Mededeling

Collapse
No announcement yet.

MBAM, DDS en GMER-log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • MBAM, DDS en GMER-log

    MBAM:

    DDS:

    GMER:

  • #2
    Het lukt me niet om de logbestanden hier in een bericht te kopiëren.. Ik heb het al meermaals geprobeerd

    Comment


    • #3
      MBAM:

      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.11.23.08

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      ik :: IK-9D749CB7D9B5 [administrator]

      11/23/2013 10:21:26 PM
      mbam-log-2013-11-23 (22-21-26).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 196161
      Verstreken tijd: 9 minuut/minuten, 24 seconde(n)

      Geheugenprocessen gedetecteerd: 3
      C:\Program Files\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> 1676 -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> 1684 -> Zal worden verwijderd tijdens het herstarten.
      C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> 2576 -> Zal worden verwijderd tijdens het herstarten.

      Geheugenmodulen gedetecteerd: 19
      C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgsimcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgcommunication.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mghooking.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgconfig.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgSweetIM.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgArchive.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Zal worden verwijderd tijdens het herstarten.
      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\mgHelperGC.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.

      Registersleutels gedetecteerd: 26
      HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerwaarden gedetecteerd: 10
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SweetIM (PUP.Optional.SweetIM) -> Data: C:\Program Files\SweetIM\Messenger\SweetIM.exe -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sweetpacks Communicator (PUP.Optional.SweetIM) -> Data: C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: 썛愘ᇜ犜ጀ유䞘 -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SWEETIM -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {4F3CB873-EF51-4030-9A50-EEF2FCC062B7} -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\WNLT|PDV (PUP.Optional.InstallBrain.A) -> Data: [TAILUPGRADECAPTURE] [UPGRADEONIDLE] [BLACKLIST=1] -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {4F3CB873-EF51-4030-9A50-EEF2FCC062B7} -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM.A) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM.A) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerdata gedetecteerd: 3
      HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

      Mappen gedetecteerd: 9
      C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      Bestanden gedetecteerd: 129
      C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgsimcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgcommunication.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mghooking.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgconfig.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgSweetIM.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Messenger\mgArchive.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Zal worden verwijderd tijdens het herstarten.
      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\mgHelperGC.dll (PUP.Optional.SweetIM) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\ik\My Documents\Downloads\Setup.exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\ik\My Documents\Downloads\Niet bevestigd 936843.crdownload (PUP.BundleInstaller.VG) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\ik\My Documents\Downloads\wlm-xp.exe (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\ik\My Documents\Downloads\SoftonicDownloader_voor_windows-live-messenger-2012.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E4N7VPZB\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UDZVZQOM\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\Installer\MSI30E.tmp (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\Installer\12aaf03.msi (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\Installer\12aaf0a.msi (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\Installer\12aaf0b.msi (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\Installer\12aaf11.msi (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> Zal worden verwijderd tijdens het herstarten.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\WINDOWS\system32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      (einde)

      Comment


      • #4
        DDS:

