Het is nu za mei 25, 2013 4:13 am

Forumoverzicht » Algemene Hard- en Software problemen » Software

Alle tijden zijn GMT + 1 uur [ Zomertijd ]

Forumregels


Plaats hier a.u.b. geen RSIT/DDS/HijackThis logjes!
Dit kan je wel doen in de daarvoor bestemde sectie van het forum.



Antwoord op onderwerp  Pagina 2 van 3
  [ 42 berichten ]  Ga naar pagina Vorige  1, 2, 3  Volgende
  Afdrukweergave Vorig onderwerp | Volgend onderwerp 
Auteur Bericht
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 12:42 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Ik ben benieuwd of jij IE8 kan verwijderen?

Ga naar Configuratiescherm\Software en kijk in de Windows updates of daar IE8 aanwezig is en of deze zich laat verwijderen.

Was hiervoor IE7 geïnstalleerd, dan zal na een reboot IE7 beschikbaar zijn en anders IE6.
Wat dan interessant wordt, is of er dan nog steeds een hoog CPU gebruik ontstaat.

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 5:35 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

Ik heb IE8 verwijderd, maar er is geen verbetering merkbaar. Het CPU-gebruik van iexplorer.exe blijft erg hoog.
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 7:15 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Wat is dat toch met jouw Windows?

We gaan iets heel anders proberen nu.
Namelijk: herinstalleer Service Pack 3 voor Windows XP.
Oorspronkelijk werden meer dan 900 fouten door dit pakket in Windows XP gerepareerd.
Nu gebruiken we de installatie ervan om vooral ervoor te zorgen dat bestanden inderdaad gerepareerd en vernieuwd worden!

Ga daarom naar http://www.microsoft.com/downloads/nl-n ... layLang=nl om Windows XP Service Pack 3 te downloaden (306 MB).

Voordat je met de installatie van dat pakket begint, verdient het aanbeveling F-Secure te deaktiveren!

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 9:30 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

Na het herinstalleren van Service Pack 3 voor Windows XP blijft het CPU-gebruik (iexplore.exe) nog steeds erg hoog.
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 10:10 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Er moet iets in jouw Windows zitten, dat dit veroorzaakt.

Ik wil graag dat je de oude OTL.com verwijderd van het bureaublad, vervolgens de prullenbak leegt en dan weer onderstaande uitvoert, waarbij de antivirussektie van F-Secure gedaktiveerd is!

download OTL naar je Bureaublad

OTL.com gebruiken:
  • Notabene: Sluit nu eerst alle andere nog openstaande programmavensters!
  • Het programma opstarten middels dubbelklikken op OTL.com.
  • Start verder geen andere programma's op en laat het programma ongestoord zijn werk doen.
  • Zet een vinkje bij Scan All Users.
  • Klik op de knop Quick Scan.
  • Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef.
  • De scan zal niet heel erg lang duren.
    • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is.
    • OTL.Txt en Extras.Txt. Deze twee tekstbestanden zijn opgeslagen in dezelfde locatie als OTL.
    • Kopieer en plak de inhoud van het OTL.Txt als eerste in je aansluitende bericht.
    • Kopieer en plak tevens de inhoud van Extras.Txt vervolgens er bij.
  • OTL produceert behoorlijk grote logs, dus kan het gebeuren, dat je het log in twee of meerdere keren moet posten.

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 10:25 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Abraham,

OTL heeft ook nog een map aangemaakt met de naam _OTL, hierin zit weer een map genaamd MovedFiles. Is het de bedoeling dat ik die ook verwijder alvorens ik OTL opnieuw ga downloaden?
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 10:48 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Laat die maar staan voor het moment.

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 11:24 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

Er is maar een van de twee kladblok-vensters geopend en dat is OTL.txt. Het andere kladblok-venster heb ik maar een keer gezien en dat was toen ik het programma OTL voor de eerste keer gebruikte. Nu was het er weer niet.

Hier is de log met de naam OTL.txt

OTL logfile created on: 10-3-2012 22:08:12 - Run 6
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,40% Memory free
2,60 Gb Paging File | 2,28 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,45 Gb Total Space | 25,40 Gb Free Space | 34,12% Space Free | Partition Type: NTFS

Computer Name: LAKKIE | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-10 21:25:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.com
PRC - [2012-01-23 08:13:14 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\FWES\program\fsdfwd.exe
PRC - [2012-01-23 07:30:15 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe
PRC - [2012-01-23 07:30:13 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32.exe
PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-08-05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
PRC - [2009-08-05 16:58:50 | 000,076,384 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Common\FSLAUNCH.EXE
PRC - [2009-08-05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-01-23 07:31:12 | 000,030,888 | ---- | M] () -- C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2012-01-23 07:30:13 | 000,768,712 | ---- | M] () -- C:\Program Files\Internetbeveiliging\Anti-Virus\fm4av.dll
MOD - [2009-08-05 16:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\Internetbeveiliging\Spam Control\fsas.dll
MOD - [2009-08-05 16:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\internetbeveiliging\hips\fshook32.dll
MOD - [2009-08-05 16:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\internetbeveiliging\hips\fsumi.dll
MOD - [2009-02-27 18:13:06 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.NLD
MOD - [2005-10-07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (aawservice)
SRV - [2012-01-23 08:13:14 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012-01-23 07:33:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-08-05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE -- (FSMA)
SRV - [2009-08-05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (xpsec)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TVICHW32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDTHOOK)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Stopped] -- -- (pavboot)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012-01-23 08:19:01 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2012-01-23 07:35:14 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2012-01-23 07:31:25 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009-08-05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2006-11-10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006-07-31 21:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FilmScan.sys -- (APL531)
DRV - [2005-08-10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2002-08-15 14:27:04 | 000,011,721 | ---- | M] (SMaL Camera Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smallogi.sys -- (SMALUSB)
DRV - [2001-08-22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\..\SearchScopes,DefaultScope = {91216286-0DA8-4836-8C4F-FBFE3C1C9AED}
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\..\SearchScopes\{91216286-0DA8-4836-8C4F-FBFE3C1C9AED}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-343818398-57989841-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Internetbeveiliging\NRS\litmus-ff@f-secure.com [2012-03-09 07:56:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012-03-09 12:30:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Internetbeveiliging\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe (F-Secure Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-343818398-57989841-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} https://www.p3.postbank.nl/sesam/CAX.cab (CryptoRSA Control)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/ms ... b27571.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Value error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/sr ... ab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/Mi ... b27571.cab (Minesweeper Flags Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... t/opuc.cab (Office Update Installation Engine)
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} http://www.ziggo.nl/f-secure/systemchec ... ysInfo.cab (PlaNet SysInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemprof ... ProExe.CAB (WMI Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 6935634843 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/house ... hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab (HouseCall Besturing)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/viru ... ebscan.cab (WScanCtl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b27571.cab (MessengerStatsClient Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 3327546296 (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsecurity.com/trojanscan/axscan.cab (ASquaredScanForm Element)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF771E44-3B3E-4EE2-B699-6376B42C7C8C}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-04-04 14:55:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-10 21:27:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-03-10 21:25:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.com
[2012-03-10 19:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012-03-10 19:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012-03-10 16:55:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-03-09 12:01:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-03-08 20:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Application Data\Gena01
[2012-03-02 13:04:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-02-11 12:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\Doorlooptijden
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-10 22:01:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A197408-3705-4F11-B57C-177D2AD69752}.job
[2012-03-10 21:25:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.com
[2012-03-10 20:16:42 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Internet.lnk
[2012-03-10 20:03:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-10 20:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-10 12:04:09 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Word.lnk
[2012-03-10 07:00:58 | 000,000,522 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2012-03-09 12:58:43 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Hotmail.url
[2012-03-09 12:30:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-03-06 20:55:22 | 000,046,273 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\arma37 de centuriontank in nederlandse dienst.pdf
[2012-03-06 16:07:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120309-071321.backup
[2012-03-01 20:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120302-073217.backup
[2012-02-17 07:57:45 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120224-074908.backup
[2012-02-16 18:43:43 | 000,288,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-16 18:24:47 | 000,535,422 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-02-16 18:24:47 | 000,467,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-02-16 18:24:47 | 000,102,892 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-02-16 18:24:47 | 000,083,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-02-12 09:25:20 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-02-10 08:52:08 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120217-075745.backup
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-09 13:18:46 | 000,772,998 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\tramps cd.jpg
[2012-03-06 20:55:22 | 000,046,273 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\arma37 de centuriontank in nederlandse dienst.pdf
[2012-02-16 16:29:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-16 16:29:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012-01-23 07:25:08 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011-08-09 19:33:18 | 000,653,176 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011-08-09 19:33:18 | 000,003,411 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Shorten Codec.dat
[2010-12-30 14:49:32 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2010-05-13 11:32:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010-05-13 11:32:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

