Mededeling

Collapse
No announcement yet.

Malwareproblemen

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malwareproblemen

    Vorige week Odin gedownload vanaf deze site. Maar wat lijkt als een officiële website is gewoon een pagina die een download aanbiedt met rommel erin. Nu dus wat probleempjes.

    Logs volgende in de komende posts.

  • #2
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 25-3-2015
    Scantijd: 15:03:19
    Logbestand: Malwarebytes Log.txt
    Beheerder: Ja

    Versie: 2.01.4.1018
    Malware Gegevensbestand: v2015.03.25.04
    Rootkit Gegevensbestand: v2015.02.25.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x86
    Bestandssysteem: NTFS
    Gebruiker: Joeri

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 329313
    Verstreken Tijd: 9 m, 32 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 4
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3863030024-1632303380-3654552547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantaine, [febab594b5d58caaf5be82a66e95639d],
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\omniboxesSoftware, In Quarantaine, [4177da6f1d6d9b9bd00e48714ab95ba5],
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantaine, [c6f285c45c2ebe78a77c25a80300fa06],
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\omniboxes uninstall, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],

    Registerwaardes: 2
    PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com, In Quarantaine, [01b74207b6d47eb8e398ef59e81d8977]
    PUP.Optional.Conduit.A, HKU\S-1-5-21-3863030024-1632303380-3654552547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantaine, [c3f575d46b1fb5816ea56a48768d5ea2]

    Registerdata: 10
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts...4RXXXX9VP2V74R, Goed: (firefox.exe), Slecht: ("C:\Program Files\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts...74R),Vervangen,[d6e2cc7d7119191da400eaff9c69eb15]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts...4RXXXX9VP2V74R, Goed: (Chrome.exe), Slecht: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts...74R),Vervangen,[5761c3861e6c092dc4e36287cb3a24dc]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts...4RXXXX9VP2V74R, Goed: (iexplore.exe), Slecht: (C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts...74R),Vervangen,[f4c47bceb7d3092db2f37f6add280ef2]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}),Vervangen,[9d1bc7821b6fe55132f28d6b18ed48b8]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts...4RXXXX9VP2V74R, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/?type=hp&ts...74R),Vervangen,[645462e774168ea84dd730c8996c6d93]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts...4RXXXX9VP2V74R, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/?type=hp&ts...74R),Vervangen,[437599b0a7e31620b173a7513cc94eb2]
    PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}),Vervangen,[3a7e92b726647eb8d153d127778e8d73]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Goed: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Slecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Vervangen,[02b6b099751593a333dc7c7ac144f907]
    PUP.Optional.Omniboxes.A, HKU\S-1-5-21-3863030024-1632303380-3654552547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts...4RXXXX9VP2V74R, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/?type=hp&ts...74R),Vervangen,[e0d8f455fe8cdf570f16f6020302e917]
    PUP.Optional.Omniboxes.A, HKU\S-1-5-21-3863030024-1632303380-3654552547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts...4RXXXX9VP2V74R, Goed: (www.google.com), Slecht: (http://www.omniboxes.com/?type=hp&ts...74R),Vervangen,[487087c22d5d7fb743e226d20ef78878]

    Mappen: 11
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantaine, [6b4d74d5afdb0432240da9e436cd34cc],
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantaine, [6b4d74d5afdb0432240da9e436cd34cc],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\x86, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome\content, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome\skin, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],

    Bestanden: 60
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsk4C8E.exe, In Quarantaine, [9f19b198563439fd985492c38d7449b7],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsk4F4D.exe, In Quarantaine, [a8103c0d9dedf6401bd13c19d62bf20e],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsq7BA2.exe, In Quarantaine, [1e9a04458109a39308e463f2fa0706fa],
    PUP.Optional.Somoto, C:\Users\Joeri\AppData\Local\Temp\nss49FC.tmp, In Quarantaine, [793f68e1543681b5665d93c9b35212ee],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsa51CE.exe, In Quarantaine, [566290b90e7cc86e559787ce3ac71be5],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsa78D3.exe, In Quarantaine, [9a1e3019b1d9ea4c86665cf99b66f20e],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsf7549.exe, In Quarantaine, [36829bae622848ee13d993c2f60bdb25],
    PUP.Optional.SearchProtect.A, C:\Users\Joeri\AppData\Local\Temp\nsfDC9D.exe, In Quarantaine, [7f397ccd0684e15517d5a5b0cc3508f8],
    PUP.Optional.Conduit.A, C:\Users\Joeri\AppData\Local\Temp\uttB3D.tmp.exe, In Quarantaine, [1b9dad9c14762511c5571e2b19e8926e],
    PUP.Optional.Conduit.A, C:\Users\Joeri\AppData\Local\Temp\nsk19AB\SpSetup.exe, In Quarantaine, [48705aefccbebe78726ea3a7ac5546ba],
    PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN_01009.Wdf, In Quarantaine, [a41493b64a40d06669006455010206fa],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\searchplugins\omniboxes.xml , In Quarantaine, [f6c2242559319a9cc45ce5d5887bc33d],
    PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, In Quarantaine, [af0998b13357a88eaeae60607291a45c],
    PUP.Optional.CheckMeUp.A, C:\Windows\Tasks\CheckMeUp Update.job, In Quarantaine, [6157a7a23753db5b9c352b9ca65d7987],
    PUP.Optional.CheckMeUp.A, C:\Windows\System32\Tasks\CheckMeUp Update, In Quarantaine, [1b9dd079e9a1bd797e5413b4b0537e82],
    PUP.Optional.ReMarkable.A, C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantaine, [8b2d0e3b94f6c76f684a2d1325e05da3],
    PUP.Optional.ReMarkable.A, C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantaine, [a90ffc4dcfbb0c2a555d9ea2b055e11f],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\190.crx, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\190.dat, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\190.xpi, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\CheckMeUp.exe, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\j4CheckMeUpK09.dll, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\sqlite3.dll, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\x86\WdfCoInstaller01009.dll, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\x86\webinstr.inf, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.CheckMeUp.A, C:\Program Files\ver1CheckMeUp\x86\webTinstMKTN.sys, In Quarantaine, [e1d7480188023303a7bc2c78c142926e],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome.manifest, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\install.rdf, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome\content\toolbar.js, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome\content\toolbar.xul, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.SearchEngine.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\extensions\[email protected] il.com\chrome\skin\icon.png, In Quarantaine, [01b7a5a4e2a8fa3c0c2406a842c128d8],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\503.json, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\MessageBox.xml, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\uninstallDlg2.xml, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\UninstallManager.exe, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\bg.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\bg1.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\bk_shadow.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\button.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\button1.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\checkbox.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\checkbox_select.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\checked.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\close.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\loading_bg.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\loading_light.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\min.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\scrollbar.bmp, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\Thumbs.db, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\unchecked.png, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code1.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code2.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code3.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code4.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code5.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\code6.jpg, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\omniboxes\images\code\Thumbs.db, In Quarantaine, [01b76adf62281c1a6817426c3cc7ca36],
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Goed: (), Slecht: ( "homepage": "http://www.omniboxes.com/?type=hp&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R",), Vervangen,[15a3e1687119989e1dea7bb686800000]
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\prefs.js, Goed: (), Slecht: (user_pref("browser.startup.homepage", "http://www.omniboxes.com/?type=hp&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R"), Vervangen,[caee90b992f8cf67b74ca58c877f6d93]
    PUP.Optional.Omniboxes.A, C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\search.json, Goed: (), Slecht: (omniboxes), Vervangen,[b00805442862b2848f2eac8474922bd5]