        DDS (Ver_2012-11-20.01) - NTFS_x86
        Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
        Run by ik at 22:43:18 on 2013-11-23
        Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.497 [GMT 1:00]
        .
        AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
        .
        ============== Running Processes ================
        .
        C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        C:\Program Files\AVAST Software\Avast\avastUI.exe
        C:\Program Files\Common Files\Java\Java Update\jusched.exe
        C:\Program Files\Athan\Athan.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
        C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\locator.exe
        C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Google\Chrome\Application\chrome.exe
        C:\Program Files\Google\Chrome\Application\chrome.exe
        C:\Program Files\Google\Chrome\Application\chrome.exe
        C:\Program Files\Google\Chrome\Application\chrome.exe
        C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k NetworkService
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\system32\svchost.exe -k imgsvc
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.com/
        uInternet Connection Wizard,ShellNext = iexplore
        BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
        BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
        BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
        BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
        BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
        TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
        TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
        uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
        uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
        uRun: [Facebook Update] "c:\documents and settings\ik\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
        uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
        uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
        mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
        mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
        mRun: [Athan] c:\program files\athan\Athan.exe
        mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
        mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
        StartupFolder: c:\docume~1\ik\startm~1\programs\startup\inktwa~1.lnk - c:\windows\system32\RunDll32.exe
        uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
        mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
        .
        INFO: HKCU has more than 50 listed domains.
        If you wish to scan all of them, select the 'Force scan all domains' option.
        .
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        TCP: NameServer = 195.130.131.132 195.130.130.4
        TCP: Interfaces\{41187EB2-07E0-464A-9759-D7DA19372B7D} : DHCPNameServer = 195.130.131.132 195.130.130.4
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - c:\documents and settings\ik\application data\mozilla\firefox\profiles\38mf5y73.default\
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={4F3CB873-EF51-4030-9A50-EEF2FCC062B7}&src=2&crg=3.32010003&q=
        FF - prefs.js: network.proxy.type - 0
        FF - plugin: c:\documents and settings\ik\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
        FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
        FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
        FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
        FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
        FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
        FF - plugin: c:\windows\system32\npDeployJava1.dll
        FF - plugin: c:\windows\system32\npptools.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 AEC6880;AEC6880;c:\windows\system32\drivers\AEC6880.sys [2012-2-25 31566]
        R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-27 441176]
        R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-27 309848]
        R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-2-29 497496]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-27 19544]
        R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-27 42184]
        R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
        R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
        R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
        R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
        R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
        R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
        R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
        R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
        S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2012-7-5 37632]
        S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
        S3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2012-5-4 724736]
        .
        =============== Created Last 30 ================
        .
        2013-11-23 21:19:23 -------- d-----w- c:\documents and settings\ik\application data\Malwarebytes
        2013-11-23 21:19:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
        2013-11-23 21:19:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
        2013-11-23 21:19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
        2013-11-14 15:29:25 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
        2013-11-14 15:29:25 21504 ----a-w- c:\windows\system32\hidserv.dll
        2013-11-14 15:29:19 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
        2013-11-14 15:29:19 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
        .
        ==================== Find3M ====================
        .
        2013-10-18 20:53:40 0 ----a-w- c:\windows\system32\sho10D8.tmp
        2013-10-17 21:13:42 0 ----a-w- c:\windows\system32\sho7E2.tmp
        2013-10-15 08:58:14 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
        2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
        2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll
        2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
        2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
        2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec
        2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
        2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
        2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
        2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
        2013-09-30 15:53:04 632656 ----a-w- c:\windows\system32\msvcr80.dll
        2013-09-30 15:53:04 554832 ----a-w- c:\windows\system32\msvcp80.dll
        2013-09-30 15:53:04 479232 ----a-w- c:\windows\system32\msvcm80.dll
        2013-09-09 08:54:24 773968 ----a-w- c:\windows\system32\msvcr100.dll
        2013-09-09 08:54:24 421200 ----a-w- c:\windows\system32\msvcp100.dll
        2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
        .
        ============= FINISH: 22:44:23.67 ===============

        Comment


        • #5
          Omdat het mij niet lukt om het GMER-log in 1 deel te plaatsen, zal ik het in delen plaatsen.

          Deel 1 GMER:

          GMER 2.1.19163 - http://www.gmer.net
          Rootkit scan 2013-11-23 23:09:16
          Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JB-00JJA0 rev.05.01C05 74.53GB
          Running: qeg66mwv.exe; Driver: C:\DOCUME~1\ik\LOCALS~1\Temp\ufayqpob.sys


          ---- System - GMER 2.1 ----

          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0xB65C0202]
          SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0xB6626D8C]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwClose [0xB65E46C1]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0xB65C27F0]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0xB65C2848]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0xB65C295E]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateKey [0xB65E4075]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0xB65C2746]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSection [0xB65C2898]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0xB65C279A]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0xB65C290C]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0xB65C0226]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteKey [0xB65E4D87]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteValueKey [0xB65E503D]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDuplicateObject [0xB65C2BE2]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateKey [0xB65E4BF2]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateValueKey [0xB65E4A5D]
          SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0xB6626E3C]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwLoadDriver [0xB65BFFF0]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0xB65C024A]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0xB65C2D56]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0xB65C0CDA]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0xB65C2820]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0xB65C2870]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0xB65C2988]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenKey [0xB65E43D1]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0xB65C2772]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenProcess [0xB65C2A1A]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0xB65C28D8]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0xB65C27C8]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenThread [0xB65C2AFE]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0xB65C2936]
          SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0xB6626ED4]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryKey [0xB65E48D8]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0xB65C0BA0]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryValueKey [0xB65E472A]
          SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRenameKey [0xB662F10E]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwRestoreKey [0xB65E36E8]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0xB65C026E]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0xB65C0292]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0xB65C004A]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0xB65C0186]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetValueKey [0xB65E4E8E]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0xB65C0162]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSystemDebugControl [0xB65C01AA]
          SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0xB65C02B6]

