Mededeling

Collapse
No announcement yet.

2 infecties die ik niet verwijderd krijg

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • 2 infecties die ik niet verwijderd krijg

    Beste lezer,

    Allereerst bedankt dat je aandacht aan mijn probleem wilt besteden.
    Als ik mijn pc met Malwarebytes Antimalware scan, geeft hij als hij gereed is aan dat er 2 infecties zijn gevonden. Deze vinkt hij allebei aan om te verwijderen. Als ik ze heb verwijderd moet ik de pc opnieuw opstarten. Als ik na de herstart de scan opnieuw uitvoer detecteert hij opnieuw dezelfde infecties. Ook gebeurd het regelmatig dat de pc met een heel ander opstartscherm begint. Een soort van bureaublad van ASUS zelf, waarbij ik dan een knop moet aanklikken om voor een ander besturingssysteem te kiezen. Hierna krijg ik dan wel weer het normale windows7 opstartscherm.
    Hieronder de diverse logbestanden:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.12.24.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Rob :: ASUS-LAPTOP-ROB [administrator]

    25-12-2013 11:42:32
    mbam-log-2013-12-25 (11-42-32).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 251972
    Verstreken tijd: 10 minuut/minuten, 41 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 2
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by Rob at 12:08:08 on 2013-12-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4001.2171 [GMT 1:00]
    .
    AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ExpressGateUtil\VAWinService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\AsScrPro.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\ExpressGateUtil\VAWinAgent.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\WebCam\S6000\S6000Mnt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Page_URL = hxxp://asus.msn.com
    uWindows: Load = C:\Users\Rob\LOCALS~1\Temp\msbyixm.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO.dll
    TB: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
    mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-0018-0413-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{164EFCC1-732A-495C-BB0F-42FC74A244D8} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D} : DHCPNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454 : DHCPNameServer = 195.175.39.39 195.175.39.40
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F523 : DHCPNameServer = 10.11.10.1 195.175.39.39 195.175.39.40
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F543 : DHCPNameServer = 195.175.39.39 195.175.39.40
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\3596475636F6D6833463332303 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\3707F627478616C6 : DHCPNameServer = 192.168.1.254 82.197.196.182 82.197.196.183
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
    x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-3-25 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-3-25 15920]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-26 30496]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-22 283200]
    R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-2-17 66040]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-17 379520]
    R2 APNMCP;Ask-updateservice;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-8-16 164816]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
    R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-11-14 121616]
    R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-2-17 178048]
    R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
    R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
    R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-17 1017016]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-17 219272]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-17 182752]
    R2 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-17 2656280]
    R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-12 129024]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-2-25 302592]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-2-25 81920]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-12 317440]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
    R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-17 428136]
    R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\System32\drivers\S6000KNT.sys [2011-4-12 190232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-11 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-11 9096]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-10 1432400]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-17 197704]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-4-13 332272]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-17 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-12-25 09:41:00 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B2193A4-4828-41B5-8BC5-2FF58D0F5A99}\mpengine.dll
    2013-12-17 03:06:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-12-15 02:00:27 -------- d-----w- C:\51fca232d7541abcc3ef
    2013-12-12 02:05:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2013-12-12 02:05:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2013-12-12 02:05:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2013-12-12 02:05:13 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2013-12-12 00:14:24 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2013-12-12 00:13:59 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    .
    ==================== Find3M ====================
    .
    2013-12-25 11:00:18 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2013-12-10 22:40:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-10 22:40:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-11-04 15:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2013-11-04 15:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2013-11-04 15:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
    2013-11-04 15:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2013-11-04 15:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2013-11-04 15:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2013-11-04 15:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-10-23 14:11:22 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
    2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
    2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 12:08:55,16 ===============

    Hierna in een nieuw bericht de log van GMER



    Alvast bedankt voor de moeite en fijne dagen.
    Groeten,
    Rob

  • #2
    En dan nu de log van GMER in 3 keer:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-25 12:32:41
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
    Running: 0z9zng9p.exe; Driver: C:\Users\Rob\AppData\Local\Temp\kwniqpoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037fa000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800037fa011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
    .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767a1465 2 bytes [7A, 76]
    .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767a14bb 2 bytes [7A, 76]
    .text ... * 2
    .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2624] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000770a6f80 5 bytes JMP 000000016c05f140
    .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2624] C:\Windows\system32\kernel32.dll!LoadLibraryA 00000000770a7070 5 bytes JMP 000000016c05f020
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef661dc88 5 bytes JMP 000007fff64100d8
    .text C:\Windows\system32\Dwm.exe[2260] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef661de10 5 bytes JMP 000007fff6410110
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Windows\system32\taskeng.exe[2028] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Windows\system32\taskeng.exe[3316] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767a1465 2 bytes [7A, 76]
    .text C:\Windows\AsScrPro.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767a14bb 2 bytes [7A, 76]
    .text ... * 2
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Windows\SysWOW64\ACEngSvr.exe[3920] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4368] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4696] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
    .text C:\Program Files\Elantech\ETDCtrl.exe[5092] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260

    Comment


    • #3
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
      .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[5100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5108] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
      .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\USER32.dll!LoadStringW 0000000075848eb9 5 bytes {CALL 0xffffffff9a7b82e9}
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[5352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
      .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5428] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\ExpressGateUtil\VAWinAgent.exe[5436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000066d011a8 2 bytes [D0, 66]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000066d013a8 2 bytes [D0, 66]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000066d01422 2 bytes [D0, 66]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000066d01498 2 bytes [D0, 66]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000074331b41 2 bytes [33, 74]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000074331be8 2 bytes [33, 74]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000074331c20 2 bytes [33, 74]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000074331cd2 2 bytes [33, 74]
      .text C:\Windows\WebCam\S6000\S6000Mnt.exe[5900] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000074331cf2 2 bytes [33, 74]

      Comment


      • #4
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
        .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[5032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
        .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4160] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767a1465 2 bytes [7A, 76]
        .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767a14bb 2 bytes [7A, 76]
        .text ... * 2
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5056] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
        .text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[1436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed27490 11 bytes JMP 000007fffd270228
        .text C:\Program Files\Internet Explorer\iexplore.exe[2036] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3bf00 7 bytes JMP 000007fffd270260
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767a1465 2 bytes [7A, 76]
        .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767a14bb 2 bytes [7A, 76]
        .text ... * 2
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770cefe0 5 bytes JMP 000000016fff0148
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770f99b0 7 bytes JMP 000000016fff00d8
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771094d0 5 bytes JMP 000000016fff0180
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077109640 5 bytes JMP 000000016fff0110
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007712a500 7 bytes JMP 000000016fff01b8
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2c2db0 5 bytes JMP 000007fffd270180
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2c37d0 7 bytes JMP 000007fffd2700d8
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2c8ef0 6 bytes JMP 000007fffd270148
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2daf60 5 bytes JMP 000007fffd270110
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3989e0 8 bytes JMP 000007fffd2701f0
        .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[5668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd39be40 8 bytes JMP 000007fffd2701b8
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000751213e1 7 bytes JMP 000000016a5a12ad
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007513b1d3 5 bytes JMP 000000016a5a15be
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000751b88b4 7 bytes JMP 000000016a5a1357
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000751b8939 5 bytes JMP 000000016a5a16e0
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000751b8c8f 5 bytes JMP 000000016a5a1028
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765e1d1b 5 bytes JMP 000000016a5a11ef
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000765e1dc9 5 bytes JMP 000000016a5a1023
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765e2aa4 5 bytes JMP 000000016a5a156e
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765e2d0a 5 bytes JMP 000000016a5a1294
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e0e96b 5 bytes JMP 000000016a5a15d7
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e0eba5 5 bytes JMP 000000016a5a11b8
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 000000016a5a1050
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075854572 5 bytes JMP 000000016a5a10d2
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 000000016a5a1609
        .text C:\Users\Rob\Desktop\0z9zng9p.exe[6060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 000000016a5a1249

        ---- User IAT/EAT - GMER 2.1 ----

        IAT C:\Windows\system32\mfevtps.exe[2236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f47ba40] C:\Windows\system32\mfevtps.exe

        ---- Registry - GMER 2.1 ----

        Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
        Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)

        ---- EOF - GMER 2.1 ----

        Comment


        • #5
          Hoi Robocops en welkom op Nucia Security Forum,

          Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
          .
          • Log enkel in als beheerder met alle rechten.
          • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
          • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
          • Volg aandachtig de instructies die door mij worden gegeven.
          • Volg enkel het door mij gegeven advies op
          • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
          • Als je iets niet weet of verstaat, vraag het dan even aub.
          • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
          • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
          • Zet je emoticons (Smileys) uit als je logs plaatst aub .
          • De logs niet als bijlage, noch tussen codetags zetten aub.

          .
          Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
          De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

          Stap 1:

          Malware scannen en verwijderen....

          Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

          Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:
          .
          .
          Dubbelklik op mbam-setup.exe om het programma te installeren.

          Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
          Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

          Zorg dat er na de installatie een vinkje is geplaatst bij:
          .
          • Update MalwareBytes' Anti-Malware
          • Start MalwareBytes' Anti-Malware
          • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

          .
          Zodra het programma gestart is, ga je naar het tabblad "Instellingen"
          .
          • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
          • Ga naar het tabblad "Updates" en Update MBAM.
          • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
          • Druk vervolgens op "Scannen" om de scan te starten.
          • Het scannen kan een tijdje duren, dus wees geduldig.
          • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
          • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
            Indien het veel items zijn, kan je in het venster rechtsklikken en "alle items selecteren" kiezen.
          • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

          .
          Indien MBAM vraagt om een herstart, doe dit dan ook.
          Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
          In dat geval post je dus de twee logs.

          De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


          Bij problemen!!!
          .
          .
          ___________________________________________________________

          Stap 2:

          Controle op slechte toolbars...

          Download AdwCleaner by Xplode naar je Bureaublad.
          • Sluit alle openstaande vensters
          • Start AdwCleaner
          • Klik op Scan
          • Klik op Clean
          • KLIK HIER voor een vergroting! 

          Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
          Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

          Enkel de log na de "clean" optie heb ik nodig.

          Vergeet niet om je "smileys" uit te schakelen.

          Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

          ___________________________________________________________

          Stap 3:

          Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


          DDS is een diagnosetool en maakt gebruik van scripts.
          Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


          Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
          Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
          Beide logfiles sla je op je bureaublad.

          Post de inhoud van DDS.txt.

          De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

          ___________________________________________________________

          Stap 4:

          Controle op updates...

          Download Security Check op je bureaublad via hier of hier

          Start Security Check
          Volg de Instructies in het scherm
          Aan het eind verschijnt een log ( checkup.txt )
          Plaats de inhoud ervan in je volgende antwoord.

          In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
          .
          • MBAM
          • AdwCleaner
          • DDS
          • checkup.txt

          .
          Deze logs NIET als bijlage of tussen codetags posten aub.
          (Desnoods in meerdere postingen.)

          Emphyrio
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Hoi Emphyrio,
            Bedankt voor je reactie. Hieronder en in een aantal volgende reacties de gevraagde logbestanden:


            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.12.25.03

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.16476
            Rob :: ASUS-LAPTOP-ROB [administrator]

            25-12-2013 15:09:03
            mbam-log-2013-12-25 (15-09-03).txt

            Scan type: Volledige scan (C:\|D:\|G:\|)
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 499023
            Verstreken tijd: 2 uur/uren, 5 minuut/minuten, 27 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 2
            HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.
            HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            (einde)



            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.12.25.03

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.16476
            Rob :: ASUS-LAPTOP-ROB [administrator]

            25-12-2013 21:10:32
            mbam-log-2013-12-25 (21-10-32).txt

            Scan type: Snelle scan
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 251691
            Verstreken tijd: 10 minuut/minuten, 57 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 2
            HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.
            HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Rob\LOCALS~1\Temp\msbyixm.com -> Zal worden verwijderd tijdens het herstarten.

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            (einde)

            Comment


            • #7
              # AdwCleaner v3.016 - Report created 25/12/2013 at 21:37:54
              # Updated 23/12/2013 by Xplode
              # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
              # Username : Rob - ASUS-LAPTOP-ROB
              # Running from : C:\Users\Rob\Desktop\adwcleaner.exe
              # Option : Clean

              ***** [ Services ] *****


              ***** [ Files / Folders ] *****


              ***** [ Shortcuts ] *****


              ***** [ Registry ] *****


              ***** [ Browsers ] *****

              -\\ Internet Explorer v11.0.9600.16428


              -\\ Google Chrome v31.0.1650.63

              [ File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


              *************************

              AdwCleaner[R0].txt - [3643 octets] - [25/12/2013 14:53:42]
              AdwCleaner[R1].txt - [881 octets] - [25/12/2013 21:36:52]
              AdwCleaner[S0].txt - [3662 octets] - [25/12/2013 14:54:55]
              AdwCleaner[S1].txt - [803 octets] - [25/12/2013 21:37:54]

              ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [862 octets] ##########



              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
              Run by Rob at 21:41:59 on 2013-12-25
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4001.2219 [GMT 1:00]
              .
              AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
              SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\nvvsvc.exe
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k GPSvcGroup
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\system32\FBAgent.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
              C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
              C:\Windows\system32\nvvsvc.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
              C:\Windows\system32\taskeng.exe
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
              C:\Program Files\McAfee\MSC\McAPExe.exe
              C:\Windows\system32\mfevtps.exe
              C:\Windows\system32\rundll32.exe
              C:\Windows\system32\rundll32.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\ExpressGateUtil\VAWinService.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Windows\SysWOW64\rundll32.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
              C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\taskeng.exe
              C:\Program Files\P4G\BatteryLife.exe
              C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
              C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
              C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
              C:\Windows\system32\taskeng.exe
              C:\Windows\AsScrPro.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
              C:\Windows\SysWOW64\ACEngSvr.exe
              C:\Windows\Explorer.EXE
              C:\Windows\system32\Dwm.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
              C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
              C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
              C:\Windows\System32\WUDFHost.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
              C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
              C:\Program Files\Elantech\ETDCtrl.exe
              C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
              C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
              C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
              C:\Windows\System32\igfxtray.exe
              C:\Windows\System32\hkcmd.exe
              C:\Windows\System32\igfxpers.exe
              C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
              C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
              C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
              C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
              C:\ExpressGateUtil\VAWinAgent.exe
              C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
              C:\Windows\WebCam\S6000\S6000Mnt.exe
              C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
              C:\Program Files\Elantech\ETDCtrlHelper.exe
              C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              C:\Program Files (x86)\iTunes\iTunesHelper.exe
              C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Windows\System32\svchost.exe -k LocalServicePeerNet
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
              C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
              C:\Program Files (x86)\Nero\Update\NASvc.exe
              C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\vssvc.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\sppsvc.exe
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://www.google.nl/
              uDefault_Page_URL = hxxp://asus.msn.com
              uWindows: Load = C:\Users\Rob\LOCALS~1\Temp\msbyixm.com
              mWinlogon: Userinit = userinit.exe,
              BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
              BHO: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
              BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
              BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
              BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO.dll
              TB: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
              TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
              TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
              TB: Sopcast Toolbar: {53504356-3700-A76A-76A7-7A786E7484D7} -
              EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
              mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
              mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
              mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
              mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
              mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
              mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
              mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
              mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
              mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
              mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
              mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
              mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
              mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
              mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
              mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
              mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
              mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
              mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
              mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
              mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
              mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
              dRunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
              dRunOnce: [{90140000-0018-0413-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
              mPolicies-Explorer: NoActiveDesktop = dword:1
              mPolicies-Explorer: NoActiveDesktopChanges = dword:1
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
              IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
              IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              TCP: NameServer = 192.168.0.1
              TCP: Interfaces\{164EFCC1-732A-495C-BB0F-42FC74A244D8} : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D} : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454 : DHCPNameServer = 195.175.39.39 195.175.39.40
              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F523 : DHCPNameServer = 10.11.10.1 195.175.39.39 195.175.39.40
              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F543 : DHCPNameServer = 195.175.39.39 195.175.39.40
              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\3707F627478616C6 : DHCPNameServer = 192.168.1.254 82.197.196.182 82.197.196.183
              Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
              AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
              SSODL: WebCheck - <orphaned>
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
              x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
              x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
              x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO64.dll
              x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
              x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
              x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
              x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
              x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
              x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
              x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
              x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
              x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
              x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
              x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
              x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              .