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    Comment


    • #3
      # AdwCleaner v4.200 - Logbestand aangemaakt 02/04/2015 op 09:18:37
      # Laatste update 29/03/2015 door Xplode
      # Database : 2015-03-29.1 [Server]
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x86)
      # Gebruikersnaam : Joeri - JOERI-PC
      # Gestart vanuit : D:\Delladen\adwcleaner_4.200.exe
      # Optie : Verwijderen

      ***** [ Services ] *****

      [#] Service Verwijderd : vToolbarUpdater3.2.0

      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\AVG Secure Search
      Map Verwijderd : C:\ProgramData\AVG Security Toolbar
      Map Verwijderd : C:\ProgramData\8a0bbe7c000056a5
      Map Verwijderd : C:\Program Files\Common Files\AVG Secure Search
      Map Verwijderd : C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\Extensions\[email protected]
      Map Verwijderd : C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\Extensions\[email protected] tream.org
      Map Verwijderd : C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
      Bestand Verwijderd : C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
      Bestand Verwijderd : C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
      Bestand Verwijderd : C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\invalidprefs.js
      Bestand Verwijderd : C:\Users\Joeri\AppData\Roaming\Mozilla\Firefox\Profiles\xj2mry7d.default\searchplugins\avg-secure-search.xml
      Bestand Verwijderd : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
      Bestand Verwijderd : C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.omniboxes.com_0.localstorage
      Bestand Verwijderd : C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.omniboxes.com_0.localstorage-journal

      ***** [ Geplande taken ] *****


      ***** [ Snelkoppelingen ] *****

      Snelkoppeling Gedesinfecteerd : C:\Users\Public\Desktop\Google Chrome.lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Public\Desktop\Mozilla Firefox.lnk
      Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Joeri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Joeri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Joeri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Joeri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

      ***** [ Register ] *****

      Waarde Verwijderd : HKCU\Software\Mozilla\Firefox\Extensions [{144FFD1D-B12A-7965-E085-E8B7BA50E932}]
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
      Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      Sleutel Verwijderd : HKCU\Software\Mozilla\Extends
      Sleutel Verwijderd : HKLM\SOFTWARE\1c0214d9-864e-b8dc-4be4-1ae227f49dcf
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FCD70A1C-80F7-551C-A8D8-184A8470E77E}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCD70A1C-80F7-551C-A8D8-184A8470E77E}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCD70A1C-80F7-551C-A8D8-184A8470E77E}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Sleutel Verwijderd : HKCU\Software\AVG Secure Search
      Sleutel Verwijderd : HKCU\Software\Myfree Codec
      Sleutel Verwijderd : HKCU\Software\AceStream
      Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\CheckMeUp
      Sleutel Verwijderd : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
      Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
      Sleutel Verwijderd : HKLM\SOFTWARE\Myfree Codec
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\10DD0EF7-6379-7575-3A5A-546EF018272B
      Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

      ***** [ Webbrowsers ] *****

      -\\ Internet Explorer v11.0.9600.17689


      -\\ Mozilla Firefox v36.0.4 (x86 nl)

      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.searchengine.alias", "omniboxes");
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.searchengine.iconURL", "hxxp://www.omniboxes.com/favicon.ico");
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.searchengine.name", "omniboxes");
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.searchengine.url", "hxxp://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}");
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.selectedEngine", "omniboxes");
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("extensions.smarterwiki.add_extra_search_results", true);
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("extensions.smarterwiki.add_related_search_results", true);
      [xj2mry7d.default\prefs.js] - Regel Verwijderd : user_pref("extensions.smarterwiki.search_surfcanyon", false);

      -\\ Google Chrome v41.0.2272.101

      [C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7E5ED4A8-39B0-4FDF-BC7A-FD1B2387AC08&q={searchTerms}&SSPV=
      [C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [Search Provider] : hxxp://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}
      [C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Verwijderd [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
      [C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Verwijderd [Startup_URLs] : hxxp://www.omniboxes.com/?type=hp&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R
      [C:\Users\Joeri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Verwijderd [Default_Search_Provider_Data] : hxxp://www.omniboxes.com/web/?type=ds&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R&q={searchTerms}

      -\\ Chromium v


      *************************

      AdwCleaner[R0].txt - [8939 bytes] - [02/04/2015 09:17:33]
      AdwCleaner[S0].txt - [9106 bytes] - [02/04/2015 09:18:37]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9165 bytes] ##########

      Comment


      • #4
        DDS (Ver_2012-11-20.01) - NTFS_x86
        Internet Explorer: 11.0.9600.17689
        Run by Joeri at 15:25:45 on 2015-03-25
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2807.1380 [GMT 1:00]
        .
        AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
        .
        ============== Running Processes ================
        .
        c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
        C:\Program Files\AVG\AVG2015\avgcsrvx.exe
        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\System32\spoolsv.exe
        C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files\AVG\AVG2015\avgidsagent.exe
        C:\Program Files\AVG\AVG2015\avgwdsvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
        C:\Program Files\AVG\AVG2015\avgnsx.exe
        C:\Program Files\AVG\AVG2015\avgemcx.exe
        C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
        C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Windows\PixArt\Pac207\Monitor.exe
        C:\Program Files\AVG\AVG2015\avgui.exe
        C:\Program Files\AVG Web TuneUp\vprot.exe
        C:\Program Files\Dual Monitor\DualMonitor.exe
        C:\Users\Joeri\AppData\Local\FluxSoftware\Flux\flux.exe
        C:\Users\Joeri\AppData\Roaming\uTorrent\uTorrent.exe
        C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
        C:\Users\Joeri\AppData\Roaming\ACEStream\engine\ace_engine.exe
        C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe
        C:\Users\Joeri\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
        C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe
        C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
        C:\Windows\system32\ctfmon.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
        C:\Users\Joeri\AppData\Roaming\ACEStream\updater\ace_update.exe
        C:\Windows\system32\wuauclt.exe
        C:\Windows\servicing\TrustedInstaller.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\igfxsrvc.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k swprv
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = www.google.com
        uDefault_Page_URL = www.google.com
        mStart Page = www.google.com
        mSearch Page = www.google.com
        mDefault_Page_URL = www.google.com
        mDefault_Search_URL = www.google.com
        uProxyOverride = <local>;*.local
        uRun: [dualmonitor] c:\program files\dual monitor\DualMonitor.exe
        uRun: [AVG-Secure-Search-Update_0214c] c:\users\joeri\appdata\roaming\avg 0214c campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22e1072f91e847d2acb69128c086524e-0b336d67f77ab25d70645245546e936b3ca9a2d8 /CMPID=0214c
        uRun: [f.lux] "c:\users\joeri\appdata\local\fluxsoftware\flux\flux.exe" /noshow
        uRun: [uTorrent] "c:\users\joeri\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
        uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
        uRun: [AceStream] c:\users\joeri\appdata\roaming\acestream\engine\ace_engine.exe
        uRun: [Akamai NetSession Interface] "c:\users\joeri\appdata\local\akamai\netsession_win.exe"
        uRun: [AceWebException] c:\users\joeri\appdata\roaming\acewebextension\updater\ace_web_extension.exe
        mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
        mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
        mRun: [Persistence] c:\windows\system32\igfxpers.exe
        mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
        mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
        mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
        dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
        TCP: NameServer = 192.168.2.254 195.121.1.34 195.121.1.66
        TCP: Interfaces\{C32C0095-107F-4004-82D7-DF5C278452FA} : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
        Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\3.2.0\ViProtocol.dll
        Notify: igfxcui - igfxdev.dll
        SSODL: WebCheck - <orphaned>
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - c:\users\joeri\appdata\roaming\mozilla\firefox\profiles\xj2mry7d.default\
        FF - prefs.js: browser.search.selectedEngine - omniboxes
        FF - prefs.js: browser.startup.homepage - hxxp://www.omniboxes.com/?type=hp&ts=1427288959&from=obw&uid=ST31000528AS_9VP2V74RXXXX9VP2V74R
        FF - prefs.js: keyword.URL -
        FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
        FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
        FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
        FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
        FF - plugin: c:\programdata\nexoneu\ngm\npNxGameEU.dll
        FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
        FF - plugin: c:\users\joeri\appdata\roaming\acestream\player\npace_plugin.dll
        FF - plugin: c:\users\joeri\appdata\roaming\mozilla\firefox\profiles\xj2mry7d.default\extensions\battlefieldplay4 [email protected]\plugins\npBP4FUpdater.dll
        FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-11-18 154904]
        R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-2-3 265184]
        R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-2-5 107488]
        R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
        R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
        R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-2-24 224736]
        R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
        R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
        R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-2-25 210912]
        R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-9-1 42784]
        R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-3-5 243128]
        R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-3-6 3416016]
        R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-3-6 309232]
        R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2014-6-23 9216]
        R2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\3.2.0\ToolbarUpdater.exe [2014-9-1 1843736]
        R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-3-25 23256]
        R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-3-25 119512]
        R3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
        R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
        S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-3-25 1080120]
        S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-3-11 102912]
        S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-3-25 51928]
        S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2014-7-9 155824]
        S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-1 52224]
