Svchost trojan in appdata/local/temp

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
Hello,
Yesterday I did a scan with my virus scanner (Esset NOD32) and it said I´ve got a trojan in AppData/local/temp called svchost1084060474670986440.jar So I downloaded the program Malwarebytes Anti-Malware and did a quick scan. And also that said that there trojan in svchost. But it hasn´t done good removing it, nor did NOD32.

You can see my log from MalwareBytes below:

System specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 8183 Mb
Graphics Card: AMD Radeon HD 6600 Series, 512 Mb
Hard Drives: C: Total - 911780 MB, Free - 513025 MB; D: Total - 40959 MB, Free - 21560 MB;
Motherboard: MEDIONPC, MS-7708
Antivirus: ESET NOD32 Antivirus 5.2, Updated and Enabled

MalwareBytes log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.04.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marijn :: MARIJN-MEDION [administrator]

Protection: Enabled

5-1-2013 1:10:33
mbam-log-2013-01-05 (01-10-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213283
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/Marijn/AppData/Local/Temp/svchost1084060474670986440.jar" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I hope so that someone can help me removing this trojan!
Thanks in advance!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
follow advice here and post the logs those programs make
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
Thanks for the quick response!!

HijackThis logfile:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:04, on 5-1-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marijn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2865317
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [svchost] C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/Marijn/AppData/Local/Temp/svchost1084060474670986440.jar"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14152 bytes

dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Marijn at 13:31:46 on 2013-01-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.5799 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Marijn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZILL~1.LNK - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{4AAB77ED-6482-46FB-AFBE-5DB0DE78E73B} : DHCPNameServer = 192.168.2.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-21 56208]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-9 203776]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-27 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-5 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-5 682344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-5 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-20 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-20 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-27 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 imhidusb;Immersion's HID USB Driver;C:\Windows\System32\drivers\imhidusb.sys [2012-10-27 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 SaiHFF04;SaiHFF04;C:\Windows\System32\drivers\SaiHFF04.sys [2012-11-5 171144]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\Windows\System32\drivers\SaiIFF04.sys [2012-11-5 20608]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-9-17 14544]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-05 00:09:46 -------- d-----w- C:\Users\Marijn\AppData\Roaming\Malwarebytes
2013-01-05 00:09:35 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-05 00:09:34 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-05 00:09:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 23:13:22 -------- d-----w- C:\Users\Marijn\AppData\Local\ESET
2013-01-04 20:31:52 -------- d-----w- C:\Users\Marijn\AppData\Local\Colin_Vella
2013-01-04 20:31:35 -------- d-----w- C:\Program Files (x86)\tIDE
2013-01-04 12:06:24 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\offreg.dll
2013-01-04 11:48:17 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
2012-12-30 19:17:16 -------- d-----w- C:\Users\Marijn\AppData\Local\Flash Builder
2012-12-27 21:22:39 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-12-27 21:02:50 -------- d-----w- C:\Program Files (x86)\Audacity
2012-12-26 21:54:24 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2012-12-26 21:54:23 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2012-12-26 21:54:23 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2012-12-26 21:54:22 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2012-12-26 21:54:21 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-12-26 21:53:38 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-12-26 12:11:20 -------- d-----w- C:\Program Files (x86)\Tiled
2012-12-25 14:33:07 -------- d-----w- C:\Users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-12-25 13:17:34 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2012-12-25 13:17:29 -------- d-----w- C:\Program Files (x86)\SourceTec
2012-12-25 12:45:43 -------- d-----w- C:\Users\Marijn\AppData\Local\Macromedia
2012-12-25 12:45:26 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 12:45:26 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-25 12:30:17 -------- d-----w- C:\Users\Marijn\AppData\Local\Mozilla
2012-12-21 21:13:52 -------- d-----w- C:\Program Files (x86)\WinSCP
2012-12-21 13:05:19 -------- d-----w- C:\ProgramData\ALM
2012-12-21 12:58:27 -------- d-----w- C:\Users\Marijn\Adobe Flash Builder 4.6
2012-12-21 12:47:18 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-12-21 12:47:18 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-12-21 12:47:18 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-12-21 12:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-12-21 12:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-12-21 12:47:14 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-12-21 08:49:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 08:49:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 08:49:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 08:49:48 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 15:26:51 -------- d-----w- C:\Users\Marijn\AppData\Local\Apple Computer
2012-12-16 15:26:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-16 15:26:10 -------- d-----w- C:\Program Files\iPod
2012-12-16 15:26:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 15:26:08 -------- d-----w- C:\Program Files\iTunes
2012-12-16 15:26:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-16 15:24:39 -------- d-----w- C:\Users\Marijn\AppData\Local\Apple
2012-12-16 15:23:45 -------- d-----w- C:\Program Files\Bonjour
2012-12-16 15:23:45 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-12-12 13:55:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 13:55:12 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 13:54:39 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 13:54:01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-12 13:54:00 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-12-12 13:54:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-12-07 20:01:13 -------- d-----w- C:\Users\Marijn\AppData\Local\Adobe
.
==================== Find3M ====================
.
2012-11-24 18:24:10 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 18:24:00 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-24 18:24:00 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-21 15:21:49 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-11-15 20:58:50 407047 ----a-w- C:\Windows\SysWow64\mioengine.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-04 19:15:23 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2012-11-04 16:31:57 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-11-04 16:31:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 19:34:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-27 19:34:30 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-27 19:34:30 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-27 17:28:18 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-27 12:41:56 268435456 --sha-w- C:\swapfile.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 13:32:17,78 ===============

attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27-10-2012 19:22:21
System Uptime: 5-1-2013 12:30:55 (1 hours ago)
.
Motherboard: MEDIONPC | | MS-7708
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 890 GiB total, 501,072 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 21,055 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Device ID: USB\VID_13D3&PID_3306\00E04C000001
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
PNP Device ID: USB\VID_13D3&PID_3306\00E04C000001
Service: RTL8192su
.
==== System Restore Points ===================
.
RP55: 4-1-2013 21:31:02 - Installed tIDE v2.0.6
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI - Nederlands
Adobe Widget Browser
Age of Empires III
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
Audacity 2.0.2
bl
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
ESET NOD32 Antivirus
Euro Truck Simulator 2
F1 2012
Farming Simulator 2013
FileZilla Client 3.6.0.2
Gebruikersregistratie voor Canon MP495 series
Google Chrome
Google Update Helper
HandBrake 0.9.8
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) SE Development Kit 7 (64-bit)
LAME v3.99.3 (for Windows)
League of Legends
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared 32-bit MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0.1 (x86 nl)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 nl)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted
Need For Speed poursuite infernale 2
Notepad++
Ogmo Editor
Pando Media Booster
PDF Settings CS6
ph
Razer Game Booster
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype Click to Call
Skype™ 6.0
Sothink SWF Decompiler
Sothink SWF Editor version 1.0
Thrustmapper
Thrustmaster FFB Wheel driver
Thrustmaster Force Feedback Driver
tIDE v2.0.6
Tiled - Tiled Map Editor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
uTorrentBar_NL Toolbar
Windows Driver Package - Guillemot (SaiHFF04) MEDIA (05/01/2007 6.0.4.1)
WinRAR 4.00 (64-bit)
WinSCP 5.1.2
.
==== Event Viewer Messages From Past Week ========
.
5-1-2013 12:32:19, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4-1-2013 20:46:02, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

ark.txt:
GMER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-05 13:46:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JC4O 931,51GB
Running: sjq9s0yu.exe; Driver: C:\Users\Marijn\AppData\Local\Temp\fglcifoc.sys


---- Kernel code sections - GMER 2.0 ----

.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004828d64 12 bytes [48, B8, A0, 72, 27, 0A, 80, ...]