          ---- Kernel code sections - GMER 2.1 ----

          .text ntoskrnl.exe!_abnormal_termination + 37C 804E2950 4 Bytes [E8, 36, 5E, B6]
          PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL B65C1335 \SystemRoot\System32\Drivers\aswSnx.SYS
          ? tkuhim.sys Het systeem kan het opgegeven bestand niet vinden. !
          ? C:\DOCUME~1\ik\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

          ---- User code sections - GMER 2.1 ----

          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
          .text C:\WINDOWS\System32\smss.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\csrss.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
          .text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
          .text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\WINDOWS\system32\services.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\services.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\services.exe[688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\services.exe[688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\services.exe[688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
          .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
          .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
          .text C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
          .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
          .text C:\WINDOWS\system32\HPZipm12.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
          .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
          .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
          .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
          .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
          .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
          .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
          .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
          .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
          .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
          .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

          Comment


          • #6
            Deel 2 GMER:


            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
            .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1280] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
            .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\WINDOWS\Explorer.EXE[1388] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00361014
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00360804
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00360A08
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00360C0C
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00360E10
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003601F8
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003603FC
            .text C:\WINDOWS\Explorer.EXE[1388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00360600
            .text C:\WINDOWS\Explorer.EXE[1388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00370804
            .text C:\WINDOWS\Explorer.EXE[1388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00370A08
            .text C:\WINDOWS\Explorer.EXE[1388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00370600
            .text C:\WINDOWS\Explorer.EXE[1388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003701F8
            .text C:\WINDOWS\Explorer.EXE[1388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003703FC
            .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
            .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917FA2
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918013
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918141
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, A9, 00]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AB01F8
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00AB03FC
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D41014
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 3 Bytes JMP 00D40804
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfigA + 4 77E36E6D 1 Byte [88]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes JMP 00D40A08
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 1 Byte [88]
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D40C0C
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D40E10
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D401F8
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D403FC
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D40600
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D50804
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D50A08
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D50600
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D501F8
            .text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D503FC
            .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
            .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
            .text C:\Program Files\Athan\Athan.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
            .text C:\Program Files\Athan\Athan.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\Athan\Athan.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
            .text C:\Program Files\Athan\Athan.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Athan\Athan.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
            .text C:\Program Files\Athan\Athan.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
            .text C:\Program Files\Athan\Athan.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
            .text C:\Program Files\Athan\Athan.exe[1688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
            .text C:\Program Files\Athan\Athan.exe[1688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
            .text C:\Program Files\Athan\Athan.exe[1688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
            .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
            .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
            .text C:\WINDOWS\system32\ctfmon.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
            .text C:\WINDOWS\system32\ctfmon.exe[1724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\ctfmon.exe[1724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
            .text C:\WINDOWS\system32\ctfmon.exe[1724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
            .text C:\WINDOWS\system32\ctfmon.exe[1724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
            .text C:\WINDOWS\system32\ctfmon.exe[1724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
            .text C:\WINDOWS\system32\ctfmon.exe[1724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\Program Files\Messenger\msmsgs.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
            .text C:\Program Files\Messenger\msmsgs.exe[1740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
            .text C:\Program Files\Messenger\msmsgs.exe[1740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
            .text C:\Program Files\Messenger\msmsgs.exe[1740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
            .text C:\Program Files\Messenger\msmsgs.exe[1740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
            .text C:\Program Files\Messenger\msmsgs.exe[1740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
            .text C:\Program Files\Messenger\msmsgs.exe[1740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\WINDOWS\system32\RunDll32.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\RunDll32.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
            .text C:\WINDOWS\system32\RunDll32.exe[1988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
            .text C:\WINDOWS\system32\RunDll32.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
            .text C:\WINDOWS\system32\RunDll32.exe[1988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
            .text C:\WINDOWS\system32\RunDll32.exe[1988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
            .text C:\WINDOWS\system32\RunDll32.exe[1988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\WINDOWS\system32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
            .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
            .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
            .text C:\WINDOWS\system32\locator.exe[2068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\WINDOWS\system32\locator.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\locator.exe[2068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\WINDOWS\system32\locator.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
            .text C:\WINDOWS\system32\locator.exe[2068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
            .text C:\WINDOWS\system32\locator.exe[2068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\locator.exe[2068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\locator.exe[2068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\locator.exe[2068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\locator.exe[2068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
            .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
            .text C:\WINDOWS\system32\svchost.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
            .text C:\WINDOWS\system32\svchost.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\svchost.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
            .text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
            .text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
            .text C:\WINDOWS\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\svchost.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\svchost.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\svchost.exe[2372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
            .text C:\WINDOWS\system32\wdfmgr.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

            Comment


            • #7
              deel 3:


              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005D1014
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005D0804
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005D0A08
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005D0C0C
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005D0E10
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005D01F8
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005D03FC
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005D0600
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005E0804
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005E0A08
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005E0600
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005E01F8
              .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005E03FC
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
              .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
              .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
              .text C:\WINDOWS\System32\alg.exe[3220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
              .text C:\WINDOWS\System32\alg.exe[3220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\WINDOWS\System32\alg.exe[3220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
              .text C:\WINDOWS\System32\alg.exe[3220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\WINDOWS\System32\alg.exe[3220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
              .text C:\WINDOWS\System32\alg.exe[3220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
              .text C:\WINDOWS\System32\alg.exe[3220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
              .text C:\WINDOWS\System32\alg.exe[3220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
              .text C:\WINDOWS\System32\alg.exe[3220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
              .text C:\WINDOWS\System32\alg.exe[3220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
              .text C:\WINDOWS\system32\wscntfy.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\WINDOWS\system32\wscntfy.exe[3272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
              .text C:\WINDOWS\system32\wscntfy.exe[3272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
              .text C:\WINDOWS\system32\wscntfy.exe[3272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
              .text C:\WINDOWS\system32\wscntfy.exe[3272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
              .text C:\WINDOWS\system32\wscntfy.exe[3272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
              .text C:\WINDOWS\system32\wscntfy.exe[3272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
              .text C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 88, 00] {SUB AL, CL; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 88, 00] {SUB BL, CL; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 88, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 88, 00] {TEST AL, 0xc9; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915EE2
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 88, 00] {TEST AL, 0xca; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 88, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 88, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915F53
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 88, 00] {TEST AL, 0xc8; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916081
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 88, 00] {SUB CL, CL; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 88, 00] {SUB DL, CL; MOV [EAX], AL}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 88, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A01F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008A03FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B31014
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B30804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B30A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B30C0C
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B30E10
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B301F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B303FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B30600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B40804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00B40A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00B40600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00B401F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00B403FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, CE, 00] {SUB [ESI+ECX*8+0x0], DH}
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A48E
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A4FF
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A62D
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, CE, 00]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D001F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D003FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F91014
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F90804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F90A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F90C0C
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F90E10
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F901F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F903FC
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F90600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00FA0804
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00FA0A08
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00FA0600
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00FA01F8
              .text C:\Program Files\Google\Chrome\Application\chrome.exe[3720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00FA03FC

              ---- User IAT/EAT - GMER 2.1 ----

              IAT C:\WINDOWS\system32\services.exe[688] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
              IAT C:\WINDOWS\system32\services.exe[688] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

              ---- Devices - GMER 2.1 ----

              AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS
              AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS
              AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS
              AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS
              AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS
              AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
              AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS

              ---- EOF - GMER 2.1 ----

              Comment


              • #8
                Download Zoek.zip naar het bureaublad.
                1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
                2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

                • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
                • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
                  Code:
                   
                  torpigcheck;
                  emptyclsid;
                  emptyfolderscheck;delete
                  firefoxlook; 
                  Chromelook;  
                  autoclean; 
                  iedefaults; 
                  filesrcm;
                • Klik nu op de knop "Run script".
                • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
                • Post het geopende logje in het volgende bericht als bijlage.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Hoe download ik die zoek.zip ? Ik klik op je hyperlink en kom dan op een site maar klik dan bovenaan op de 2 'downloads' maar ik kan het programma niet uitvoeren?

                  Comment


                  • #10
                    ik heb het gevonden

                    Comment


                    • #11
                      Zoek.exe Version 4.0.0.5 Updated 24-November-2013
                      Tool run by ik on Sun 11/24/2013 at 20:00:44.71.
                      Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
                      Running in: Normal Mode Internet Access Detected
                      Launched: C:\Documents and Settings\ik\My Documents\Downloads\zoek (3)\zoek.exe [Script inserted]

                      ==== System Restore Info ======================

                      11/24/2013 8:02:08 PM Zoek.exe System Restore Point Created Succesfully.

                      ==== Torpig Check ======================

                      HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF {67EA19A0-CCEF-11d0-8024-00C04FD75D13} %SystemRoot%\system32\shdocvw.dll
                      HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll
                      HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments {ECF03A33-103D-11d2-854D-006008059367} %SystemRoot%\system32\mydocs.dll
                      HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll


                      ==== Empty Folders Check ======================

                      C:\Program Files\MSXML 4.0 deleted successfully
                      C:\Documents and Settings\ik\Application Data\TP deleted successfully
                      C:\Documents and Settings\ik\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

                      ==== Deleting CLSID Registry Keys ======================

                      HKEY_USERS\S-1-5-21-507921405-2139871995-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
                      HKEY_USERS\S-1-5-21-507921405-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

                      ==== Deleting CLSID Registry Values ======================


                      ==== Deleting Services ======================


                      ==== FireFox Fix ======================

                      ProfilePath: C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default

                      user.js not found
                      ---- Lines Search removed from prefs.js ----
                      user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SE
                      ---- Lines ask.com removed from prefs.js ----
                      user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.swee
                      ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----

                      user_pref("extensions.enabledAddons", "[email protected]:6.0.1203,{EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:10
                      user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"[email protected]\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
                      ---- Lines Sweet removed from prefs.js ----
                      user_pref("keyword.URL", "http://search.sweetim.com/search.asp?barid={4F3CB873-EF51-4030-9A50-EEF2FCC062B7}&src=2&crg=3.32010003&q=");
                      user_pref("sweetim.toolbar.cargo", "3.32010003");
                      user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
                      user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
                      user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
                      user_pref("sweetim.toolbar.cda.returnValue", "none");
                      user_pref("sweetim.toolbar.dialogs.0.enable", "true");
                      user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
                      user_pref("sweetim.toolbar.dialogs.0.height", "335");
                      user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
                      user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
                      user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=
                      user_pref("sweetim.toolbar.dialogs.0.width", "761");
                      user_pref("sweetim.toolbar.dialogs.1.enable", "true");
                      user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
                      user_pref("sweetim.toolbar.dialogs.1.height", "300");
                      user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
                      user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
                      user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
                      user_pref("sweetim.toolbar.dialogs.1.width", "500");
                      user_pref("sweetim.toolbar.dialogs.2.enable", "true");
                      user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
                      user_pref("sweetim.toolbar.dialogs.2.height", "150");
                      user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
                      user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
                      user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");
                      user_pref("sweetim.toolbar.dialogs.2.width", "530");
                      user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.
                      user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
                      user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
                      user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
                      user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
                      user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
                      user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
                      user_pref("sweetim.toolbar.mode.debug", "false");
                      user_pref("sweetim.toolbar.newtab.created", "false");
                      user_pref("sweetim.toolbar.newtab.enable", "true");
                      user_pref("sweetim.toolbar.previous.keyword.URL", "");
                      user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
                      user_pref("sweetim.toolbar.RevertDialog.enable", "false");
                      user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
                      user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
                      user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
                      user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");
                      user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
                      user_pref("sweetim.toolbar.scripts.0.enable", "false");
                      user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
                      user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");
                      user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
                      user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
                      user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
                      user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");
                      user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
                      user_pref("sweetim.toolbar.scripts.1.enable", "false");
                      user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");
                      user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");
                      user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
                      user_pref("sweetim.toolbar.scripts.2.callback", "");
                      user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
                      user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
                      user_pref("sweetim.toolbar.scripts.2.enable", "false");
                      user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
                      user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
                      user_pref("sweetim.toolbar.search.history.capacity", "10");
                      user_pref("sweetim.toolbar.searchguard.enable", "false");
                      user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
                      user_pref("sweetim.toolbar.simapp_id", "{4F3CB873-EF51-4030-9A50-EEF2FCC062B7}");
                      user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
                      user_pref("sweetim.toolbar.version", "1.9.0.0");
                      user_pref("sweetim.toolbar.Visibility.enable", "true");
                      user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
                      user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
                      ---- FireFox user.js and prefs.js backups ----

                      prefs_20131124_0833_.backup

                      ==== Deleting Files \ Folders ======================

                      "C:\WINDOWS\Installer\12aaf0a.msi" not found
                      "C:\WINDOWS\Installer\12aaf03.msi" not found
                      "C:\WINDOWS\Installer\12aaf11.msi" not found
                      C:\Program Files\SweetIM deleted
                      C:\Documents and Settings\All Users\Application Data\SweetIM deleted
                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
                      C:\WINDOWS\002855_.tmp deleted
                      C:\WINDOWS\SET3.tmp deleted
                      C:\WINDOWS\SET4.tmp deleted
                      C:\WINDOWS\SET8.tmp deleted
                      C:\WINDOWS\tasks\At1.job deleted
                      C:\WINDOWS\tasks\At2.job deleted
                      C:\WINDOWS\tasks\At3.job deleted
                      C:\WINDOWS\tasks\At4.job deleted
                      C:\WINDOWS\system32\ImHttpComm.dll deleted
                      C:\WINDOWS\System32\jmdp deleted
                      C:\WINDOWS\System32\ARFC deleted
                      C:\WINDOWS\System32\WNLT deleted
                      C:\WINDOWS\System32\SET117.tmp deleted
                      C:\WINDOWS\System32\SET118.tmp deleted
                      C:\WINDOWS\System32\SET119.tmp deleted
                      C:\WINDOWS\System32\SET144.tmp deleted
                      C:\WINDOWS\System32\SET150.tmp deleted
                      C:\WINDOWS\System32\SET15C.tmp deleted
                      C:\WINDOWS\System32\SET16E.tmp deleted
                      C:\WINDOWS\System32\SET198.tmp deleted
                      C:\WINDOWS\System32\SET199.tmp deleted
                      C:\WINDOWS\System32\SET19A.tmp deleted
                      C:\WINDOWS\System32\SET1DF.tmp deleted
                      C:\WINDOWS\System32\SET1FD.tmp deleted
                      C:\WINDOWS\System32\SET214.tmp deleted
                      C:\WINDOWS\System32\SET21C.tmp deleted
                      C:\WINDOWS\System32\SET21D.tmp deleted
                      C:\WINDOWS\System32\SET21E.tmp deleted
                      C:\WINDOWS\System32\SET21F.tmp deleted
                      C:\WINDOWS\System32\SET220.tmp deleted
                      C:\WINDOWS\System32\SET221.tmp deleted
                      C:\WINDOWS\System32\SET222.tmp deleted
                      C:\WINDOWS\System32\SET223.tmp deleted
                      C:\WINDOWS\System32\SET224.tmp deleted
                      C:\WINDOWS\System32\SET225.tmp deleted
                      C:\WINDOWS\System32\SET226.tmp deleted
                      C:\WINDOWS\System32\SET227.tmp deleted
                      C:\WINDOWS\System32\SET228.tmp deleted
                      C:\WINDOWS\System32\SET229.tmp deleted
                      C:\WINDOWS\System32\SET22A.tmp deleted
                      C:\WINDOWS\System32\SET27A.tmp deleted
                      C:\WINDOWS\System32\SET29D.tmp deleted
                      C:\WINDOWS\System32\SET2A8.tmp deleted
                      C:\WINDOWS\System32\SET2BD.tmp deleted
                      C:\WINDOWS\System32\SET2BE.tmp deleted
                      C:\WINDOWS\System32\SET2BF.tmp deleted
                      C:\WINDOWS\System32\SET2C0.tmp deleted
                      C:\WINDOWS\System32\SET2C1.tmp deleted
                      C:\WINDOWS\System32\SET2E0.tmp deleted
                      C:\WINDOWS\System32\SET2F3.tmp deleted
                      C:\WINDOWS\System32\SET2F4.tmp deleted
                      C:\WINDOWS\System32\SET300.tmp deleted
                      C:\WINDOWS\System32\SET395.tmp deleted
                      C:\WINDOWS\System32\SET3BE.tmp deleted
                      C:\WINDOWS\System32\SET3F2.tmp deleted
                      C:\WINDOWS\System32\SET3F3.tmp deleted
                      C:\WINDOWS\System32\SET3F5.tmp deleted
                      C:\WINDOWS\System32\SET3F6.tmp deleted
                      C:\WINDOWS\System32\SET3FB.tmp deleted
                      C:\WINDOWS\System32\SET403.tmp deleted
                      C:\WINDOWS\System32\SET405.tmp deleted
                      C:\WINDOWS\System32\sho10D8.tmp deleted
                      C:\WINDOWS\System32\sho3B4.tmp deleted
                      C:\WINDOWS\System32\sho71A.tmp deleted
                      C:\WINDOWS\System32\sho7E2.tmp deleted
                      C:\WINDOWS\System32\sho9CB.tmp deleted
                      C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default\searchplugins\MyStart Search.xml deleted
                      C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default\searchplugins\SweetIM Search.xml deleted
                      C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default\SweetPacksToolbarData deleted
                      C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
                      C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} deleted
                      C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi deleted
                      "C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default\searchplugins\sweetim.xml" deleted

                      ==== Files Recently Created / Modified ======================

                      ====== C:\WINDOWS ====
                      ====== C:\DOCUME~1\ik\LOCALS~1\Temp ====
                      ====== Java Cache =====
                      ====== C:\WINDOWS\system32 =====
                      2013-11-14 15:29:25 DEB04DA35CC871B6D309B77E1443C796 21504 ----a-w- C:\WINDOWS\System32\hidserv.dll
                      ====== C:\WINDOWS\system32\drivers =====
                      2013-11-23 21:19:03 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
                      2013-11-14 15:29:19 9EF487A186DEA361AA06913A75B3FA99 14592 ----a-w- C:\WINDOWS\System32\drivers\kbdhid.sys
                      ====== C:\WINDOWS\Tasks ======
                      ====== C:\WINDOWS\Temp ======
                      ======= C:\Program Files =====
                      ======= C: =====
                      ====== C:\Documents and Settings\ik\Application Data ======
                      ====== C:\Documents and Settings\ik ======

                      ====== C: exe-files ==
                      2013-11-24 18:24:22 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Documents and Settings\ik\My Documents\Downloads\Defogger (2).exe
                      2013-11-24 17:22:59 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Documents and Settings\ik\My Documents\Downloads\Defogger (1).exe
                      2013-11-23 21:45:16 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Documents and Settings\ik\My Documents\Downloads\qeg66mwv.exe
                      2013-11-23 21:18:23 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\ik\My Documents\Downloads\mbam-setup-1.75.0.1300.exe
                      2013-11-23 21:17:07 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Documents and Settings\ik\My Documents\Downloads\Defogger.exe
                      === C: other files ==
                      2013-11-24 19:23:20 3E5D89099DED9E86E5639F411693218F 49408 ----a-w- C:\WINDOWS\LastGood\system32\drivers\stream.sys
                      2013-11-24 19:23:19 E82A496C3961EFC6828B508C310CE98F 146048 ----a-w- C:\WINDOWS\LastGood\system32\drivers\portcls.sys
                      2013-11-24 19:23:16 0753515F78DF7F271A5E61C20BCD36A1 141056 ----a-w- C:\WINDOWS\LastGood\system32\drivers\ks.sys
                      2013-11-24 19:23:14 6CB08593487F5701D2D2254E693EAFCE 60160 ----a-w- C:\WINDOWS\LastGood\system32\drivers\drmk.sys
                      2013-11-24 18:53:44 E04A4E184290286262FDECDEB8E8F4BC 4044244 ----a-w- C:\RECYCLER\S-1-5-21-507921405-2139871995-725345543-1003\Dc3.zip
                      2013-11-24 18:21:06 94E6B78A104CB35E1EDE09407792F072 83 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IIBJY0H6\update.microsoft[1].com
                      2013-11-24 18:20:13 194CD6A43B44745ED8EF3744A8D81D35 76 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\AKR8EZ6C\microsoft[1].com
                      2013-11-24 18:20:10 194CD6A43B44745ED8EF3744A8D81D35 76 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IU42QLAF\microsoft[1].com
                      2013-11-24 18:19:30 51D9E329949559BF0F8A0A156FD315A6 79 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IU42QLAF\go.microsoft[1].com
                      2013-11-24 18:17:05 94E6B78A104CB35E1EDE09407792F072 83 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\AKR8EZ6C\update.microsoft[1].com
                      2013-11-24 18:17:02 3822445F63A3EDB5F251EC5CB95843BC 89 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\AKR8EZ6C\windowsupdate.microsoft[1].com
                      2013-11-24 17:53:01 7630F8A98F938611AEC713029438DAF9 416 ----a-w- C:\Documents and Settings\ik\Local Settings\Temp\DelUS.bat
                      2013-11-24 17:48:08 CC3042C1A23B61E23488BAE4076FC2A2 86 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\GVTVA16X\feedback.discoverbing[1].com
                      2013-11-24 17:48:03 8CCFD7E66E700B2B7E384496A56919AE 72 ----a-w- C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IIBJY0H6\g.msn[1].com
                      2013-11-23 21:43:00 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Documents and Settings\ik\My Documents\Downloads\dds.com
                      2013-11-23 21:19:03 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

                      ==== Folders in C:\Documents and Settings\All Users\Application Data 0-6 Months Old ======================

                      2013-08-16 16:05:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Visan
                      2013-11-23 21:19:07 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2013-11-24 18:18:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

                      ==== Firefox Extensions Registry ======================

                      [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
                      "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [10/18/2013 09:27 PM]

                      ==== Firefox Extensions ======================

                      ProfilePath: C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default
                      - avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

                      AppDir: C:\Program Files\Mozilla Firefox
                      - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
                      - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

                      ==== Firefox Plugins ======================

                      Profilepath: C:\Documents and Settings\ik\Application Data\Mozilla\Firefox\Profiles\38mf5y73.default
                      0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Documents and Settings\ik\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
                      2F4781F84C92E8C4B1586E47A78E8A61 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.50.255
                      18C6A57B569F088C2BD7B828A211AC06 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U5
                      7EC56424E3E77EBF4BF5E0798175E4E5 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
                      5789773089BC334C56CC31833F20DAF6 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
                      28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
                      8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
                      5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
                      7D894ED61EF0505277D8A476D7DF43F1 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
                      68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System


                      ==== Chrome Look ======================

                      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
                      icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/04/2011 01:43 PM]
                      jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
                      ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Windows\System32\jmdp\SweetNT.crx

                      YouTube - ik - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
                      Google Search - ik - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
                      avast WebRep - ik - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
                      SweetIM for Facebook - ik - Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
                      Google Wallet - ik - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
                      SweetPacks Chrome Extension - ik - Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
                      Gmail - ik - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

                      ==== Chrome Fix ======================

                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_keek.nl.softonic.com_0.localstorage-journal deleted successfully
                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

                      ==== Set IE to Default ======================

                      Old Values:
                      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                      "Start Page"="http://www.google.com/"
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
                      "DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}"
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] not found

                      New Values:
                      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                      "Start Page"="http://www.google.com/"
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
                      "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

                      ==== All HKCU SearchScopes ======================

                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
                      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
                      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

                      ==== Deleting Registry Keys ======================

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3 deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
                      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted successfully
                      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} deleted successfully
                      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
                      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
                      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5 deleted successfully
                      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully
                      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WZCSLDR2 deleted successfully

                      ==== Empty IE Cache ======================

                      C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
                      C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
                      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
                      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
                      C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\AKR8EZ6C will be deleted at reboot
                      C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\GVTVA16X will be deleted at reboot
                      C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IIBJY0H6 will be deleted at reboot
                      C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

                      ==== Empty FireFox Cache ======================

                      No FireFox Cache found

                      ==== Empty Chrome Cache ======================

                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
                      C:\Documents and Settings\ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

                      ==== Empty All Flash Cache ======================

                      Flash Cache Emptied Successfully

                      ==== Empty All Java Cache ======================

                      Java Cache cleared successfully

                      ==== After Reboot ======================

                      ==== Empty Temp Folders ======================

                      C:\WINDOWS\Temp successfully emptied
                      C:\DOCUME~1\ik\LOCALS~1\Temp successfully emptied

                      ==== Empty Recycle Bin ======================

                      C:\RECYCLER successfully emptied

                      ==== Deleting Files / Folders ======================

                      "C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
                      "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
                      "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
                      "C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\AKR8EZ6C" not found
                      "C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\GVTVA16X" not found
                      "C:\Documents and Settings\ik\Local Settings\Temporary Internet Files\Content.IE5\IIBJY0H6" not found

                      ==== EOF on Sun 11/24/2013 at 21:40:27.87 ======================

                      Comment


                      • #12
                        Goed gedaan, hoe gaat het nu?

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Tot nu toe gaat ie veeeel beter alleen hapert die af en toe nog wat! Dat zal dan wel liggen aan de ouderdom van de pc zkr?

                          Comment


                          • #14
                            Wie weet.

                            Download AdwCleaner by Xplode naar het bureaublad.
                            • Sluit alle openstaande vensters.
                            • Dubbelklik op AdwCleaner om hem te starten.
                            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
                            • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                            • Klik vervolgens op Scan.
                            • Klik vervolgens op Clean als er items zijn gevonden.
                            • Klik bij Herstarten Noodzakelijk op OK


                            Nadat de PC opnieuw is opgestart, opent meestal een logfile.
                            Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.

                            Logbestand plaatsen
                            • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Bij gebrek aan feedback ga ik er vanuit dat het probleem is opgelost.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X