Mededeling

**Marckie** · 17-06-13, 18:23

Hallo badgerdas,

Hebben de leerlingen je dierbare pc-tje in de klas weer weten te infecteren?

Je mag de instructies in deze post uitvoeren en de logjes posten: http://www.nucia.eu/forum/threads/12...ericht-plaatst!

**badgerdas** · 18-06-13, 09:34

Ik heb MBAM laten lopen, maar eerst manueel een logbestand gemaakt en daarna heb ik de infectie verwijderd en nog een log gekregen. Ik pmost ze voor alle zekerheid allebei. Sorry voor de verwarring... Ik ga nu verder met de rest van de procedure...

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.

Databaseversie: v2013.06.18.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LOK102-PC01 [administrator]

Bescherming: Ingeschakeld

18/06/2013 8:59:13
MBAM-log-2013-06-18 (09-19-43).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 392822
Verstreken tijd: 19 minuut/minuten, 23 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Documents and Settings\Administrator\Mijn documenten\downloads\installer_freemind.exe (PUP.BundleInstaller.BEN) -> Geen actie ondernomen.

(einde)

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.

Databaseversie: v2013.06.18.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LOK102-PC01 [administrator]

Bescherming: Ingeschakeld

18/06/2013 8:59:13
mbam-log-2013-06-18 (08-59-13).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 392822
Verstreken tijd: 19 minuut/minuten, 23 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Documents and Settings\Administrator\Mijn documenten\downloads\installer_freemind.exe (PUP.BundleInstaller.BEN) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

**badgerdas** · 18-06-13, 09:52

dds

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Administrator at 9:48:14 on 2013-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1013.181 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=42C70557032CD2C24B08A651B091753F
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - c:\program files\lyricsfinder\lfinder.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users.windows\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Search Protection] c:\documents and settings\all users.windows\application data\search protection\SearchProtection.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\menust~1\progra~1\opstar~1\activs~1.lnk - c:\windows\installer\{ca086fe9-cadd-4365-85d9-bf7d9733166d}\NewShortcut1_31C7358B35944FA781961EEA93A9077C.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: disablecad = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 195.130.130.133 195.130.131.133
TCP: Interfaces\{BA6ABC40-AA5E-4C88-8149-825C915C93EB} : DHCPNameServer = 195.130.130.133 195.130.131.133
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jemmy6n2.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=42C70557032CD2C24B08A651B091753F
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-22 174664]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-6 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-8 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-8 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-8 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-22 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-8 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-18 701512]
R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [2012-10-25 84992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-18 22856]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2012-10-25 6144]
.
=============== Created Last 30 ================
.
2013-06-18 06:54:04 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-06-18 06:53:58 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2013-06-18 06:53:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-18 06:53:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-07 06:41:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-06 13:50:27 -------- d-----w- c:\documents and settings\administrator\application data\LavasoftStatistics
2013-06-06 13:41:46 -------- d-----w- c:\documents and settings\all users.windows\application data\Downloaded Installations
2013-06-06 13:41:45 -------- d-----w- c:\documents and settings\all users.windows\application data\Search Protection
2013-06-06 13:41:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\adawarebp
2013-06-06 13:41:44 -------- d-----w- c:\documents and settings\all users.windows\application data\blekko toolbars
2013-06-06 13:41:44 -------- d-----w- c:\documents and settings\all users.windows\application data\adawaretb
2013-06-06 13:41:43 -------- d-----w- c:\documents and settings\all users.windows\application data\Ad-Aware Browsing Protection
2013-06-06 13:41:37 -------- d-----w- c:\program files\Toolbar Cleaner
2013-06-06 13:41:32 -------- d-----w- c:\documents and settings\administrator\application data\SecureSearch
2013-06-06 13:41:12 -------- d-----w- c:\documents and settings\administrator\application data\adawaretb
2013-06-06 13:41:09 -------- d-----w- c:\program files\adawaretb
2013-06-06 13:40:05 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-06-06 13:40:05 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-06 06:56:28 -------- d--h--r- c:\documents and settings\administrator\Onlangs geopend
2013-06-06 06:48:37 -------- d-----w- c:\program files\CCleaner
2013-05-30 06:29:57 -------- d-----w- c:\program files\VideoLAN
2013-05-30 06:28:34 -------- d-----w- c:\program files\LyricsFinder
2013-05-30 06:28:21 -------- d-----w- c:\documents and settings\all users.windows\application data\Babylon
2013-05-30 06:28:21 -------- d-----w- c:\documents and settings\administrator\application data\Babylon
2013-05-30 06:28:17 -------- d-----w- c:\program files\FindLyrics
.
==================== Find3M ====================
.
2013-06-12 08:17:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 08:17:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-07 06:40:56 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-07 06:40:54 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-07 06:40:54 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-07 22:27:23 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:23 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:55 385024 ------w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:49:33,31 ===============

**Marckie** · 18-06-13, 18:29

Post je de log van Gmer ook nog even?