---- User code sections - GMER 2.0 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749d87b1 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749d87b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
? C:\Windows\system32\mssprxy.dll [2468] entry point in ".rdata" section 0000000073ce71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 82, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 82, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 81, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 81, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 83, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 83, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 82, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 82, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 80, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 80, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 80, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 81, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 81, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 80, B2, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 12, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 12, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 11, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 11, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 13, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 13, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 12, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 12, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 10, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 10, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 10, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 11, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 11, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 10, FD, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 8E, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 8E, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 2 bytes [BA, A8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 2 bytes [BA, 28]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 8F, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 8F, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 8E, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 8E, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 8C, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 8C, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 8C, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 2 bytes [BA, E8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 2 bytes [BA, 68]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 8C, 31, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 6E, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 6E, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 6D, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 6D, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 6F, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 6F, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 6E, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 6E, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 6C, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 6C, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 6C, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 6D, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 6D, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 6C, 6F, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, EE, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, EE, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, ED, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, ED, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, EF, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, EF, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, EE, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, EE, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, EC, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, EC, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, EC, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, ED, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, ED, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, EC, 00, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 1A, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 1A, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 19, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 19, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 1B, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 1B, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 1A, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 1A, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 18, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 18, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 18, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 19, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 19, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 18, D9, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 2E, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 2E, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 2D, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 2D, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 2F, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 2F, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 2E, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 2E, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 2C, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 2C, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 2C, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 2D, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 2D, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 2C, 01, 01, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 66, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 66, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 65, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 65, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 67, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 67, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 66, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 66, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 64, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 64, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 64, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 65, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 65, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 64, A0, 00, FF, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]

---- Devices - GMER 2.0 ----

Device \FileSystem\Ntfs \Ntfs fffffa80076282c0
Device \Driver\USBSTOR \Device\0000007e fffffa800a9f02c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa800a2bb2c0
Device \Driver\cdrom \Device\CdRom0 fffffa8009ebc2c0
Device \Driver\USBSTOR \Device\0000007b fffffa800a9f02c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa800a2bb2c0
Device \Driver\USBSTOR \Device\0000007c fffffa800a9f02c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa800a2bb2c0
Device \Driver\USBSTOR \Device\0000007d fffffa800a9f02c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a0872c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{4AAB77ED-6482-46FB-AFBE-5DB0DE78E73B} fffffa800a0872c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa800a2bb2c0

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3760] 0000000069746f0a
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3836] 0000000069e79b9b
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3132] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4020] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3752] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:896] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:1004] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:1016] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:716] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3556] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3244] 0000000076fd2e25
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4940] 00000000735827e1
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4960] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4584] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4744] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4748] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4356] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4420] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3740] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4592] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3408] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4688] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:2804] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4040] 0000000072e827c1
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3520] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5224] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:808] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5616] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3036] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5292] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5132] 0000000076fd3e45
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4740] 0000000073a2c724
Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:6036] 0000000072b262ee
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3852:5360] 000007fefb772a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:2932] 000007feef39cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5004] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3624] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4284] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4368] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4444] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4676] 000007feef36f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3956] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:1588] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5016] 000007feef25143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4876] 000007feef896050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5896] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4320] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3232] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5464] 000007feef39cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5472] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5636] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5536] 000007feef36f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5208] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5388] 000007feef896050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5440] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5784] 000007fefb772a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5720] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5708] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5576] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5220] 000007feef25143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5256] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:3924] 0000000060c96c88
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:3568] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5128] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5196] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:4912] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5632] 000007feef25b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:2252] 000007fefe970168
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3852] 000007fee7a90000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840] 000007fef5970000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856] 000007fefe950000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5996] 000007feeca70000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [4000] 000007fefbc80000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x96 0x14 0xD6 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xB1 0x76 0xE3 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x2F 0x47 0x1E 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x09 0x4E 0x37 0x76 ...

---- EOF - GMER 2.0 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
Thank you so much for helping me! Below you can find the log file. But i want to say something first. Earlier today i shut down my pc. When I came back i saw my pc wasn't shut down so I turned on my monitor and saw a BlueScreen with code: "0x0000009F".

Log file: (It may include some Dutch words, sorry for that)
ComboFix 13-01-05.01 - Marijn 05-01-2013 19:03:51.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.6483 [GMT 1:00]
Gestart vanuit: c:\users\Marijn\Desktop\blabla.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))
.
.
2013-01-05 18:09 . 2013-01-05 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 18:05 . 2013-01-05 18:05 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\offreg.dll
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\users\Marijn\AppData\Roaming\Malwarebytes
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\programdata\Malwarebytes
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-05 00:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 23:13 . 2013-01-04 23:13 -------- d-----w- c:\users\Marijn\AppData\Local\ESET
2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\users\Marijn\AppData\Local\Colin_Vella
2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\program files (x86)\tIDE
2013-01-04 11:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
2012-12-30 19:17 . 2012-12-30 19:17 -------- d-----w- c:\users\Marijn\AppData\Local\Flash Builder
2012-12-27 21:22 . 2012-12-27 21:22 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-12-27 21:03 . 2012-12-27 22:36 -------- d-----w- c:\users\Marijn\AppData\Roaming\Audacity
2012-12-27 21:02 . 2012-12-27 21:02 -------- d-----w- c:\program files (x86)\Audacity
2012-12-26 21:54 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-26 21:54 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-26 21:54 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-26 21:54 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-26 21:54 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-12-26 21:53 . 2012-12-26 21:53 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-12-26 12:11 . 2012-12-26 12:11 -------- d-----w- c:\program files (x86)\Tiled
2012-12-25 14:33 . 2012-12-25 14:33 -------- d-----w- c:\users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\SourceTec
2012-12-25 12:45 . 2012-12-25 12:45 -------- d-----w- c:\users\Marijn\AppData\Local\Macromedia
2012-12-25 12:45 . 2012-12-25 13:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 12:45 . 2012-12-25 13:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-25 12:30 . 2012-12-25 12:30 -------- d-----w- c:\users\Marijn\AppData\Local\Mozilla
2012-12-25 12:29 . 2012-12-25 12:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-12-21 21:13 . 2012-12-21 21:13 -------- d-----w- c:\program files (x86)\WinSCP
2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\windows\system32\Macromed
2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\programdata\ALM
2012-12-21 12:58 . 2012-12-21 12:58 -------- d-----w- c:\users\Marijn\Adobe Flash Builder 4.6
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-21 12:47 . 2011-11-03 02:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\My Company Name
2012-12-21 12:42 . 2012-12-27 20:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-12-21 12:39 . 2012-12-21 12:39 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-21 08:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 15:26 . 2013-01-04 20:30 -------- d-----w- c:\users\Marijn\AppData\Roaming\Apple Computer
2012-12-16 15:26 . 2012-12-16 15:26 -------- d-----w- c:\users\Marijn\AppData\Local\Apple Computer
2012-12-16 15:23 . 2012-12-16 15:24 -------- d-----w- c:\programdata\Apple
2012-12-14 22:42 . 2012-12-21 13:13 -------- d-----w- c:\program files\Adobe
2012-12-12 16:31 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-12 16:31 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-12 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 13:54 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 13:54 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 13:54 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-12 13:54 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 13:54 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-07 20:01 . 2013-01-05 01:00 -------- d-----w- c:\users\Marijn\AppData\Local\Adobe
2012-12-07 20:00 . 2012-12-07 20:00 -------- d-----w- c:\programdata\McAfee
2012-12-07 20:00 . 2012-12-21 13:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:33 . 2012-11-04 16:36 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-24 18:24 . 2012-11-24 18:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 18:24 . 2012-11-24 18:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-24 18:24 . 2012-11-24 18:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-21 15:21 . 2012-10-27 22:13 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-11-15 20:58 . 2012-11-15 20:59 407047 ----a-w- c:\windows\SysWow64\mioengine.exe
2012-11-04 19:15 . 2012-11-04 19:16 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-11-04 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-11-04 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-28 21:39 . 2012-10-28 21:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-28 21:39 . 2012-10-28 21:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-28 21:39 . 2012-10-28 21:39 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-28 21:39 . 2012-10-28 21:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-28 21:39 . 2012-10-28 21:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-28 21:39 . 2012-10-28 21:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-28 21:39 . 2012-10-28 21:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-28 21:39 . 2012-10-28 21:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-28 21:39 . 2012-10-28 21:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-28 21:39 . 2012-10-28 21:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-28 21:39 . 2012-10-28 21:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-28 21:39 . 2012-10-28 21:39 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-28 21:39 . 2012-10-28 21:39 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-28 21:39 . 2012-10-28 21:39 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-28 21:39 . 2012-10-28 21:39 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-28 21:39 . 2012-10-28 21:39 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-28 21:39 . 2012-10-28 21:39 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-28 21:39 . 2012-10-28 21:39 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-28 21:39 . 2012-10-28 21:39 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-28 21:39 . 2012-10-28 21:39 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-28 21:39 . 2012-10-28 21:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-28 21:39 . 2012-10-28 21:39 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-28 21:39 . 2012-10-28 21:39 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-28 21:39 . 2012-10-28 21:39 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-28 21:39 . 2012-10-28 21:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-28 21:39 . 2012-10-28 21:39 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-28 21:39 . 2012-10-28 21:39 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-28 21:39 . 2012-10-28 21:39 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-28 21:39 . 2012-10-28 21:39 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-28 21:39 . 2012-10-28 21:39 448512 ----a-w- c:\windows\system32\html.iec
2012-10-28 21:39 . 2012-10-28 21:39 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-28 21:39 . 2012-10-28 21:39 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-28 21:39 . 2012-10-28 21:39 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-28 21:39 . 2012-10-28 21:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-28 21:39 . 2012-10-28 21:39 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-28 21:39 . 2012-10-28 21:39 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-28 21:39 . 2012-10-28 21:39 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-28 21:39 . 2012-10-28 21:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-28 21:39 . 2012-10-28 21:39 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-27 19:34 . 2012-10-27 19:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-27 19:34 . 2012-10-27 19:34 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-27 19:34 . 2012-10-27 19:34 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-27 19:34 . 2012-10-27 19:34 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-27 19:34 . 2012-10-27 19:34 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-27 19:34 . 2012-10-27 19:34 188904 ----a-w- c:\windows\system32\java.exe
2012-10-16 08:38 . 2012-11-28 13:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 14:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 14:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 14:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 14:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-08 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"ThrustTSR"="c:\program files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 217088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
c:\users\Marijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-11-24 388576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2007-04-19 23040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SaiHFF04;SaiHFF04;c:\windows\system32\DRIVERS\SaiHFF04.sys [2007-05-01 171144]
R3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\DRIVERS\SaiIFF04.sys [2007-05-01 20608]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-09-17 14544]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-20 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-20 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-01-05 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-11-04 19:17]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-01-05 19:11:42
ComboFix-quarantined-files.txt 2013-01-05 18:11
.
Pre-Run: 537.814.921.216 bytes free
Post-Run: 538.498.772.992 bytes free
.
- - End Of File - - 7A140D4C1B55604CD24A7C00A43825DA
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
why are you running an activation crack for Microsoft office
the only reason for that , is if you have a pirated version of office


Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
I don't know why you want to see this information, but here it is:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {4BC577ED-8032-4695-928B-5314BF824B0C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4BC577ED-8032-4695-928B-5314BF824B0C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3857263191-3000258016-3534045705</SID><SYSTEM><Manufacturer>MEDIONPC</Manufacturer><Model>MS-7708</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>A7708MLN.105</Version><SMBIOSVersion major="2" minor="6"/><Date>20100921000000.000000+000</Date></BIOS><HWID>3C3B3807018400FC</HWID><UserLCID>0413</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1043-7600.0000-3012012
Installation ID: 008745665462446854407490535301419931757671612992133324
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 6-1-2013 12:21:01

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2012 18:07
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAln0moT7fXihs1KSRYj1Y/BKrXF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 092110 APIC0922
FACP 092110 FACP0922
HPET 092110 OEMHPET
MCFG 092110 OEMMCFG
SLIC _ASUS_ Notebook
OEMB 092110 OEMB0922
GSCI 092110 GMCHSCI
SSDT DpgPmm CpuPm
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I asked because you have an illegal crack that activates a pirated version of Microsoft office and want to check if you have a knowingly illegal version of windows as well

Did you install the crack yourself.
we will remove the crack & you will have to buy a legal version of office to get it working on your computer. I am surprised the antivirus didn't warn about it. Nod normally does on this one

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
 

Attachments

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
Actually my virus scanner did report this. But I didn't saw it untill the scan where the trojan in was, so I gave the trojan a higher priority. I didn't know the AutoKMS was from the crack for Microsoft Office, and I apologize for using a pirated version of Microsoft Office. I'm only 14 years old and coudn't afford a legal version of it. But it should be removed now. Was this an actual virus or wasn't it able to take any damage to my system?