        S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2014-2-28 1343400]
        .
        =============== Created Last 30 ================
        .
        2015-03-25 14:03:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
        2015-03-25 14:02:54 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
        2015-03-25 14:02:54 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
        2015-03-25 14:02:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
        2015-03-25 14:02:54 -------- d-----w- c:\programdata\Malwarebytes
        2015-03-25 14:02:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
        2015-03-25 13:19:31 -------- d-----w- c:\programdata\8a0bbe7c000056a5
        2015-03-25 13:12:45 -------- d-sh--w- c:\users\joeri\appdata\local\EmieUserList
        2015-03-25 13:12:45 -------- d-sh--w- c:\users\joeri\appdata\local\EmieSiteList
        2015-03-25 13:12:45 -------- d-sh--w- c:\users\joeri\appdata\local\EmieBrowserModeList
        2015-03-25 13:09:09 -------- d-----w- c:\users\joeri\appdata\local\Opera Software
        2015-03-25 13:09:08 -------- d-----w- c:\users\joeri\appdata\roaming\Opera Software
        2015-03-25 08:56:01 -------- d-----w- c:\programdata\Sports Interactive
        2015-03-25 08:55:34 -------- d-----w- c:\users\joeri\appdata\roaming\Sports Interactive
        2015-03-25 08:49:26 -------- d-----w- c:\program files\Sports Interactive
        2015-03-25 08:49:25 -------- d--h--w- c:\program files\Zero G Registry
        2015-03-24 17:16:17 892928 ----a-w- c:\windows\system32\aeinv.dll
        2015-03-24 17:16:17 818176 ----a-w- c:\windows\system32\appraiser.dll
        2015-03-24 17:16:17 623616 ----a-w- c:\windows\system32\invagent.dll
        2015-03-24 17:16:17 534528 ----a-w- c:\windows\system32\generaltel.dll
        2015-03-24 17:16:17 327168 ----a-w- c:\windows\system32\devinv.dll
        2015-03-24 17:16:17 26112 ----a-w- c:\windows\system32\acmigration.dll
        2015-03-24 17:16:16 202752 ----a-w- c:\windows\system32\aepdu.dll
        2015-03-24 17:16:16 159744 ----a-w- c:\windows\system32\aepic.dll
        2015-03-11 14:44:05 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
        2015-03-11 14:42:59 374784 ----a-w- c:\windows\system32\AudioEng.dll
        2015-02-28 13:13:22 -------- d-----w- c:\users\joeri\appdata\roaming\AceWebExtension
        2015-02-25 18:32:55 635904 ----a-w- c:\windows\system32\perftrack.dll
        2015-02-25 18:32:55 27136 ----a-w- c:\windows\system32\powertracker.dll
        2015-02-25 18:32:54 76800 ----a-w- c:\windows\system32\wdi.dll
        2015-02-25 16:28:38 210912 ----a-w- c:\windows\system32\drivers\avgtdix.sys
        2015-02-24 15:46:06 224736 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
        .
        ==================== Find3M ====================
        .
        2015-03-06 05:15:20 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
        2015-03-06 05:15:20 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
        2015-03-06 05:10:34 172032 ----a-w- c:\windows\system32\wdigest.dll
        2015-03-06 05:10:30 65536 ----a-w- c:\windows\system32\TSpkg.dll
        2015-03-06 05:10:29 15872 ----a-w- c:\windows\system32\sspisrv.dll
        2015-03-06 05:10:29 100352 ----a-w- c:\windows\system32\sspicli.dll
        2015-03-06 05:10:26 248832 ----a-w- c:\windows\system32\schannel.dll
        2015-03-06 05:10:26 22016 ----a-w- c:\windows\system32\secur32.dll
        2015-03-06 05:10:22 259584 ----a-w- c:\windows\system32\msv1_0.dll
        2015-03-06 05:10:22 221184 ----a-w- c:\windows\system32\ncrypt.dll
        2015-03-06 05:10:18 550912 ----a-w- c:\windows\system32\kerberos.dll
        2015-03-06 05:10:18 1061376 ----a-w- c:\windows\system32\lsasrv.dll
        2015-03-06 05:10:11 17408 ----a-w- c:\windows\system32\credssp.dll
        2015-03-06 05:09:44 22528 ----a-w- c:\windows\system32\lsass.exe
        2015-03-06 05:09:31 50176 ----a-w- c:\windows\system32\auditpol.exe
        2015-03-06 05:07:50 60416 ----a-w- c:\windows\system32\msobjs.dll
        2015-03-06 05:07:43 146432 ----a-w- c:\windows\system32\msaudite.dll
        2015-03-06 05:06:20 686080 ----a-w- c:\windows\system32\adtschema.dll
        2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
        2015-02-20 04:13:52 26624 ----a-w- c:\windows\system32\lpk.dll
        2015-02-20 04:13:49 70656 ----a-w- c:\windows\system32\fontsub.dll
        2015-02-20 04:13:46 10240 ----a-w- c:\windows\system32\dciman32.dll
        2015-02-20 04:13:43 34304 ----a-w- c:\windows\system32\atmlib.dll
        2015-02-20 03:09:16 299008 ----a-w- c:\windows\system32\atmfd.dll
        2015-02-20 02:22:35 2724864 ----a-w- c:\windows\system32\mshtml.tlb
        2015-02-20 02:22:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
        2015-02-20 02:09:08 503296 ----a-w- c:\windows\system32\vbscript.dll
        2015-02-20 02:08:59 62464 ----a-w- c:\windows\system32\iesetup.dll
        2015-02-20 02:08:13 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
        2015-02-20 02:06:44 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
        2015-02-20 01:56:54 115712 ----a-w- c:\windows\system32\ieUnatt.exe
        2015-02-20 01:56:53 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
        2015-02-20 01:56:07 620032 ----a-w- c:\windows\system32\jscript9diag.dll
        2015-02-20 01:50:00 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
        2015-02-20 01:41:52 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
        2015-02-20 01:30:39 4300288 ----a-w- c:\windows\system32\jscript9.dll
        2015-02-20 01:24:21 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
        2015-02-20 01:23:19 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
        2015-02-20 01:01:25 1888256 ----a-w- c:\windows\system32\wininet.dll
        2015-02-17 15:04:46 1202848 ----a-w- c:\windows\system32\FM20.DLL
        2015-02-04 23:20:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
        2015-02-04 23:20:08 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
        2015-02-04 02:54:09 417792 ----a-w- c:\windows\system32\WMPhoto.dll
        2015-02-03 09:47:24 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys
        2015-02-03 03:16:31 3973048 ----a-w- c:\windows\system32\ntkrnlpa.exe
        2015-02-03 03:16:31 3917760 ----a-w- c:\windows\system32\ntoskrnl.exe
        2015-02-03 03:16:30 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
        2015-02-03 03:11:55 50176 ----a-w- c:\windows\system32\rrinstaller.exe
        2015-02-03 03:11:55 262656 ----a-w- c:\windows\system32\rstrui.exe
        2015-02-03 03:11:52 9728 ----a-w- c:\windows\system32\pcawrk.exe
        2015-02-03 03:11:52 8192 ----a-w- c:\windows\system32\pcalua.exe
        2015-02-03 03:11:48 23040 ----a-w- c:\windows\system32\mfpmp.exe
        2015-02-03 03:11:35 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
        2015-02-03 03:11:35 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
        2015-02-03 03:11:35 100864 ----a-w- c:\windows\system32\audiodg.exe
        2015-02-03 03:11:18 12625408 ----a-w- c:\windows\system32\wmploc.DLL
        2015-02-03 03:10:13 8704 ----a-w- c:\windows\system32\pcaevts.dll
        2015-02-03 03:09:03 2048 ----a-w- c:\windows\system32\mferror.dll
        2015-02-03 03:08:07 6656 ----a-w- c:\windows\system32\apisetschema.dll
        2015-02-03 03:00:23 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
        2015-02-03 02:26:42 50176 ----a-w- c:\windows\system32\drivers\appid.sys
        2015-01-30 23:56:12 370488 ----a-w- c:\windows\system32\drivers\cng.sys
        2015-01-27 23:36:23 1167520 ----a-w- c:\windows\system32\aitstatic.exe
        2015-01-17 02:30:42 828928 ----a-w- c:\windows\system32\msctf.dll
        .
        ============= FINISH: 15:25:57,20 ===============

        Comment


        • #5
          GMER 2.1.19357 - http://www.gmer.net
          Rootkit scan 2015-04-02 09:32:02
          Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC44 931,51GB
          Running: 2hrgpj70.exe; Driver: C:\Users\Joeri\AppData\Local\Temp\pgloypob.sys


          ---- System - GMER 2.1 ----

          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x9236C6E0]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x9236C800]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9236C010]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x9236C4D0]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x9236C300]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x9236C3E0]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9236C120]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9236C210]
          SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9236C5E0]

          ---- Kernel code sections - GMER 2.1 ----

          .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 82A929E5 1 Byte [06]
          .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACC312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
          .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82AD37DC 8 Bytes [E0, C6, 36, 92, 00, C8, 36, ...] {LOOPNZ 0xffffffc8; XCHG EDX, EAX; ADD AL, CL; XCHG EDX, EAX}
          .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82AD3824 4 Bytes [10, C0, 36, 92] {ADC AL, AL; XCHG EDX, EAX}
          .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 82AD3844 4 Bytes [D0, C4, 36, 92] {ROL AH, 0x1; XCHG EDX, EAX}
          .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82AD3AE4 8 Bytes [00, C3, 36, 92, E0, C3, 36, ...] {ADD BL, AL; XCHG EDX, EAX; LOOPNZ 0xffffffc9; XCHG EDX, EAX}
          .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82AD3AF4 8 Bytes [20, C1, 36, 92, 10, C2, 36, ...] {AND CL, AL; XCHG EDX, EAX; ADC DL, AL; XCHG EDX, EAX}
          .text ...