========== LOP Check ==========

[2012-01-23 07:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012-01-23 07:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2004-04-11 16:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011-07-03 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2006-01-23 18:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{9E3A8735-9ABB-468A-A982-A50862FC9AB3}
[2012-03-02 09:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Belastingdienst
[2012-03-05 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\BitTorrent
[2008-05-09 12:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\BitTorrent DNA
[2006-08-05 09:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\BPFTP
[2010-07-30 12:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2009-03-14 13:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\CoSoSys
[2008-01-18 18:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\dBpoweramp
[2009-12-04 18:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\DNA
[2012-01-29 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\ElevatedDiagnostics
[2009-12-01 16:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\F-Secure
[2010-05-14 11:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Gearbox Software
[2012-03-08 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Gena01
[2004-04-07 15:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Leadertech
[2010-04-30 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\PowerMp3WmaConverter
[2007-04-25 13:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Serif
[2006-01-23 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Seven Zip
[2008-05-20 16:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Uniblue
[2008-09-15 11:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\uTorrent
[2012-03-10 07:00:58 | 000,000,522 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2012-03-10 22:01:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A197408-3705-4F11-B57C-177D2AD69752}.job

========== Purity Check ==========



< End of report >
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: za maart 10, 2012 11:42 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Ik vind nu deze map: C:\WINDOWS\ie8.
Jouw bekend?

Weet je nog ongeveer wanneer dat probleem met IE is begonnen?

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 8:50 am 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

De map IE8 is mij bekend. Ik heb IE8 weer op mijn computer gezet. Ik heb een rootkit probleem gehad en toen is het volgens mij begonnen. Door de rootkit is mijn virusscanner vastgelopen en nadien is het CPU-gebruik op mijn computer erg hoog geworden. viewtopic.php?f=34&t=32386
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 11:24 am 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Wil jij GMER dan weer eens uitvoeren?

Want wie weet.....

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 3:46 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

GMER nog een keer uitgevoerd en hier is het logje

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-11 14:41:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: gmer.exe; Driver: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\pxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xB9F8ECD6]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xB9F8ECF0]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xB9F8DE8C]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xB9F8E1BC]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xB9F8DBCC]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xB9F8E5EE]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xB9F8F88C]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xB9F8E43E]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xB9F8DA4C]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xB9F8DEC0]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xB9F8E042]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xB9F8D9A6]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xB9F8DB06]
SSDT \??\C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xB9F8DF86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, DA, F8, B9, C0, DE, F8, ...]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9455340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064000C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0064100C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0064200C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0064300C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0064700C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0064500C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0064600C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0064800C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0064400C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0064A00C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[324] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 0064900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0062200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0062300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0062700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0062500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0062600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0062800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0062400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[336] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0062900C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B6100C
.text C:\WINDOWS\system32\nvsvc32.exe[356] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00B6200C
.text C:\WINDOWS\system32\nvsvc32.exe[356] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 00B6300C
.text C:\WINDOWS\system32\nvsvc32.exe[356] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00B6400C
.text C:\WINDOWS\system32\nvsvc32.exe[356] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 00B6A00C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 00B6700C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 00B6500C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 00B6600C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00B6800C
.text C:\WINDOWS\system32\nvsvc32.exe[356] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 00B6900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025E000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 025E100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 025E200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 025E300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 025E700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 025E500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 025E600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 025E800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 025E900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 025E400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[524] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 025EA00C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008F000C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008F100C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 008F200C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 008F300C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 008F700C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 008F500C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 008F600C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 008F800C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 008F900C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 008F400C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[568] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 008FA00C
.text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F4000C
.text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F4100C
.text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00F4200C
.text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 00F4300C
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 00F4700C
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 00F4500C
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 00F4600C
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00F4800C
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00F4400C
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 00F4A00C
.text C:\WINDOWS\system32\winlogon.exe[660] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 00F4900C
.text C:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D3000C
.text C:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D3100C
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00D3200C
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 00D3300C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 00D3700C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 00D3500C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 00D3600C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00D3800C
.text C:\WINDOWS\system32\lsass.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00D3400C
.text C:\WINDOWS\system32\lsass.exe[716] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 00D3A00C
.text C:\WINDOWS\system32\lsass.exe[716] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 00D3900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0062200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0062300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0062700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0062500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0062600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0062800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0062400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[784] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0062900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0158000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0158100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0158200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0158300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0158700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0158500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0158600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0158800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0158400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0158A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1072] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 0158900C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C8000C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C8100C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00C8200C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 00C8300C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 00C8700C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 00C8500C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 00C8600C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00C8800C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00C8400C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] USER32.dll!DdeConnect 7E3D81C3 3 Bytes JMP 00C8A00C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] USER32.dll!DdeConnect + 4 7E3D81C7 1 Byte [82]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1624] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 00C8900C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009B000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009B100C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 009B200C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 009B300C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 009B700C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 009B500C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 009B600C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 009B800C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417553AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417551B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41755214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41755412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 009BA00C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41755276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 009B900C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1916] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41755717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0243000C
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0243100C
.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0243200C
.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0243300C
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0243700C
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0243500C
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0243600C
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0243800C
.text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0243400C
.text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0243A00C
.text C:\WINDOWS\Explorer.EXE[1960] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 0243900C
.text C:\Program Files\Internetbeveiliging\Common\FSM32.EXE[2208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 028B000C
.text C:\Program Files\Internetbeveiliging\Common\FSM32.EXE[2208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 028B100C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009B000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009B100C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 009B200C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 009B300C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 009B700C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 009B500C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 009B600C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 009B800C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 009B400C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417553AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417551B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41755214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41755412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 009BA00C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41755276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2352] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 009B900C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] kernel32.dll!TerminateThread 7C7ECB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] USER32.dll!DdeConnect 7E3D81C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ADVAPI32.dll!CloseServiceHandle 77F56CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ADVAPI32.dll!OpenServiceW 77F56FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ADVAPI32.dll!ControlService 77F64A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3732] ole32.dll!CoCreateInstanceEx 774BF164 5 Bytes JMP 0038A00C

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BBF6BB3-15DF-3563-6889-508006353117}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BBF6BB3-15DF-3563-6889-508006353117}@oagobbghcffodklnhjlknkpniklack 0x64 0x61 0x67 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BBF6BB3-15DF-3563-6889-508006353117}@oacnjbkjknbldbbiifcpilblbjcmme 0x6A 0x61 0x67 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BBF6BB3-15DF-3563-6889-508006353117}@namnhlljmandbbffgkohmkoabkio 0x6A 0x61 0x67 0x61 ...

---- EOF - GMER 1.0.15 ----
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 5:19 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Gmer oogt goed.
Heel jammer dat je begin dit jaar TDSSKiller kompleet hebt verwijderd.
Want ik denk dat we dan veel meer hadden/hebben geweten indien het verwijderlog nog had bestaan.

Vertel eens hoe lang deze Windows eigenlijk al draait.

En doe het volgende: klik met rechts op Deze computer en kies voor Beheren.
In het nieuwe venster klik je in de linkerkolom op Schijfbeheer.

Indien jij daar een geheime partitie ziet, meldt dit dan en meldt ook hoe groot deze partitie is.

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
lakkie61
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 5:54 pm 
Offline
Lid

Geregistreerd: vr aug 08, 2008 10:57 am
Berichten: 102
Hoi Abraham,

Deze Windows draait al zo een jaar of 9.

Ik heb bij schijfbeheer geen geheime partitie gevonden.
Omhoog
 Profiel  
 
Abraham54
 Berichttitel: Re: CPU-gebruik 100%
BerichtGeplaatst: zo maart 11, 2012 6:20 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: ma feb 15, 2010 10:00 pm
Berichten: 4584
Woonplaats: Grootste stad vanTwente
Besturingssysteem: Windows 7 x64 Professional
Bescherming: Avast 8 & OnlineArmor
Tsjonge, alweer negen jaar.

Is Windows met jouw PC meegekomen?
Of heb je ook een installatieCD ervan?

_________________
Blijf jezelf; er zijn genoeg anderen.

Afbeelding
Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Antwoord op onderwerp  Pagina 2 van 3
  [ 42 berichten ]  Ga naar pagina Vorige  1, 2, 3  Volgende

Forumoverzicht » Algemene Hard- en Software problemen » Software

Alle tijden zijn GMT + 1 uur [ Zomertijd ]

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 2 gasten

Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling