——– d—–w- c:\program files\Microsoft ATS
    2011-04-20 10:47 . 2011-04-20 10:47 ——– d—–w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E}
    2011-04-19 13:03 . 2011-04-19 13:03 ——– d—–w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901}
    2011-04-18 08:38 . 2011-04-18 08:38 ——– d—–w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B}
    2011-04-17 15:13 . 2011-05-03 11:34 ——– d—–w- c:\program files\Campfire Legends - The Babysitter
    2011-04-17 12:56 . 2011-04-29 16:11 ——– d—–w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe
    2011-04-17 10:55 . 2011-04-17 10:55 ——– d—–w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3}
    2011-04-16 10:37 . 2011-04-16 10:37 ——– d—–w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551}
    2011-04-14 18:02 . 2011-04-14 18:02 ——– d—–w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da}
    2011-04-14 10:56 . 2011-04-14 10:56 ——– d—–w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591}
    2011-04-12 14:43 . 2011-04-12 14:43 ——– d—–w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC}
    2011-04-11 18:19 . 2011-04-11 18:20 ——– d—–w- c:\program files\Little Shop - World Traveler Deluxe
    2011-04-10 19:49 . 2011-04-10 19:49 ——– d—–w- c:\users\Annelie\AppData\Roaming\NevoSoft
    2011-04-08 07:34 . 2011-04-08 07:35 ——– d—–w- c:\users\Annelie\AppData\Roaming\thejoyoffarming
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-05 12:56 . 2008-11-21 17:35 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2011-05-05 12:56 . 2008-11-21 17:35 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2011-05-05 08:47 . 2010-06-05 13:13 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-03-09 11:37 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 15:16 . 2010-01-19 13:00 444952 —-a-w- c:\windows\system32\wrap_oal.dll
    2011-03-07 15:16 . 2010-01-19 13:00 109080 —-a-w- c:\windows\system32\OpenAL32.dll
    2011-03-03 15:40 . 2011-04-29 15:35 173056 —-a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-29 15:35 458752 —-a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-29 15:35 542720 —-a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-29 15:35 2159616 —-a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 12:25 288768 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 12:25 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 12:25 797696 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-11 17:26 . 2011-02-11 17:26 8198680 —-a-w- c:\windows\system32\TVWSetup.exe
    2011-02-11 17:26 . 2009-07-17 14:48 137752 —-a-w- c:\windows\system32\igfxtray.exe
    2011-02-11 17:26 . 2009-07-17 14:48 267800 —-a-w- c:\windows\system32\igfxsrvc.exe
    2011-02-11 17:26 . 2009-07-17 14:48 172568 —-a-w- c:\windows\system32\igfxpers.exe
    2011-02-11 17:26 . 2009-07-17 14:48 179224 —-a-w- c:\windows\system32\igfxext.exe
    2011-02-11 17:26 . 2009-07-17 14:48 171032 —-a-w- c:\windows\system32\hkcmd.exe
    2011-02-11 17:26 . 2011-02-11 17:26 3157528 —-a-w- c:\windows\system32\GfxUI.exe
    2011-02-11 17:20 . 2011-02-11 17:20 81920 —-a-w- c:\windows\system32\igfxCoIn_v2302.dll
    2011-02-11 17:12 . 2011-02-11 17:12 9036800 —-a-w- c:\windows\system32\drivers\igdkmd32.sys
    2011-02-11 17:12 . 2008-08-19 11:04 4967424 —-a-w- c:\windows\system32\igdumd32.dll
    2011-02-11 17:09 . 2008-08-19 11:04 571904 —-a-w- c:\windows\system32\igdumdx32.dll
    2011-02-11 17:04 . 2011-02-11 17:04 4411392 —-a-w- c:\windows\system32\igd10umd32.dll
    2011-02-11 16:51 . 2011-02-11 16:51 11039744 —-a-w- c:\windows\system32\ig4icd32.dll