**badgerdas** · 19-06-13, 08:54

Ik heb nu al 3x geklikt op "plaats bericht", maar er verschijnt blijkbaar niets. Ook als ik vooraf heb ingelogd, moet ik bij het plaatsen van een bericht opnieuw inloggen...

**badgerdas** · 19-06-13, 09:01

IK heb zojuist nog eens geprobeerd:
1. geklikt op "geavanceerd" om smilies uit te schakelen
2. GMERlog geplakt en een titel getypt
3. geklikt op "plaats bericht"
4. de pagina vernieuwt zichzelf en ik kan opnieuw klikken op "plaats bericht"
5. als ik dan weer de thread bekijk staat er geen nieuw bericht
Blijkbaar kan ik alleen "snel bericht" posten maar niet geavanceerd...

**badgerdas** · 19-06-13, 09:02

Oorzaak gevonden, ik krijg deze foutmelding:
De ingevoerde tekst is te lang (131794 tekens). Verkort de tekst tot maximaal 50000 tekens.

**badgerdas** · 19-06-13, 09:06

GMER - deel 1

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-18 11:00:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500JS-60NCB1 rev.10.02E02 232,89GB
Running: kg30kb7h.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fflyrfog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA94EC644]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA95A0668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA94ED0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9530386]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA94F889A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA94F88E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA94F8A80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA952FD3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA94F8808]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA94F892A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA94F8850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA94ED5D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA94F8A3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA94EDE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA94EC6AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9530A4C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9530D02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA94F16AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA95308B7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9530722]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA95A0730]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA94EC292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA94EC710]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA94F1A76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA94EE91C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA94F88C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA94F8908]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA94F8AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9530096]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA94F882E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA94F0F92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA94F89B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA94F8878]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA94F1384]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA94F8A5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA95A0890]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA953059D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA94EE7E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA95303EF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA94EE33E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA95AD7BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA952F380]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA94EC776]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA94EC7DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA94EDD06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA94EC32C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA94EC502]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9530B53]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA94EC490]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA94EE056]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA94EE1B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA94EC58A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA94EDB44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA94EDCE6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA959ECB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA94EC842]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA94ED132]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA95B9E80]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 805045B4 2 Bytes [68, 06]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D22 8050460A 2 Bytes [4F, A9]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047FC 4 Bytes CALL E4F996E8
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [76, C7, 4E, A9, DC, C7, 4E, ...] {JBE 0xffffffc9; DEC ESI; TEST EAX, 0xa94ec7dc; PUSH ES; FISTTP QWORD [ESI-0x57]}
.text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [56, E0, 4E, A9, B8, E1, 4E, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A94EEFC9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP A95B6D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP A95B8834 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP A95B9E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? fywqu.sys Het systeem kan het opgegeven bestand niet vinden. !
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP A94F336E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C8C9 5 Bytes JMP A94F324C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81398B 5 Bytes JMP A94F3200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E638 5 Bytes JMP A94F1CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820D45 5 Bytes JMP A94F27D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D55F 5 Bytes JMP A94F1E3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E6DD 5 Bytes JMP A94F34E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83906A 5 Bytes JMP A94F36FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8EE BF841AD4 5 Bytes JMP A94F30F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0AA BF844290 5 Bytes JMP A94F27B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F626 BF84580C 5 Bytes JMP A94F1EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86F4AE 5 Bytes JMP A94F28AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF87178C 5 Bytes JMP A94F2316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF871817 5 Bytes JMP A94F25F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF8723ED 5 Bytes JMP A94F1BC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF8777CB 5 Bytes JMP A94F329C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87E9EA 5 Bytes JMP A94F3426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CBE 5 Bytes JMP A94F23DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF8987FB 5 Bytes JMP A94F25AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B58E1 5 Bytes JMP A94F28CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B8FFF 5 Bytes JMP A94F3656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 35C2 BF8C1C2F 5 Bytes JMP A94F200E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A58F BF8EB1A7 5 Bytes JMP A94F27F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC68 5 Bytes JMP A94F1AAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E37 5 Bytes JMP A94F20F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20B7 5 Bytes JMP A94F223A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A3E BF914770 5 Bytes JMP A94F1DC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEA BF914A1C 5 Bytes JMP A94F2976 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2612 BF915344 5 Bytes JMP A94F1FA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F93 BF917CC5 5 Bytes JMP A94F2712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1943 BF9480DA 5 Bytes JMP A94F35A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys

**badgerdas** · 19-06-13, 09:10

GMER - deel 2

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\sttray.exe[100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\sttray.exe[100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\sttray.exe[100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\sttray.exe[100] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\sttray.exe[100] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\sttray.exe[100] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\sttray.exe[100] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\sttray.exe[100] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\sttray.exe[100] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\sttray.exe[100] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\WISPTIS.EXE[428] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\WISPTIS.EXE[428] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\WISPTIS.EXE[428] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\WISPTIS.EXE[428] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\WISPTIS.EXE[428] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\WISPTIS.EXE[428] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\WISPTIS.EXE[428] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe[456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\hkcmd.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\hkcmd.exe[1088] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1088] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\hkcmd.exe[1088] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\hkcmd.exe[1088] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\hkcmd.exe[1088] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\hkcmd.exe[1088] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\hkcmd.exe[1088] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1216] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80

**badgerdas** · 19-06-13, 09:14

GMER - deel 3

7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECB6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED27
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE55
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 004D1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 004D0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 004D0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 004D0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 004D0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 004D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 004D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 004D0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 004E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 004E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 004E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1272] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004E03FC
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1492] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe[1716] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600

**badgerdas** · 19-06-13, 09:17

GMER - deel 4

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, E5, 00] {TEST AL, 0x49; IN EAX, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BB62
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, E5, 00] {TEST AL, 0x4a; IN EAX, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BBD3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, E5, 00] {TEST AL, 0x48; IN EAX, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BD01
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, E5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 01101014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 01100804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 01100A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 01100C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 01100E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 011001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 011003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 01100600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 01110804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01110A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 01110600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 011101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1720] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 011103FC
.text C:\WINDOWS\system32\STacSV.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\STacSV.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Activ Software\ActivDriver\activmgr.exe[2400] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxpers.exe[2512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\igfxpers.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\igfxpers.exe[2512] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2512] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\igfxpers.exe[2512] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\igfxpers.exe[2512] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\igfxpers.exe[2512] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxpers.exe[2512] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\igfxpers.exe[2512] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Documents and Settings\Administrator\Bureaublad\kg30kb7h.exe[2588] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2700] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\alg.exe[2700] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC

**badgerdas** · 19-06-13, 09:18

GMER - deel 5

.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3112] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916956
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9169C7
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916AF5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BD01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BD03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00BE1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00BE0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00BE0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00BE0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00BE0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 00BE01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00BE03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00BE0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00BF0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00BF0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00BF0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00BF01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00BF03FC
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003B1014
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003B0804
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003B0A08
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003B0E10
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003B01F8
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003B0600
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
.text C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe[3152] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3260] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxtray.exe[3384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\igfxtray.exe[3384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[3384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\igfxtray.exe[3384] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[3384] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\igfxtray.exe[3384] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\igfxtray.exe[3384] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\igfxtray.exe[3384] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxtray.exe[3384] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\igfxtray.exe[3384] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[3512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[3512] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[3512] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[3512] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00420804
.text C:\WINDOWS\System32\svchost.exe[3512] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\System32\svchost.exe[3512] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00420600
.text C:\WINDOWS\System32\svchost.exe[3512] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\System32\svchost.exe[3512] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004203FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3632] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\ctfmon.exe[3896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[3896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[3896] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\ctfmon.exe[3896] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\ctfmon.exe[3896] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\ctfmon.exe[3896] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\ctfmon.exe[3896] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\ctfmon.exe[3896] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3896] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] KERNEL32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 01B90001
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSALookupServiceNextW 71A33181 6 Bytes JMP 71A90F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSALookupServiceEnd 71A3350E 6 Bytes JMP 71A60F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSALookupServiceBeginW 71A335EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!send 71A34C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!recv 71A3676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3908] WS2_32.dll!WSAGetOverlappedResult 71A40D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, AE, 00] {SUB [ESI+EBP*4+0x0], DH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91848E
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9184FF
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91862D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] KERNEL32.dll!GetBinaryTypeW + 80 7C838E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00D91014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00D90804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00D90A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00D90C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00D90E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 00D901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00D903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00D90600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00DA0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00DA0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00DA0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00DA01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4008] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00DA03FC

---- User IAT/EAT - GMER 2.1 ----

IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1272] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00F90010
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A70010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00C20010

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 2.1 ----

**badgerdas** · 19-06-13, 09:19

Voila, ik kreeg soms nog de melding dat er meer dan 50000 tekens waren. Hopelijk is het werkbaar in 5 stukken?

**Marckie** · 19-06-13, 17:02

Downloadt TDSSKiller en plaats het op je bureaublad.
Dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op "Change parameters" en vink aan:
- Services and drivers
- Boot sectors
- Verify drivers digital signatures
Klik op "OK"
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
De unsigned files skip je.
Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
Post dat logje.

Daarna doe je dit:
Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

Mededeling

pop-ups bij elke klik of login

pop-ups bij elke klik of login

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment