Mededeling

Collapse
No announcement yet.

Problemen met Windows XP

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Problemen met Windows XP

    Ik heb een pc met Windows XP, waarmee ik sinds enkele dagen problemen heb.

    Geen idee of dit iets met de problemen te maken heeft, maar ik noem het toch even:

    In mei 2014 heb ik dmv een aanpassing in het register, mijn PC aangepast als een Windows POSReady 2009 pc, om zodoende nog beveiligingsupdates te kunnen ontvangen, hierin zal ik niet de enige zijn. Sindsdien ontvang ik regelmatig Windows updates en waren er geen problemen.

    Vorige week ontving ik oa een Windows update kb3013455 welke mijn fonts een fuzzy uiterlijk gaven. Na wat de hebben gezocht op het web, vond ik uit dat deze update hier de oorzaak was. Ik heb toen eerst geprobeerd om deze in de softwarelijst op te sporen en te verwijderen, maar deze stond niet in de lijst.
    Uiteindelijk vond ik in de map C\Windows een verborgen map $NtUninstallKB3013455$, heb via de map spuninst deze update verwijderd. Mijn fonts waren weer in orde.

    Nu, sinds enkele dagen gebeuren er vreemde dingen op mijn pc:

    PC start normaal op.
    Ga ik naar mijn documenten, dan ontbreken er op sommige momenten plots de namen van de mappen of submappen.
    Klik ik één map aan, dan worden plots een hele rij mappen tegelijk gemarkeerd.
    Mijn toetsen produceren op mijn beeldscherm alleen nog maar hoofdletters. Ook cijfers doen het niet meer.
    Scrollfunctie werkt niet meer.
    Start ik Firefox op, dan krijg ik soms de vraag of ik deze in de veilige modus wil starten.
    Klik ik op systeemherstel, dan regeert de pc hier niet op.
    Panda laten scannen, geen noemenswaardige dingen.

    Start ik de pc opnieuw op, is ie even goed, maar na enkele minuten is weer mis.
    Ik heb voor de zekerheid kb 3013455 weer geïnstalleerd; fonts zijn weer fuzzy, overige problemen blijven.

    Ik heb de volgende stappen doorlopen:

    Stap 1: uitschakelen van emulatiesoftware
    Stap 2: scannen op malware met Malwarebytes Anti-Malware
    Stap 3: Controle op slechte toolbars..
    Stap 4: maak een DDS-logbestand
    Stap 5: scannen op rootkits met GMER

    Hieronder de logfiles:

    • MBAM
    • AdwCleaner
    • DDS
    • Gmer

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23/02/2015
    Scan Time: 18:03:55
    Logfile: mbamlog 23-2-2015.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.23.04
    Rootkit Database: v2015.02.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Eigenaar

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 377440
    Time Elapsed: 22 min, 31 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    Trojan.BHO, HKLM\SOFTWARE\CLASSES\.fsharproj, Quarantined, [7d63170aa4e66bcb36d4ae9d8f758a76],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-1275210071-583907252-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [8f51140d81092f074207782ac340f40c],
    PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-1275210071-583907252-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftonicAssistant, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],

    Registry Values: 1
    PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-1275210071-583907252-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SoftonicAssistant, "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe", Quarantined, [f3edca5709817eb80720e1bc54af17e9]

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Agent, C:\Documents and Settings\Eigenaar\Application Data\SystemProc, Quarantined, [15cb170ac4c6db5b82ee470604ff9967],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\IncompleteDownloads, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\PerformingUpdates, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],

    Files: 24
    PUP.Optional.Spigot, C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe, Quarantined, [5b854bd61a707bbbc11a794af60b08f8],
    PUP.Optional.Spigot.A, C:\Program Files\YTDSetup.exe, Quarantined, [815ff42d711953e30ef10224c63a847c],
    Malware.Trace, C:\Documents and Settings\Eigenaar\Application Data\0200000080b8bd71724C.manifest, Quarantined, [7a66b36e72183600e4006ba6d4306c94],
    Malware.Trace, C:\Documents and Settings\Eigenaar\Application Data\0200000080b8bd71724O.manifest, Quarantined, [548cf22f3f4b15219e46b45dc44041bf],
    Malware.Trace, C:\Documents and Settings\Eigenaar\Application Data\0200000080b8bd71724P.manifest, Quarantined, [37a9b36ec9c1ae88677dd43d4abad62a],
    Malware.Trace, C:\Documents and Settings\Eigenaar\Application Data\0200000080b8bd71724S.manifest, Quarantined, [eef2af729ceeb3832db79d749a6a27d9],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\mi168093859v4.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\mi168093859v6.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\mi168093859v7.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\mu168093859v5, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\mu168093859v5.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v0, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v0.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v1, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v1.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v2, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v2.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v3, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    Trojan.Tracur, C:\WINDOWS\system32\SysWoW32\wu168093859v3.kwd, Quarantined, [1cc40b168efc6acc51f386f7a65e629e],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe, Quarantined, [f3edca5709817eb80720e1bc54af17e9],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\App.ico, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\extensions.db, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\nsisout.txt, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],
    PUP.Optional.SoftonicAssistant.A, C:\Documents and Settings\Eigenaar\Local Settings\Application Data\SoftonicAssistant\Uninstall.exe, Quarantined, [8b55c45da6e44aec22b9f199e1226a96],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  • #2
    # AdwCleaner v4.111 - Logfile created 23/02/2015 at 18:50:59
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Eigenaar - N-F00B9A9D6E6E4
    # Running from : C:\Documents and Settings\Eigenaar\Bureaublad\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Isis
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SecTaskMan
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\ytd video downloader
    Folder Deleted : C:\Documents and Settings\All Users\Menu Start\Programma's\ytd video downloader
    Folder Deleted : C:\Program Files\GreenTree Applications
    Folder Deleted : C:\Program Files\ytd video downloader
    Folder Deleted : C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\apn
    Folder Deleted : C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Hola
    Folder Deleted : C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Hola
    Folder Deleted : C:\Documents and Settings\Eigenaar\Application Data\HPAppData

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftonicAssistant
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v35.0.1 (x86 nl)


    *************************

    AdwCleaner[R0].txt - [3745 bytes] - [08/04/2014 22:38:06]
    AdwCleaner[R1].txt - [2743 bytes] - [23/02/2015 18:45:44]
    AdwCleaner[S0].txt - [3385 bytes] - [08/04/2014 22:46:03]
    AdwCleaner[S1].txt - [2716 bytes] - [23/02/2015 18:50:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2775 bytes] ##########


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.31.2
    Run by Eigenaar at 19:36:01 on 2015-02-23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3070.2194 [GMT 1:00]
    .
    AV: Panda Antivirus Pro 2014 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
    FW: Panda Personal Firewall 2014 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe
    C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
    C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE
    C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DeskPins\DeskPins.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
    C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2014\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2014\Inicio.exe"
    mRun: [iTunesHelper] "c:\documents and settings\eigenaar\mijn documenten\mijn programma's\apple\iTunesHelper.exe"
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\eigenaar\menust~1\progra~1\opstar~1\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
    StartupFolder: c:\docume~1\eigenaar\menust~1\progra~1\opstar~1\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
    StartupFolder: c:\docume~1\eigenaar\menust~1\progra~1\opstar~1\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
    StartupFolder: c:\docume~1\eigenaar\menust~1\progra~1\opstar~1\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:223
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\eigenaar\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://192.168.0.91/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab
    DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://portal.boels.nl/net6helper.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 195.130.131.3 195.130.130.131
    TCP: Interfaces\{1DA95430-80B4-4BCF-B157-D0FB5DFF62AD} : DHCPNameServer = 195.130.131.3 195.130.130.131
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Notify: avldr - avldr.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\eigenaar\application data\mozilla\firefox\profiles\1mop6ph1.default-1423704439875\
    FF - prefs.js: browser.startup.homepage - hxxp://google.nl/
    FF - plugin: c:\documents and settings\eigenaar\application data\mozilla\plugins\npagee.dll
    FF - plugin: c:\documents and settings\eigenaar\application data\mozilla\plugins\npagee.dll
    FF - plugin: c:\documents and settings\eigenaar\application data\mozilla\plugins\npctxcao.dll
    FF - plugin: c:\documents and settings\eigenaar\application data\mozilla\plugins\npctxcao.dll
    FF - plugin: c:\documents and settings\eigenaar\mijn documenten\mijn programma's\apple\mozilla plugins\npitunes.dll
    FF - plugin: c:\program files\citrix\secure access client\npagee.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1206147.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2014-8-3 26696]
    R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2014-9-12 83528]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
    R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2014-9-12 53256]
    R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2014-9-12 22024]
    R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2014-9-12 193864]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2014-9-12 159112]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2014-8-3 37448]
    R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2014-9-12 46856]
    R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2014-8-3 63240]
    R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2014\PsCtrlS.exe [2014-8-3 177440]
    R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2014\PavFnSvr.exe [2014-8-3 202016]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2014-8-3 166984]
    R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2014-8-3 62768]
    R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2014\pavsrvx86.exe [2014-8-3 313664]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-2-15 459832]
    R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2014\psksvc.exe [2014-8-3 28992]
    R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\samsung\usb drivers\25_escape\conn\ss_conn_service.exe [2014-12-13 743688]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2014-6-5 93040]
    R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2014-8-3 201032]
    R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9c10886efcc32;Google Updateservice (gupdate1c9c10886efcc32);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 107912]
    S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-12-13 89856]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-12-13 184192]
    S3 ute4njax;AVZ Kernel Driver;c:\windows\system32\drivers\ute4njax.sys [2009-12-26 7168]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-10-25 130976]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandaa~2\PavScrip.exe "%1" %*
    FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandaa~2\PavScrip.exe "%1" %*
    FileExt: .js: JSFile=c:\progra~1\pandas~1\pandaa~2\PavScrip.exe "%1" %*
    FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandaa~2\PavScrip.exe "%1" %*
    FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandaa~2\PavScrip.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2015-02-23 17:02:37 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-23 17:02:07 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-23 17:02:07 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-02-23 17:02:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-02-12 16:39:34 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2015-02-12 16:39:34 -------- d-----w- c:\windows\system32\wbem\Repository
    2015-02-12 00:02:32 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-02-11 23:57:53 908608 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2015-02-11 23:57:35 913728 ----a-w- c:\windows\system32\nvdispgenco3234752.dll
    2015-02-11 23:57:35 1048896 ----a-w- c:\windows\system32\nvdispco3234752.dll
    2015-02-11 23:39:01 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-02-11 23:39:01 146432 ----a-w- c:\windows\system32\javacpl.cpl
    2015-02-11 13:32:46 1890688 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2024-03-21 12:44:18 246272 -c--a-w- c:\windows\UNINST16.EXE
    2015-02-12 00:13:46 1511188 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2015-02-12 00:13:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2015-02-12 00:11:17 1511188 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2015-02-05 20:41:54 3602176 ----a-w- c:\windows\system32\nv4_disp.dll
    2015-02-05 20:41:54 3177288 ----a-w- c:\windows\system32\nvcuvid.dll
    2015-02-05 20:41:54 2839040 ----a-w- c:\windows\system32\nvapi.dll
    2015-02-05 20:41:54 27280 ----a-w- c:\windows\system32\nvhdap32.dll
    2015-02-05 20:41:54 24211456 ----a-w- c:\windows\system32\nvoglnt.dll
    2015-02-05 20:41:54 20457472 ----a-w- c:\windows\system32\nvcompiler.dll
    2015-02-05 20:41:54 128960 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2015-02-05 20:41:54 10759240 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2015-02-05 20:41:54 10657792 ----a-w- c:\windows\system32\nvopencl.dll
    2015-02-05 20:41:54 10600448 ----a-w- c:\windows\system32\nvcuda.dll
    2015-02-05 18:26:46 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2015-02-05 18:26:45 15724360 ----a-w- c:\windows\system32\nvcpl.dll
    2015-02-05 18:26:45 155792 ----a-w- c:\windows\system32\nvsvc32.exe
    2015-02-05 18:26:43 374928 ----a-w- c:\windows\system32\nvmctray.dll
    2015-02-05 18:26:43 142992 ----a-w- c:\windows\system32\nvcolor.exe
    2015-02-04 21:16:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-02-04 21:16:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-01-28 02:39:28 920064 ----a-w- c:\windows\system32\wininet.dll
    2015-01-28 02:39:28 420864 ----a-w- c:\windows\system32\vbscript.dll
    2015-01-28 02:39:27 43520 ------w- c:\windows\system32\licmgr10.dll
    2015-01-28 02:39:27 19456 ------w- c:\windows\system32\corpol.dll
    2015-01-28 02:39:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2015-01-28 01:01:00 385024 ------w- c:\windows\system32\html.iec
    2015-01-15 01:10:27 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-12-29 20:42:14 179968 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-08 21:33:20 325632 ----a-w- c:\windows\system32\scesrv.dll
    2014-12-06 07:29:09 733184 ----a-w- c:\windows\system32\userenv.dll
    2009-01-03 19:09:08 4865408 -c--a-w- c:\program files\Silverlight.2.0.exe
    2008-05-08 20:30:37 2869264 -c--a-w- c:\program files\dotNetFx35setup.exe
    2008-05-05 23:12:32 25827912 -c--a-w- c:\program files\wmp11-windowsxp-x86-nl-nl.exe
    2008-05-05 23:01:53 14126401 -c--a-w- c:\program files\klcodec-380b.exe
    2009-12-25 00:20:57 203776 -csh--w- c:\windows\system32\unrar.exe
    .
    ============= FINISH: 19:38:31,12 ===============

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-02-23 20:08:05
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3160815AS rev.3.AAC 149,05GB
    Running: kqpewg6w.exe; Driver: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\kfldifod.sys

    Comment


    • #3
      ---- System - GMER 2.1 ----

      SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0xB2D6A71C]

      ---- Kernel code sections - GMER 2.1 ----

      .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6CDC3C0, 0x7A6D2A, 0xE8000020]
      ? C:\WINDOWS\system32\PavTPK.sys Het systeem kan het opgegeven bestand niet vinden. !
      ? C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

      ---- User code sections - GMER 2.1 ----

      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7194000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719A000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7182000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!send 71A34C27 6 Bytes JMP 7197000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 718E000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 7188000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 717F000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 718B000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 7185000A
      .text C:\Program Files\Bonjour\mDNSResponder.exe[300] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7191000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1528] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe[1564] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AF0000
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[1680] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7193000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 7199000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7181000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!send 71A34C27 6 Bytes JMP 7196000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 718D000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!recv 71A3676F 6 Bytes JMP 719C000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 7187000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 717E000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 718A000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 7184000A
      .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7190000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe[2228] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7198000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719E000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7186000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!send 71A34C27 6 Bytes JMP 719B000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7192000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A1000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718C000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7183000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 718F000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 7189000A
      .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2456] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7195000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Citrix\ICA Client\concentr.exe[2520] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[3260] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Outlook Express\msimn.exe[3344] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Outlook Express\msimn.exe[3344] ws2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01D29AE0 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 01D0C434 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 01D0C150 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 01D0C330 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0272F60F C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01D2A9F0 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0272F5BE C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F42 C:\Program Files\Mozilla Firefox\mozglue.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!lstrlenW + 43 7C7D9AEC 7 Bytes JMP 02654AC3 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!MapViewOfFileEx + 6A 7C7DB9A0 2 Bytes JMP 02654AA0 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!MapViewOfFileEx + 6D 7C7DB9A3 4 Bytes [E7, 85, EB, F9] {OUT 0x85, EAX; JMP 0xfffffffd}
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] kernel32.dll!ValidateLocale + B648 7C814EE0 7 Bytes JMP 01D263D0 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] GDI32.dll!SetDIBitsToDevice + 20A 77E49E14 7 Bytes JMP 02654A21 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 0254B991 C:\Program Files\Mozilla Firefox\xul.dll
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7198000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719E000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7186000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!send 71A34C27 6 Bytes JMP 719B000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7192000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A1000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718C000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7183000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 718F000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 7189000A
      .text C:\Program Files\Mozilla Firefox\firefox.exe[3388] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7195000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7195000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719B000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7183000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!send 71A34C27 6 Bytes JMP 7198000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 718F000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 7189000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7180000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 718C000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 7186000A
      .text C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe[3432] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7192000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3788] ws2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn programma's\Apple\iTunesHelper.exe[3856] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 71A90001
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] kernel32.dll!CreateRemoteThread + 174 7C7E0670 4 Bytes JMP 71AD0000
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!sendto 71A32F51 6 Bytes JMP 7199000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!recvfrom 71A32FF7 6 Bytes JMP 719F000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!closesocket 71A33E2B 6 Bytes JMP 7187000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!connect 71A34A07 6 Bytes JMP 71AC000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!send 71A34C27 6 Bytes JMP 719C000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSARecv 71A34CB5 6 Bytes JMP 7193000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!recv 71A3676F 6 Bytes JMP 71A5000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSASend 71A368FA 6 Bytes JMP 718D000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSAStartup 71A36A55 6 Bytes JMP 7184000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSARecvFrom 71A3F66A 6 Bytes JMP 7190000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSASendTo 71A40AAD 6 Bytes JMP 718A000A
      .text C:\Documents and Settings\Eigenaar\Bureaublad\kqpewg6w.exe[3992] ws2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 7196000A

      Comment


      • #4
        ---- Devices - GMER 2.1 ----

        Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys

        AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS
        AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS
        AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS
        AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS

        ---- Registry - GMER 2.1 ----

        Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\[email protected] 0x65 0x2F 0x0B 0xE4 ...
        Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\[email protected] 0xFF 0x08 0xC8 0xFB ...
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] J:\Program Files\DAEMON Tools Lite\
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x9F 0x1D 0x9B 0xBB ...
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x5B 0x1D 0x5A 0x4E ...
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xD3 0x2A 0x64 0x60 ...
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{379C0397-B211-4310-B546-111DBA07341B}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{379C0397-B211-4310-B546-111DBA07341B}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{9F3A00BF-B4DA-4902-B91C-4ED6C553BAA7}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{9F3A00BF-B4DA-4902-B91C-4ED6C553BAA7}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{C0C27DBB-36DE-428A-975F-E3337FE5B34F}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{C0C27DBB-36DE-428A-975F-E3337FE5B34F}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{FB834574-A4D5-4871-97A4-09392C024F3D}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Control\Video\{FB834574-A4D5-4871-97A4-09392C024F3D}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] J:\Program Files\DAEMON Tools Lite\
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x9F 0x1D 0x9B 0xBB ...
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x5B 0x1D 0x5A 0x4E ...
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xD3 0x2A 0x64 0x60 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{379C0397-B211-4310-B546-111DBA07341B}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{379C0397-B211-4310-B546-111DBA07341B}\[email protected]D3D_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9F3A00BF-B4DA-4902-B91C-4ED6C553BAA7}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9F3A00BF-B4DA-4902-B91C-4ED6C553BAA7}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{C0C27DBB-36DE-428A-975F-E3337FE5B34F}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{C0C27DBB-36DE-428A-975F-E3337FE5B34F}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{FB834574-A4D5-4871-97A4-09392C024F3D}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{FB834574-A4D5-4871-97A4-09392C024F3D}\[email protected]_\x3332\x3331 2089113076
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] J:\Program Files\DAEMON Tools Lite\
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x9F 0x1D 0x9B 0xBB ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x5B 0x1D 0x5A 0x4E ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xD3 0x2A 0x64 0x60 ...

        ---- EOF - GMER 2.1 ----

        Comment


        • #5
          Een paar opmerkingen:

          Je werkt met een OS dat niet meer ondersteund wordt: XP

          Dit OS behandelen op malware is hetzelfde als dweilen met de kraan open. Nutteloos dus

          Een paar mogelijkheden opgesomd:

          - Of je koopt een nieuwe pc (ik kan me niet indenken dat een pc die draait op een XP geschikt is voor W 8.1)

          - Of je zet je XP machine offline. Dus niet aan het internet (dus ook niet verbonden met andere pc's via een router die wél op het internet kunnen).

          - Of (en dat is eveneens een mogelijkheid) je zet er Linux op (desnoods met Wine = Windows omgeving).
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment

          Working...
          X