          ---- User code sections - GMER 2.1 ----

          .text C:\Users\Joeri\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe[1204] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe[1204] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe[1204] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[1824] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[1824] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[1824] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[2112] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[2112] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\Akamai\netsession_win.exe[2112] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\svchost.exe[2992] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\svchost.exe[2992] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\svchost.exe[2992] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\PixArt\Pac207\Monitor.exe[3008] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\PixArt\Pac207\Monitor.exe[3008] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\PixArt\Pac207\Monitor.exe[3008] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgui.exe[3040] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgui.exe[3040] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgui.exe[3040] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text D:\Delladen\2hrgpj70.exe[3080] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text D:\Delladen\2hrgpj70.exe[3080] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text D:\Delladen\2hrgpj70.exe[3080] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[3188] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[3188] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[3188] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3308] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3308] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3308] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3316] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3316] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3316] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3408] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3408] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3408] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchIndexer.exe[3700] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchIndexer.exe[3700] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchIndexer.exe[3700] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\ctfmon.exe[3736] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\ctfmon.exe[3736] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\ctfmon.exe[3736] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Dual Monitor\DualMonitor.exe[3796] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Dual Monitor\DualMonitor.exe[3796] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Dual Monitor\DualMonitor.exe[3796] KERNEL32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\FluxSoftware\Flux\flux.exe[3820] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\FluxSoftware\Flux\flux.exe[3820] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Local\FluxSoftware\Flux\flux.exe[3820] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wuauclt.exe[3844] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wuauclt.exe[3844] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wuauclt.exe[3844] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchProtocolHost.exe[3884] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchProtocolHost.exe[3884] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchProtocolHost.exe[3884] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\uTorrent\uTorrent.exe[3960] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\uTorrent\uTorrent.exe[3960] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\uTorrent\uTorrent.exe[3960] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!RegisterMessagePumpHook + 2F1 76148B9E 7 Bytes JMP 1003B000 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!PostMessageW + 43A 761548B5 7 Bytes JMP 1003AC50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!SetDlgItemTextA + 25 7616709F 7 Bytes JMP 1003ABC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!MessageBoxIndirectA + F5 7619E95E 7 Bytes JMP 1003AF50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!MessageBoxIndirectW + 61 7619E9C4 7 Bytes JMP 1003ADF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3972] USER32.dll!MessageBoxExA + 1F 7619E9E8 7 Bytes JMP 1003AF00 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
          .text C:\Users\Joeri\AppData\Roaming\ACEStream\engine\ace_engine.exe[3980] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\ACEStream\engine\ace_engine.exe[3980] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Users\Joeri\AppData\Roaming\ACEStream\engine\ace_engine.exe[3980] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[4012] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[4012] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[4012] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\wbem\wmiprvse.exe[4100] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\sppsvc.exe[4844] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\sppsvc.exe[4844] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\sppsvc.exe[4844] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtCreateFile 775D5608 5 Bytes JMP 5DF2F39A C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtFlushBuffersFile 775D5998 5 Bytes JMP 5DF2F0A2 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtQueryFullAttributesFile 775D6028 5 Bytes JMP 5DF2F157 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtReadFile 775D62F8 5 Bytes JMP 5DF2F2DF C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtReadFileScatter 775D6308 5 Bytes JMP 5E3B9BC8 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtWriteFile 775D6AA8 5 Bytes JMP 5DF2F53E C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtWriteFileGather 775D6AB8 5 Bytes JMP 5E3B9C18 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] ntdll.dll!LdrLoadDll 775F22AE 5 Bytes JMP 605298D2 C:\Program Files\Mozilla Firefox\mozglue.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 757994E6 7 Bytes JMP 5E3A4446 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] kernel32.dll!QueryPerformanceCounter + 13 7579C4E5 7 Bytes JMP 5E3A6171 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] kernel32.dll!LoadAppInitDlls + 355 7579F5A6 7 Bytes JMP 5E14EECB C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] USER32.dll!GetWindowInfo 76154B5E 5 Bytes JMP 5EEBA419 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\firefox.exe[4924] GDI32.dll!GetViewportOrgEx + 26C 766A884B 7 Bytes JMP 5E3A29F1 C:\Program Files\Mozilla Firefox\xul.dll
          .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4932] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4932] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4932] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] USER32.dll!RegisterMessagePumpHook + 2F1 76148B9E 7 Bytes JMP 5EDAEFF1 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] USER32.dll!IsDialogMessageW + 340 76154444 7 Bytes JMP 5EDAF0C3 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] USER32.dll!GetWindowInfo 76154B5E 5 Bytes JMP 5EDB1371 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5476] USER32.dll!ToUnicodeEx + 71 76162223 7 Bytes JMP 5EDAF997 C:\Program Files\Mozilla Firefox\xul.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5516] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5516] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5516] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateFile + 6 775D560E 4 Bytes [28, 88, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateFile + B 775D5613 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateKey + 6 775D564E 4 Bytes [68, 89, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateKey + B 775D5653 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateMutant + 6 775D568E 4 Bytes [68, 8A, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateMutant + B 775D5693 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateSection + 6 775D572E 4 Bytes [A8, 8A, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtCreateSection + B 775D5733 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtMapViewOfSection + B 775D5C73 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenFile + 6 775D5D1E 4 Bytes [68, 88, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenFile + B 775D5D23 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenKey + 6 775D5D4E 4 Bytes [A8, 89, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenKey + B 775D5D53 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenKeyEx + B 775D5D63 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenMutant + 6 775D5D9E 4 Bytes [28, 8A, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenMutant + B 775D5DA3 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcess + 6 775D5DCE 4 Bytes [68, 8B, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcess + B 775D5DD3 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcessToken + 6 775D5DDE 4 Bytes [A8, 8B, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcessToken + B 775D5DE3 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DEE 4 Bytes [68, 8C, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenProcessTokenEx + B 775D5DF3 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenSection + B 775D5E13 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThread + 6 775D5E4E 4 Bytes [28, 8B, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThread + B 775D5E53 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThreadToken + 6 775D5E5E 4 Bytes [28, 8C, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThreadToken + B 775D5E63 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThreadTokenEx + 6 775D5E6E 4 Bytes [A8, 8C, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtOpenThreadTokenEx + B 775D5E73 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtQueryAttributesFile + 6 775D5F7E 4 Bytes [A8, 88, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtQueryAttributesFile + B 775D5F83 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtQueryFullAttributesFile + B 775D6033 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtSetInformationFile + 6 775D667E 4 Bytes [28, 89, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtSetInformationFile + B 775D6683 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtSetInformationThread + B 775D66E3 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtUnmapViewOfSection + 6 775D69FE 4 Bytes [28, 8D, 07, 00]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtUnmapViewOfSection + B 775D6A03 1 Byte [E2]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] kernel32.dll!CreateProcessW 7575204D 5 Bytes JMP 00080030