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrsky.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrslv.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrtha.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxresn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrrus.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrptg.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrsve.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrplk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrptb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrnor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrkor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrell.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrita.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrhun.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrheb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrfra.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrfin.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrdan.lrc
    2011-02-11 16:44 . 2009-07-17 14:48 86016 —-a-w- c:\windows\system32\igfxrnld.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrara.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrcht.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrchs.lrc
    2011-02-11 16:41 . 2011-02-11 16:41 195584 —-a-w- c:\windows\system32\igfxpph.dll
    2011-02-11 16:41 . 2011-02-11 16:41 115200 —-a-w- c:\windows\system32\igfxcpl.cpl
    2011-02-11 16:41 . 2008-08-19 11:04 261632 —-a-w- c:\windows\system32\igfxTMM.dll
    2011-02-11 16:41 . 2008-08-19 11:04 23552 —-a-w- c:\windows\system32\igfxexps.dll
    2011-02-11 16:41 . 2008-08-19 11:04 57856 —-a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 130048 —-a-w- c:\windows\system32\igfxdo.dll
    2011-02-11 16:40 . 2008-08-19 11:04 95232 —-a-w- c:\windows\system32\hccutils.dll
    2011-02-11 16:40 . 2011-02-11 16:40 120320 —-a-w- c:\windows\system32\gfxSrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 4096 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-02-11 16:40 . 2011-02-11 16:40 85504 —-a-w- c:\windows\system32\igfxrenu.lrc
    2011-02-11 16:40 . 2008-08-19 11:04 828928 —-a-w- c:\windows\system32\igfxress.dll
    2011-02-11 16:40 . 2008-08-19 11:04 228864 —-a-w- c:\windows\system32\igfxdev.dll
    2011-02-11 16:35 . 2011-02-11 16:35 208896 —-a-w- c:\windows\system32\iglhsip32.dll
    2011-02-11 16:35 . 2011-02-11 16:35 147456 —-a-w- c:\windows\system32\iglhcp32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
    "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
    "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
    "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk]
    path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk
    backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-07-02 13:35 30192 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 —-a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
    R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x]
    R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
    R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BOHCI;BOHCI; [x]
    R4 BUHCI;BUHCI; [x]
    R4 BUSBD;BUSBD; [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
    S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104]
    S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://alawar.co.nl
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: microsoft.com\www
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
    MSConfigStartUp-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-07 16:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-05-07 16:57:17 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-05-07 14:56
    ComboFix2.txt 2011-05-02 20:17
    .
    Pre-Run: 16.728.879.104 bytes beschikbaar
    Post-Run: 16.329.916.416 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    - - End Of File - - E66245D6DD6830CCD1ADC8C15D58F243
  • Mijn pc staat wel min of meer vast na die Combofix dingen, de 2e keer heb ik hem geforceerd (aan/uit knop) uit moeten zetten.