Here is the log:

ComboFix 13-01-05.01 - Marijn 06-01-2013 23:21:20.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.6117 [GMT 1:00]
Gestart vanuit: c:\users\Marijn\Desktop\blabla.exe
gebruikte Opdracht switches :: c:\users\Marijn\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\windows\Tasks\AutoKMS.job"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\AutoKMS.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_KMService
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-06 22:28 . 2013-01-06 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 11:21 . 2013-01-06 11:21 -------- d-----w- C:\MGADiagToolOutput
2013-01-06 11:20 . 2013-01-06 11:20 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\users\Marijn\AppData\Roaming\Malwarebytes
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\programdata\Malwarebytes
2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-05 00:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 23:13 . 2013-01-04 23:13 -------- d-----w- c:\users\Marijn\AppData\Local\ESET
2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\users\Marijn\AppData\Local\Colin_Vella
2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\program files (x86)\tIDE
2013-01-04 11:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
2012-12-30 19:17 . 2012-12-30 19:17 -------- d-----w- c:\users\Marijn\AppData\Local\Flash Builder
2012-12-27 21:22 . 2012-12-27 21:22 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-12-27 21:03 . 2012-12-27 22:36 -------- d-----w- c:\users\Marijn\AppData\Roaming\Audacity
2012-12-27 21:02 . 2012-12-27 21:02 -------- d-----w- c:\program files (x86)\Audacity
2012-12-26 21:54 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-26 21:54 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-26 21:54 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-26 21:54 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-26 21:54 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-12-26 21:53 . 2012-12-26 21:53 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-12-26 12:11 . 2012-12-26 12:11 -------- d-----w- c:\program files (x86)\Tiled
2012-12-25 14:33 . 2012-12-25 14:33 -------- d-----w- c:\users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\SourceTec
2012-12-25 12:45 . 2012-12-25 12:45 -------- d-----w- c:\users\Marijn\AppData\Local\Macromedia
2012-12-25 12:45 . 2012-12-25 13:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 12:45 . 2012-12-25 13:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-25 12:30 . 2012-12-25 12:30 -------- d-----w- c:\users\Marijn\AppData\Local\Mozilla
2012-12-25 12:29 . 2012-12-25 12:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-12-21 21:13 . 2012-12-21 21:13 -------- d-----w- c:\program files (x86)\WinSCP
2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\windows\system32\Macromed
2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\programdata\ALM
2012-12-21 12:58 . 2012-12-21 12:58 -------- d-----w- c:\users\Marijn\Adobe Flash Builder 4.6
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-21 12:47 . 2011-11-03 02:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\My Company Name
2012-12-21 12:42 . 2012-12-27 20:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-12-21 12:39 . 2012-12-21 12:39 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-21 08:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 15:26 . 2013-01-04 20:30 -------- d-----w- c:\users\Marijn\AppData\Roaming\Apple Computer
2012-12-16 15:26 . 2012-12-16 15:26 -------- d-----w- c:\users\Marijn\AppData\Local\Apple Computer
2012-12-16 15:23 . 2012-12-16 15:24 -------- d-----w- c:\programdata\Apple
2012-12-14 22:42 . 2012-12-21 13:13 -------- d-----w- c:\program files\Adobe
2012-12-12 16:31 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-12 16:31 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-12 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 13:54 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 13:54 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 13:54 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-12 13:54 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 13:54 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:33 . 2012-11-04 16:36 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-24 18:24 . 2012-11-24 18:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 18:24 . 2012-11-24 18:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-24 18:24 . 2012-11-24 18:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-21 15:21 . 2012-10-27 22:13 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-11-15 20:58 . 2012-11-15 20:59 407047 ----a-w- c:\windows\SysWow64\mioengine.exe
2012-11-04 19:15 . 2012-11-04 19:16 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-11-04 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-11-04 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-28 21:39 . 2012-10-28 21:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-28 21:39 . 2012-10-28 21:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-28 21:39 . 2012-10-28 21:39 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-28 21:39 . 2012-10-28 21:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-28 21:39 . 2012-10-28 21:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-28 21:39 . 2012-10-28 21:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-28 21:39 . 2012-10-28 21:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-28 21:39 . 2012-10-28 21:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-28 21:39 . 2012-10-28 21:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-28 21:39 . 2012-10-28 21:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-28 21:39 . 2012-10-28 21:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-28 21:39 . 2012-10-28 21:39 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-28 21:39 . 2012-10-28 21:39 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-28 21:39 . 2012-10-28 21:39 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-28 21:39 . 2012-10-28 21:39 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-28 21:39 . 2012-10-28 21:39 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-28 21:39 . 2012-10-28 21:39 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-28 21:39 . 2012-10-28 21:39 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-28 21:39 . 2012-10-28 21:39 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-28 21:39 . 2012-10-28 21:39 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-28 21:39 . 2012-10-28 21:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-28 21:39 . 2012-10-28 21:39 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-28 21:39 . 2012-10-28 21:39 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-28 21:39 . 2012-10-28 21:39 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-28 21:39 . 2012-10-28 21:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-28 21:39 . 2012-10-28 21:39 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-28 21:39 . 2012-10-28 21:39 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-28 21:39 . 2012-10-28 21:39 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-28 21:39 . 2012-10-28 21:39 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-28 21:39 . 2012-10-28 21:39 448512 ----a-w- c:\windows\system32\html.iec
2012-10-28 21:39 . 2012-10-28 21:39 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-28 21:39 . 2012-10-28 21:39 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-28 21:39 . 2012-10-28 21:39 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-28 21:39 . 2012-10-28 21:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-28 21:39 . 2012-10-28 21:39 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-28 21:39 . 2012-10-28 21:39 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-28 21:39 . 2012-10-28 21:39 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-28 21:39 . 2012-10-28 21:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-28 21:39 . 2012-10-28 21:39 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-27 19:34 . 2012-10-27 19:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-27 19:34 . 2012-10-27 19:34 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-27 19:34 . 2012-10-27 19:34 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-27 19:34 . 2012-10-27 19:34 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-27 19:34 . 2012-10-27 19:34 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-27 19:34 . 2012-10-27 19:34 188904 ----a-w- c:\windows\system32\java.exe
2012-10-16 08:38 . 2012-11-28 13:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 14:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 14:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 14:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 14:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-08 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"ThrustTSR"="c:\program files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 217088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
c:\users\Marijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-11-24 388576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2007-04-19 23040]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SaiHFF04;SaiHFF04;c:\windows\system32\DRIVERS\SaiHFF04.sys [2007-05-01 171144]
R3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\DRIVERS\SaiIFF04.sys [2007-05-01 20608]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-09-17 14544]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-20 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-20 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Voltooingstijd: 2013-01-06 23:35:31 - machine werd herstart
ComboFix-quarantined-files.txt 2013-01-06 22:35
ComboFix2.txt 2013-01-05 18:11
.
Pre-Run: 538.469.359.616 bytes free
Post-Run: 538.277.576.704 bytes free
.
- - End Of File - - 8BDBAD798897C4DC5E92505CBECFCBA8
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
are you still getting any virus alerts or warning now
it all looks clear from the logs
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
Thank you so much for all your help! Yesterday I did a quick scan with malwarebytes and nothing was found. Today I'll do a full scan with malwarebytes and with my virus scanner and I'll post if it's all clean.
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
When the scan of malwarebytes was done it reported an other trojan (trojan.swrort) as you can see in the log below. I used malwarebytes to clean it up and did a new scan when it was done. When that scan was done it said that no files where detected. My virus scanner didn't report anything either. Is my pc clean now?

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marijn :: MARIJN-MEDION [administrator]

Protection: Enabled

7-1-2013 0:22:21
mbam-log-2013-01-07 (00-22-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 541270
Time elapsed: 1 hour(s), 19 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\dev\progs\Apache\bin\ab.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

(end)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That MBAM detection was almost certainly a false alarm and is a genuine file in that location, albeit not usually needed or run by a user


*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
 

XmarinusX

Thread Starter
Joined
Jan 4, 2013
Messages
10
I did everything you said above. But the other programs (HijackThis, dds, GMER and MAGDiag) can I just delete them from my desktop or do I have to use an other way to remove them?
Another time thanks for all your help!!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
just delete
dds, GMER and MAGDiag
Hijackthis should have an entry in program features ( uninstall programs )
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top