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] kernel32.dll!CreateProcessA 75752082 5 Bytes JMP 00080070
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!ActivateKeyboardLayout 76148203 5 Bytes JMP 001104F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!ScreenToClient 7614A506 7 Bytes JMP 00110670
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!RegisterClipboardFormatA 7614C091 5 Bytes JMP 001102F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!RegisterClipboardFormatW 7614DF8D 5 Bytes JMP 001102B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!SetCursor 76153075 5 Bytes JMP 00110530
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!MonitorFromWindow 76153622 7 Bytes JMP 00110630
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!PostMessageW 7615447B 5 Bytes JMP 001105F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!IsWindowVisible 76154D69 7 Bytes JMP 001106B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClientRect 761554DD 7 Bytes JMP 001105B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!MapWindowPoints 76155CAA 5 Bytes JMP 00110570
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetParent 76156029 7 Bytes JMP 001106F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!EmptyClipboard 7616290C 5 Bytes JMP 00110130
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!SetClipboardData 76162962 5 Bytes JMP 00110170
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardData 76162BA7 5 Bytes JMP 00110030
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardFormatNameW 76165FD2 5 Bytes JMP 00110230
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!SetClipboardViewer 76166FF6 5 Bytes JMP 001104B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardFormatNameA 7616700A 5 Bytes JMP 00110270
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!ChangeClipboardChain 7617147C 5 Bytes JMP 00110430
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetTopWindow 761724D9 7 Bytes JMP 00110730
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!CloseClipboard 7617446C 5 Bytes JMP 001100B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!OpenClipboard 7617447E 5 Bytes JMP 00110070
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!IsClipboardFormatAvailable 761744FF 5 Bytes JMP 001100F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardSequenceNumber 76174513 5 Bytes JMP 00110330
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardOwner 76174525 5 Bytes JMP 00110370
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!CountClipboardFormats 7617470A 5 Bytes JMP 001101F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!EnumClipboardFormats 761747EC 5 Bytes JMP 001101B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetOpenClipboardWindow 7617480B 5 Bytes JMP 001103F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!SetCursorPos 7618C1B0 5 Bytes JMP 00110770
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetClipboardViewer 761A4AF7 5 Bytes JMP 00110470
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] user32.DLL!GetPriorityClipboardFormat 761A4BF9 5 Bytes JMP 001103B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!DeleteObject 766A5F14 5 Bytes JMP 001201B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SelectObject 766A6640 5 Bytes JMP 001205F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetTextColor 766A6906 5 Bytes JMP 00120A30
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetBkMode 766A69B1 5 Bytes JMP 001208F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!DeleteDC 766A6EAA 5 Bytes JMP 00120170
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetDeviceCaps 766A6F7F 5 Bytes JMP 001203B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!ExtSelectClipRgn 766A7114 5 Bytes JMP 001202F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SelectClipRgn 766A7242 5 Bytes JMP 001205B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetStretchBltMode 766A7705 5 Bytes JMP 001206B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetCurrentObject 766A7917 5 Bytes JMP 00120370
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextMetricsW 766A7B8F 5 Bytes JMP 00120E30
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextAlign 766A7DAF 5 Bytes JMP 00120D70
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!IntersectClipRect 766A7DFE 5 Bytes JMP 001203F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!ExtTextOutW 766A8192 5 Bytes JMP 00120970
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetTextAlign 766A828E 5 Bytes JMP 001209F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetClipBox 766A8525 5 Bytes JMP 00120330
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!MoveToEx 766A8C21 5 Bytes JMP 00120470
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!StretchDIBits 766AA53E 5 Bytes JMP 00120770
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!RestoreDC 766AA67B 5 Bytes JMP 00120530
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SaveDC 766AA74B 5 Bytes JMP 00120570
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextExtentPoint32W 766AB4B5 5 Bytes JMP 00120670
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextFaceW 766AB73A 2 Bytes JMP 00120D30
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextFaceW + 3 766AB73D 2 Bytes [A7, 89]
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetFontData 766ABCC4 5 Bytes JMP 00120C70
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetWorldTransform 766AC90A 5 Bytes JMP 001206F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!CreateDCA 766ACCA9 5 Bytes JMP 001200B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!CreateDCW 766ACF79 5 Bytes JMP 001200F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!CreateICW 766ACFD0 5 Bytes JMP 00120130
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextMetricsA 766AD0F2 5 Bytes JMP 00120DF0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!Rectangle 766AF1E7 5 Bytes JMP 001209B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!LineTo 766AF583 5 Bytes JMP 00120430
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetICMMode 766AFA8C 5 Bytes JMP 00120DB0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!ExtTextOutA 766B0D08 5 Bytes JMP 00120930
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextExtentPoint32A 766B1167 5 Bytes JMP 00120630
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!ExtEscape 766B2D31 5 Bytes JMP 001202B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!Escape 766B33E8 5 Bytes JMP 00120270
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!ResetDCW 766B3A83 5 Bytes JMP 00120AB0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!EndPage 766B40C2 5 Bytes JMP 00120230
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetPolyFillMode 766B67C9 5 Bytes JMP 00120B30
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SetMiterLimit 766B6985 5 Bytes JMP 00120B70
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetTextFaceA 766C0D12 5 Bytes JMP 00120CF0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!GetGlyphOutlineW 766CC32A 5 Bytes JMP 00120CB0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!CreateScalableFontResourceW 766CE987 5 Bytes JMP 00120BB0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!AddFontResourceW 766CED83 5 Bytes JMP 00120BF0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!RemoveFontResourceW 766CF279 5 Bytes JMP 00120C30
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!AbortDoc 766D4E79 5 Bytes JMP 00120030
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!EndDoc 766D52C0 5 Bytes JMP 001201F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!StartPage 766D53AB 5 Bytes JMP 00120730
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!StartDocW 766D5DC6 5 Bytes JMP 001207F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!BeginPath 766D656D 5 Bytes JMP 00120830
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!SelectClipPath 766D65C4 5 Bytes JMP 00120AF0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!CloseFigure 766D661F 5 Bytes JMP 00120070
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!EndPath 766D6676 5 Bytes JMP 00120A70
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!StrokePath 766D68A9 5 Bytes JMP 001207B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!FillPath 766D6936 5 Bytes JMP 00120870
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!PolylineTo 766D6DA4 5 Bytes JMP 001204F0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!PolyBezierTo 766D6E35 5 Bytes JMP 001204B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] GDI32.dll!PolyDraw 766D6EE7 5 Bytes JMP 001208B0
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ole32.dll!OleSetClipboard 75C20045 5 Bytes JMP 00140030
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ole32.dll!OleIsCurrentClipboard 75C236B2 5 Bytes JMP 00140070
          .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[5540] ole32.dll!OleGetClipboard 75C4FDCD 5 Bytes JMP 001400B0
          .text C:\Windows\system32\SearchFilterHost.exe[6060] ntdll.dll!NtMapViewOfSection 775D5C68 5 Bytes JMP 6A731460 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchFilterHost.exe[6060] ntdll.dll!NtWriteVirtualMemory 775D6AD8 5 Bytes JMP 6A731120 C:\Program Files\AVG\AVG2015\avghookx.dll
          .text C:\Windows\system32\SearchFilterHost.exe[6060] kernel32.dll!CreateProcessInternalW 757A0852 5 Bytes JMP 6A731260 C:\Program Files\AVG\AVG2015\avghookx.dll

          ---- Devices - GMER 2.1 ----

          AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
          AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
          AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

          ---- Registry - GMER 2.1 ----

          Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
          Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\[email protected] 144

          ---- EOF - GMER 2.1 ----

          Comment


          • #6
            Download of Update Ccleaner

            Start CCleaner op.
            • Run Ccleaner en klik in de linkse kolom op Opties
            • Selecteer het tabblad Geavanceerd
            • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
            • Selecteer het tabblad Instellingen
            • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
            • Klik in de linkse kolom op Cleaner.
            • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
            • Klik vervolgens in de linkse kolom op Register
            • Klik op Scan naar problemen.
            • Op de vraag of je een backup wil maken van het register, klik je "Ja".
            • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

            .


            Firefox terugzetten naar de standaardtoestand:
            • Klik op de menuknop en klik daarna op Help .
            • Kies Probleemoplossingsinformatie vanuit het menu Help.
              • Als u het menu Help niet kunt benaderen, typ dan about:support in uw locatiebalk om de pagina Probleemoplossingsinformatie zichtbaar te maken.
            • Klik in de rechterbovenhoek van de pagina Probleemoplossingsinformatie op de knop Firefox herinitialiseren….
            • Klik in het bevestigingsvenster dat verschijnt op Firefox herinitialiseren om verder te gaan.
            • Firefox zal worden gesloten en opnieuw worden ingesteld. Zodra dit is gebeurd, zal een venster de geïmporteerde gegevens weergeven. Klik op Voltooien en Firefox zal worden geopend.



            Zet je beveiliging tijdelijk uit.
            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

            Download TDSSKiller en plaats het op je bureaublad.
            .
            • Pak de bestanden in tdsskiller.zip uit.
            • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
            • Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit (Load update).
            • Klik op de knop "Start Scan" en volg de instructies.
            • Zet de items dat het vind in quarantaine

            .
            Als er een Reboot (herstart) wordt gevraagt, dan klik je op Reboot Now.
            Anders klik je op Report.
            Kopie en plak de logfile die tevoorschijn komt.

            Opmerking: Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Wil het lukken?
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Bij gebrek aan feedback zet ik dit topic op opgelost.

                Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                Dit is gedaan om het forum netjes en overzichtelijk te houden.

                Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


                Emphyrio
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Is niet opgelost. Ben op dit ogenblik met je feedback bezig. Post volgt zometeen :-) .

                  Comment


                  • #10
                    In de bijlage het log van TDSSKiller. De tekst was te lang om te mogen plaatsen.
                    Bijgevoegde Bestanden

                    Comment


                    • #11
                      Graag wat s,neller reageren aub.
                      Bij wijze van uitzondering gaan we verder....


                      Download Combofix naar je bureaublad.
                      (Dus niet naar een download map of temp map)

                      Extra nota... Zorg ervoor dat je Security software uitgeschakeld is tijdens het gebruik van Combofix.
                      Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                      Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                      Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                      Als Combofix vraagt om een update, dan staat je dit toe.

                      Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                      Deze kan je vinden als C:\combofix.txt.

                      Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                      * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                      • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                      • Illegal operation attempted on a registry key that has been marked for deletion.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Wil het lukken?
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Bij gebrek aan feedback zet ik dit topic op opgelost.

                          Emphyrio
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment

                          Working...
                          X