    ComboFix 11-05-06.05 - Annelie 07-05-2011 17:46:25.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1897 [GMT 2:00]
    Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-07 to 2011-05-07 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-07 15:53 . 2011-05-07 15:58 ——– d—–w- c:\users\Annelie\AppData\Local\temp
    2011-05-07 15:53 . 2011-05-07 15:53 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-05-07 07:11 . 2011-05-07 07:11 ——– d—–w- c:\users\Annelie\AppData\Local\Secunia PSI
    2011-05-07 07:11 . 2011-05-07 07:11 ——– d—–w- c:\program files\Secunia
    2011-05-06 17:30 . 2011-04-18 07:15 7071056 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01D7D332-4CAC-40D0-82D6-1142E84782DB}\mpengine.dll
    2011-05-05 18:02 . 2011-05-05 18:02 ——– d—–w- c:\programdata\Enkord
    2011-05-05 14:42 . 2011-05-06 20:27 ——– d—–w- c:\programdata\Family Farm
    2011-05-05 13:01 . 2011-05-05 13:02 ——– d—–w- c:\users\Annelie\AppData\Local\{C0D9C370-CAA1-4D6E-ADE1-60D6D88A2A6E}
    2011-05-05 10:17 . 2011-05-05 10:17 ——– d—–w- c:\users\Annelie\AppData\Local\Adobe
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-05-05 10:03 . 2011-05-05 17:28 159744 —-a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-05-05 10:03 . 2011-05-05 17:28 ——– d—–w- c:\program files\QuickTime
    2011-05-05 10:03 . 2011-05-05 10:03 ——– d—–w- c:\programdata\Apple Computer
    2011-05-05 10:00 . 2011-05-05 10:00 ——– d—–w- c:\users\Annelie\AppData\Local\Apple
    2011-05-05 10:00 . 2011-05-05 10:00 ——– d—–w- c:\program files\Apple Software Update
    2011-05-05 09:00 . 2011-05-05 09:00 ——– d—–w- c:\program files\Common Files\Java
    2011-05-04 12:23 . 2011-05-04 12:23 ——– d—–w- c:\program files\ESET
    2011-05-03 19:24 . 2011-05-03 19:24 388096 —-a-r- c:\users\Annelie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-03 19:24 . 2011-05-03 19:24 ——– d—–w- c:\program files\Trend Micro
    2011-04-29 17:36 . 2011-04-29 10:12 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2011-04-29 17:06 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 17:06 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 16:02 . 2011-04-18 17:17 307288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 16:02 . 2011-04-18 17:12 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 16:02 . 2011-04-18 17:17 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 16:02 . 2011-04-18 17:16 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 16:02 . 2011-04-18 17:13 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 16:02 . 2011-04-18 17:13 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-29 16:01 . 2011-04-18 17:25 40112 —-a-w- c:\windows\avastSS.scr
    2011-04-29 16:01 . 2011-04-18 17:25 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 15:35 . 2011-03-03 15:40 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-29 15:35 . 2011-03-03 13:35 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-29 15:35 . 2011-03-12 21:55 876032 —-a-w- c:\windows\system32\XpsPrint.dll
    2011-04-29 07:47 . 2011-04-29 07:47 ——– d—–w- c:\program files\Panda Security
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\programdata\AVAST Software
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\program files\AVAST Software
    2011-04-28 19:15 . 2011-04-28 19:15 ——– d—–w- c:\users\Annelie\AppData\Local\Sunbelt Software
    2011-04-28 19:14 . 2011-04-28 19:14 ——– dc-h–w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
    2011-04-28 19:13 . 2011-04-28 19:15 ——– d—–w- c:\programdata\Lavasoft
    2011-04-28 19:13 . 2011-04-28 19:13 ——– d—–w- c:\program files\Lavasoft
    2011-04-28 12:11 . 2011-05-05 07:02 ——– d—–w- c:\program files\Emsisoft Anti-Malware
    2011-04-28 11:15 . 2011-04-28 11:15 ——– d—–w- c:\users\Annelie\AppData\Roaming\Malwarebytes
    2011-04-28 11:14 . 2011-04-28 11:14 ——– d—–w- c:\programdata\Malwarebytes
    2011-04-28 11:14 . 2011-04-30 17:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-27 20:21 . 2011-04-27 20:21 ——– d—–w- c:\users\Annelie\AppData\Roaming\Skype
    2011-04-27 18:59 . 2011-04-27 18:59 ——– d—–w- c:\program files\Loaris
    2011-04-27 18:16 . 2011-04-27 18:58 ——– d—–w- c:\program files\Loaris Trojan Remover
    2011-04-26 10:23 . 2011-04-26 10:23 ——– d—–w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5}
    2011-04-24 19:11 . 2011-04-24 19:12 ——– d—–w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73}
    2011-04-23 10:55 . 2011-04-23 10:55 ——– d—–w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia
    2011-04-23 10:30 . 2011-04-23 10:31 ——– d—–w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8}
    2011-04-22 19:45 . 2011-04-22 19:45 ——– d—–w- c:\program files\Shangri La 2 Deluxe
    2011-04-22 18:22 . 2011-04-22 18:22 ——– d—–w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816}
    2011-04-21 18:28 . 2011-04-21 18:33 ——– d—–w- c:\program files\Farmscapes Collectors Edition
    2011-04-21 11:13 . 2011-04-21 11:13 ——– d—–w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6}
    2011-04-20 10:58 . 2011-04-20 10:58 ——– d—–w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics
    2011-04-20 10:56 . 2011-04-20 10:56 ——– d—–w- c:\program files\Microsoft ATS
    2011-04-20 10:47 . 2011-04-20 10:47 ——– d—–w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E}
    2011-04-19 13:03 . 2011-04-19 13:03 ——– d—–w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901}
    2011-04-18 08:38 . 2011-04-18 08:38 ——– d—–w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B}
    2011-04-17 15:13 . 2011-05-03 11:34 ——– d—–w- c:\program files\Campfire Legends - The Babysitter
    2011-04-17 12:56 . 2011-04-29 16:11 ——– d—–w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe
    2011-04-17 10:55 . 2011-04-17 10:55 ——– d—–w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3}
    2011-04-16 10:37 . 2011-04-16 10:37 ——– d—–w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551}
    2011-04-14 18:02 . 2011-04-14 18:02 ——– d—–w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da}
    2011-04-14 10:56 . 2011-04-14 10:56 ——– d—–w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591}
    2011-04-12 14:43 . 2011-04-12 14:43 ——– d—–w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC}
    2011-04-11 18:19 . 2011-04-11 18:20 ——– d—–w- c:\program files\Little Shop - World Traveler Deluxe
    2011-04-10 19:49 . 2011-04-10 19:49 ——– d—–w- c:\users\Annelie\AppData\Roaming\NevoSoft
    2011-04-08 07:34 . 2011-04-08 07:35 ——– d—–w- c:\users\Annelie\AppData\Roaming\thejoyoffarming
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-05 12:56 . 2008-11-21 17:35 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2011-05-05 12:56 . 2008-11-21 17:35 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2011-05-05 08:47 . 2010-06-05 13:13 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-03-09 11:37 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 15:16 . 2010-01-19 13:00 444952 —-a-w- c:\windows\system32\wrap_oal.dll
    2011-03-07 15:16 . 2010-01-19 13:00 109080 —-a-w- c:\windows\system32\OpenAL32.dll
    2011-03-03 15:40 . 2011-04-29 15:35 173056 —-a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-29 15:35 458752 —-a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-29 15:35 542720 —-a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-29 15:35 2159616 —-a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 12:25 288768 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 12:25 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 12:25 797696 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-11 17:26 . 2011-02-11 17:26 8198680 —-a-w- c:\windows\system32\TVWSetup.exe
    2011-02-11 17:26 . 2009-07-17 14:48 137752 —-a-w- c:\windows\system32\igfxtray.exe
    2011-02-11 17:26 . 2009-07-17 14:48 267800 —-a-w- c:\windows\system32\igfxsrvc.exe
    2011-02-11 17:26 . 2009-07-17 14:48 172568 —-a-w- c:\windows\system32\igfxpers.exe
    2011-02-11 17:26 . 2009-07-17 14:48 179224 —-a-w- c:\windows\system32\igfxext.exe
    2011-02-11 17:26 . 2009-07-17 14:48 171032 —-a-w- c:\windows\system32\hkcmd.exe
    2011-02-11 17:26 . 2011-02-11 17:26 3157528 —-a-w- c:\windows\system32\GfxUI.exe
    2011-02-11 17:20 . 2011-02-11 17:20 81920 —-a-w- c:\windows\system32\igfxCoIn_v2302.dll
    2011-02-11 17:12 . 2011-02-11 17:12 9036800 —-a-w- c:\windows\system32\drivers\igdkmd32.sys
    2011-02-11 17:12 . 2008-08-19 11:04 4967424 —-a-w- c:\windows\system32\igdumd32.dll
    2011-02-11 17:09 . 2008-08-19 11:04 571904 —-a-w- c:\windows\system32\igdumdx32.dll
    2011-02-11 17:04 . 2011-02-11 17:04 4411392 —-a-w- c:\windows\system32\igd10umd32.dll
    2011-02-11 16:51 . 2011-02-11 16:51 11039744 —-a-w- c:\windows\system32\ig4icd32.dll
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrsky.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrslv.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrtha.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxresn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrrus.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrptg.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrsve.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrplk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrptb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrnor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrkor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrell.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrita.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrhun.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrheb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrfra.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrfin.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrdan.lrc
    2011-02-11 16:44 . 2009-07-17 14:48 86016 —-a-w- c:\windows\system32\igfxrnld.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrara.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrcht.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrchs.lrc
    2011-02-11 16:41 . 2011-02-11 16:41 195584 —-a-w- c:\windows\system32\igfxpph.dll
    2011-02-11 16:41 . 2011-02-11 16:41 115200 —-a-w- c:\windows\system32\igfxcpl.cpl
    2011-02-11 16:41 . 2008-08-19 11:04 261632 —-a-w- c:\windows\system32\igfxTMM.dll
    2011-02-11 16:41 . 2008-08-19 11:04 23552 —-a-w- c:\windows\system32\igfxexps.dll
    2011-02-11 16:41 . 2008-08-19 11:04 57856 —-a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 130048 —-a-w- c:\windows\system32\igfxdo.dll
    2011-02-11 16:40 . 2008-08-19 11:04 95232 —-a-w- c:\windows\system32\hccutils.dll
    2011-02-11 16:40 . 2011-02-11 16:40 120320 —-a-w- c:\windows\system32\gfxSrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 4096 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-02-11 16:40 . 2011-02-11 16:40 85504 —-a-w- c:\windows\system32\igfxrenu.lrc
    2011-02-11 16:40 . 2008-08-19 11:04 828928 —-a-w- c:\windows\system32\igfxress.dll
    2011-02-11 16:40 . 2008-08-19 11:04 228864 —-a-w- c:\windows\system32\igfxdev.dll
    2011-02-11 16:35 . 2011-02-11 16:35 208896 —-a-w- c:\windows\system32\iglhsip32.dll
    2011-02-11 16:35 . 2011-02-11 16:35 147456 —-a-w- c:\windows\system32\iglhcp32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
    "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
    "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
    "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk]
    path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk
    backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-07-02 13:35 30192 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 —-a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
    R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x]
    R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
    R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BOHCI;BOHCI; [x]
    R4 BUHCI;BUHCI; [x]
    R4 BUSBD;BUSBD; [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
    S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104]
    S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://alawar.co.nl
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: microsoft.com\www
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-07 17:57
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-05-07 18:03:11 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-05-07 16:03
    ComboFix2.txt 2011-05-07 14:57
    ComboFix3.txt 2011-05-02 20:17
    .
    Pre-Run: 16.290.107.392 bytes beschikbaar
    Post-Run: 16.244.137.984 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    - - End Of File - - 20AC4F0A34323F6C06772788602513AD
  • I'm so sorry - hoe lang draait die Vista nu al?
  • [quote:8e981e9662="Abraham54"]I'm so sorry - hoe lang draait die Vista nu al?[/quote:8e981e9662]

    November 2008
  • Vista is net zo oud als jouw PC?


    Doe het volgende: ga naar [b:90ac5363a7]Start[/b:90ac5363a7] en typ [in de zoekregel [b:90ac5363a7]cmd[/b:90ac5363a7]; bovenaan het startmenu zie je nu de betreffende snelkoppeling.
    Klik deze snelkoppeling met rechts aan en kies voor [b:90ac5363a7]Als administrator uitvoeren[/b:90ac5363a7].

    In het zwarte venster typ je nu [b:90ac5363a7]sfc /scannow[/b:90ac5363a7] gevolgd door indrukken van de Entertoets.

    Denk wel aan de spatie na 'sfc'.
    In het zwarte venster zie nu de voortgang van de scan.

    Is de scan klaar, typ je [b:90ac5363a7]Exit[/b:90ac5363a7] gevolgd door indrukken van de Entertoets.


    SFC (SystemFileChecker) houdt in dat systeembestanden gecontroleerd worden op juist funktioneren, zonodig volgt reparatie.


    Let goed op de laatste meldingen in het venster: indien aangegeven wordt, dat herstel afhankelijk is van opnieuw opstarten, doe dit dan.
  • Mijn Vista is net zo oud als mijn pc.
    Heb genoemde actie uitgevoerd; er werden fouten gevonden maar niet alles kon gerepareerd worden.
    PC Hoefde niet opnieuw te worden opgestart.
    Ik hoop dat het zo duidelijk is voor je.
  • Dat is in principe niet al te best!

    Ik ga ervan uit, dat jij geen installatie media bezit van Vista?
  • Waarom niet al te best? Laptop doet het nu prima, ìk heb er geen problemen mee.
    Toen ik de laptop net had, heb ik wel 2 herstel DVD's gemaakt van Toshiba; neem aan dat je dat niet bedoeld. Ik weet niet eens wat ik met die DVD's doen moet, maar omdat er automatisch zo op aangedrongen werd heb ik ze toen gemaakt. Kan er zelf eigenlijk niks mee…

    Van Vista heb ik niks. Stond er bij aankoop al op.

    Wat mij betreft hoeven we niet verder te "wroeten". Hij draait zoals die draait. Toch ? :?
  • Wel, dan kunnen we denk ik nu dit topic alsopgelost beschouwen!

    Wel nog even opruimen:

    ComboFix mag nu verwijderd worden:
    [list:825a37dbe8][*:825a37dbe8] ga daarvoor naar Start - Uitvoeren
    [*:825a37dbe8] kopieer en plak hierin het volgende: [b:825a37dbe8]Combofix /Uninstall[/b:825a37dbe8]
    [*:825a37dbe8] klik daarna op [b:825a37dbe8]OK[/b:825a37dbe8].
    [*:825a37dbe8] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:825a37dbe8]

    Voorbeeld:

    [img:825a37dbe8]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:825a37dbe8]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:825a37dbe8]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:825a37dbe8]

    [i:825a37dbe8]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:825a37dbe8]



    Download [b:825a37dbe8] (by OldTimer)
    [list:825a37dbe8][*:825a37dbe8]Plaats het bestand op je bureaublad.
    [*:825a37dbe8]Zorg dat er een internetverbinding is.
    [*:825a37dbe8]Vista / W7 Gebruikers :
    [list:825a37dbe8][*:825a37dbe8]Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.[/list:u:825a37dbe8]
    [*:825a37dbe8]XP Gebruikers:
    [list:825a37dbe8][*:825a37dbe8]Dubbelklik op OTC[/list:u:825a37dbe8]
    [*:825a37dbe8]Klik nu op de knop "CleanUp!"
    [*:825a37dbe8]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
    mag je dit toestaan, het programma heeft die connectie nodig.
    [*:825a37dbe8]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:825a37dbe8]

    [i:825a37dbe8][b:825a37dbe8]Nota[/b:825a37dbe8]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:825a37dbe8]
  • Abraham, heel erg bedankt voor je hulp! Je hebt deze (bijna) Sarah goed geholpen. Ik heb weer wat bijgeleerd, blijf alleen met een beetje ongerust gevoel zitten omdat jij zei: Dat is in principe niet al te best! :? :o
  • Deze Abraham, die Abraham alweer diverse jaren geleden ontmoette, laat jou weten, dat indien jouw Vista problemen gaat geven, je gewoon dit topic weer opent omdat je een Vista reparatiedisc nodig hebt!

    Overigens, heb jij al eens aan Windows 7 gedacht?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.