              Comment


              • #8
                ============= SERVICES / DRIVERS ===============
                .
                R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
                R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
                R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-3-25 72240]
                R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-3-25 15920]
                R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-26 30496]
                R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
                R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-22 283200]
                R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-2-17 66040]
                R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-17 379520]
                R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
                R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-11-14 121616]
                R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-2-17 178048]
                R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-17 1017016]
                R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-17 219272]
                R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-17 182752]
                R2 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
                R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
                R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
                R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-17 2656280]
                R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
                R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
                R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
                R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-12 129024]
                R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-2-25 302592]
                R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-2-25 81920]
                R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-12 317440]
                R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
                R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
                R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
                R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-17 428136]
                R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\System32\drivers\S6000KNT.sys [2011-4-12 190232]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
                S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-11 16776]
                S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-11 9096]
                S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-10 1432400]
                S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
                S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
                S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-17 197704]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
                S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
                S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
                S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
                S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
                S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
                S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
                S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-17 1255736]
                S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                .
                =============== File Associations ===============
                .
                FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
                .
                =============== Created Last 30 ================
                .
                2013-12-25 13:53:25 -------- d-----w- C:\AdwCleaner
                2013-12-25 09:41:00 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B2193A4-4828-41B5-8BC5-2FF58D0F5A99}\mpengine.dll
                2013-12-17 03:06:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                2013-12-15 02:00:27 -------- d-----w- C:\51fca232d7541abcc3ef
                2013-12-12 02:05:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
                2013-12-12 02:05:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                2013-12-12 02:05:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
                2013-12-12 02:05:13 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
                2013-12-12 00:14:24 335360 ----a-w- C:\Windows\System32\msieftp.dll
                2013-12-12 00:13:59 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
                .
                ==================== Find3M ====================
                .
                2013-12-25 20:39:19 45056 ----a-w- C:\Windows\System32\acovcnt.exe
                2013-12-10 22:40:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2013-12-10 22:40:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
                2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
                2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
                2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
                2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
                2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
                2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
                2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                2013-11-04 15:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
                2013-11-04 15:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
                2013-11-04 15:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
                2013-11-04 15:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
                2013-11-04 15:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
                2013-11-04 15:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
                2013-11-04 15:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
                2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
                2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
                2013-10-23 14:11:22 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
                2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
                2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
                2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
                2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
                2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
                2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
                2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
                2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
                2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
                2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
                2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
                2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
                2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
                2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
                2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
                2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
                2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
                2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
                2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
                2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
                2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
                2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
                2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
                2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
                2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
                2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
                .
                ============= FINISH: 21:43:58,22 ===============

                Comment


                • #9
                  Results of screen317's Security Check version 0.99.77
                  Windows 7 Service Pack 1 x64 (UAC is enabled)
                  Internet Explorer 11
                  ``````````````Antivirus/Firewall Check:``````````````
                  McAfee Antivirus en antispyware
                  WMI entry may not exist for antivirus; attempting automatic update.
                  `````````Anti-malware/Other Utilities Check:`````````
                  Java 7 Update 45
                  Adobe Flash Player 11.9.900.170
                  Adobe Reader XI
                  Google Chrome 31.0.1650.57
                  Google Chrome 31.0.1650.63
                  ````````Process Check: objlist.exe by Laurent````````
                  McAfee Online Backup MOBKbackup.exe
                  `````````````````System Health check`````````````````
                  Total Fragmentation on Drive C: 0%
                  ````````````````````End of Log``````````````````````

                  Comment


                  • #10
                    Download of Update Ccleaner

                    Start CCleaner op.
                    • Run Ccleaner en klik in de linkse kolom op Opties
                    • Selecteer het tabblad Geavanceerd
                    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                    • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                    • Selecteer het tabblad Instellingen
                    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                    • Klik in de linkse kolom op Cleaner.
                    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                    • Klik vervolgens in de linkse kolom op Register
                    • Klik op Scan naar problemen.
                    • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                    • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



                    Download DeFogger naar je bureaublad.
                    Dubbelklik op DeFogger.

                    Klik op de Disable button om de CD Emulation drivers uit te schakelen.
                    Klik daarna Yes .



                    DeFogger zal op het einde vragen om te rebooten, klik op OK.


                    Download RKill via één van de links op deze webpagina naar je bureaublad. Het best kies je hier voor iExplore.exe.
                    Dubbelklik op "rkill" om het te starten

                    Dit kan een beetje tijd in beslag nemen.
                    Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
                    Indien u problemen blijft houden qua meldingen download dan hier (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.

                    Als "rkill" gereed is zal er LOG bestanden geopend worden, deze is ook terug te vinden op de systeemschijf C:\rkill.log plaats de inhoud hiervan in het volgende bericht.


                    Let op!!! Herstart niet de computer na het gebruik van rkill


                    Doe een snelle scan met MBAM en verwijder de gevonden items.
                    Indien MBAM vraagt om een herstart, dan doe je dit.


                    Post eveneens een verse DDS log.
                    Last edited by Emphyrio; 25-12-13, 21:57.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Wil het lukken?
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Rkill 2.6.4 by Lawrence Abrams (Grinler)
                        http://www.bleepingcomputer.com/
                        Copyright 2008-2013 BleepingComputer.com
                        More Information about Rkill can be found at this link:
                        http://www.bleepingcomputer.com/forums/topic308364.html

                        Program started at: 12/27/2013 02:10:58 PM in x64 mode.
                        Windows Version: Windows 7 Home Premium Service Pack 1

                        Checking for Windows services to stop:

                        * No malware services found to stop.

                        Checking for processes to terminate:

                        * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 5392) [WD-HEUR]

                        1 proccess terminated!

                        Checking Registry for malware related settings:

                        * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

                        Backup Registry file created at:
                        C:\Users\Rob\Desktop\rkill\rkill-12-27-2013-02-11-04.reg

                        Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

                        Performing miscellaneous checks:

                        * No issues found.

                        Checking Windows Service Integrity:

                        * No issues found.

                        Searching for Missing Digital Signatures:

                        * No issues found.

                        Checking HOSTS File:

                        * No issues found.

                        Program finished at: 12/27/2013 02:11:58 PM
                        Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)



                        DDS (Ver_2012-11-20.01) - NTFS_AMD64
                        Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
                        Run by Rob at 19:37:11 on 2013-12-27
                        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4001.1961 [GMT 1:00]
                        .
                        AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
                        SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
                        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                        FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
                        .
                        ============== Running Processes ===============
                        .
                        C:\Windows\system32\lsm.exe
                        C:\Windows\system32\svchost.exe -k DcomLaunch
                        C:\Windows\system32\nvvsvc.exe
                        C:\Windows\system32\svchost.exe -k RPCSS
                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        C:\Windows\system32\svchost.exe -k LocalService
                        C:\Windows\system32\svchost.exe -k netsvcs
                        C:\Windows\system32\svchost.exe -k GPSvcGroup
                        C:\Windows\system32\svchost.exe -k NetworkService
                        C:\Windows\system32\FBAgent.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                        C:\Windows\System32\spoolsv.exe
                        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                        C:\Windows\system32\nvvsvc.exe
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                        C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
                        C:\Program Files\McAfee\MSC\McAPExe.exe
                        C:\Windows\system32\mfevtps.exe
                        C:\Windows\system32\rundll32.exe
                        C:\Windows\system32\rundll32.exe
                        C:\Windows\system32\svchost.exe -k imgsvc
                        C:\ExpressGateUtil\VAWinService.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                        C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
                        C:\Windows\SysWOW64\rundll32.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                        C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
                        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
                        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                        C:\Windows\System32\WUDFHost.exe
                        C:\Windows\system32\taskhost.exe
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\system32\Dwm.exe
                        C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
                        C:\Program Files\P4G\BatteryLife.exe
                        C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
                        C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                        C:\Windows\SysWOW64\ACEngSvr.exe
                        C:\Windows\AsScrPro.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                        C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                        C:\Program Files\Elantech\ETDCtrl.exe
                        C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                        C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                        C:\Windows\System32\igfxtray.exe
                        C:\Windows\System32\hkcmd.exe
                        C:\Windows\System32\igfxpers.exe
                        C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
                        C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
                        C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
                        C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
                        C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                        C:\Windows\WebCam\S6000\S6000Mnt.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                        C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                        C:\ExpressGateUtil\VAWinAgent.exe
                        C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
                        C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                        C:\Program Files (x86)\iTunes\iTunesHelper.exe
                        C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
                        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                        C:\Program Files\Elantech\ETDCtrlHelper.exe
                        C:\Program Files\iPod\bin\iPodService.exe
                        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                        C:\Program Files\Windows Media Player\wmpnetwk.exe
                        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                        C:\Windows\system32\SearchIndexer.exe
                        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                        C:\Windows\system32\SearchProtocolHost.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                        C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
                        C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
                        C:\Program Files (x86)\Nero\Update\NASvc.exe
                        C:\Windows\system32\vssvc.exe
                        C:\Windows\System32\svchost.exe -k secsvcs
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                        C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
                        C:\Windows\system32\svchost.exe -k SDRSVC
                        C:\Windows\System32\MsSpellCheckingFacility.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Windows\system32\SearchFilterHost.exe
                        C:\Windows\System32\cscript.exe
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uStart Page = hxxp://www.google.nl/
                        uDefault_Page_URL = hxxp://asus.msn.com
                        uWindows: Load = C:\Users\Rob\LOCALS~1\Temp\msbyixm.com
                        mWinlogon: Userinit = userinit.exe,
                        BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
                        BHO: {53504356-3700-A76A-76A7-7A786E7484D7} - <orphaned>
                        BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                        BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                        BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
                        BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                        BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                        BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
                        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                        BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO.dll
                        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                        TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                        TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
                        EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
                        mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
                        mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
                        mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
                        mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
                        mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
                        mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
                        mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                        mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                        mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                        mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                        mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
                        mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
                        mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
                        mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
                        mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
                        mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
                        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                        mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
                        mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
                        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                        mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                        dRunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
                        dRunOnce: [{90140000-0018-0413-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
                        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
                        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
                        mPolicies-Explorer: NoActiveDesktop = dword:1
                        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                        mPolicies-System: ConsentPromptBehaviorUser = dword:3
                        mPolicies-System: EnableUIADesktopToggle = dword:0
                        IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
                        IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
                        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                        IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                        TCP: NameServer = 192.168.0.1
                        TCP: Interfaces\{164EFCC1-732A-495C-BB0F-42FC74A244D8} : DHCPNameServer = 192.168.0.1
                        TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D} : DHCPNameServer = 192.168.0.1
                        TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454 : DHCPNameServer = 195.175.39.39 195.175.39.40
                        TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F523 : DHCPNameServer = 10.11.10.1 195.175.39.39 195.175.39.40
                        TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\359414D4F554C4547414E43454F543 : DHCPNameServer = 195.175.39.39 195.175.39.40
                        TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}\3707F627478616C6 : DHCPNameServer = 192.168.1.254 82.197.196.182 82.197.196.183
                        Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
                        Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                        Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                        AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
                        SSODL: WebCheck - <orphaned>
                        SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                        x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                        x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
                        x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                        x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                        x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Rob\Documents\iTools\Plugin\iToolsBHO64.dll
                        x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                        x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                        x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
                        x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                        x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
                        x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
                        x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                        x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
                        x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
                        x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
                        x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                        x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                        x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
                        x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                        x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                        x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                        x64-Notify: igfxcui - igfxdev.dll
                        x64-SSODL: WebCheck - <orphaned>
                        x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
                        R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
                        R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-3-25 72240]
                        R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-3-25 15920]
                        R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-26 30496]
                        R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
                        R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-22 283200]
                        R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-2-17 66040]
                        R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-17 379520]
                        R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                        R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
                        R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                        R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-11-14 121616]
                        R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-2-17 178048]
                        R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                        R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                        R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                        R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-17 328928]
                        R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-17 1017016]
                        R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-17 219272]
                        R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-17 182752]
                        R2 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
                        R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
                        R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
                        R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-17 2656280]
                        R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
                        R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
                        R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
                        R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-12 129024]
                        R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-2-25 302592]
                        R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-2-25 81920]
                        R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-12 317440]
                        R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
                        R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
                        R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
                        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-17 428136]
                        R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\System32\drivers\S6000KNT.sys [2011-4-12 190232]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                        S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
                        S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-11 16776]
                        S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-11 9096]
                        S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-10 1432400]
                        S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
                        S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
                        S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-17 197704]
                        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
                        S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
                        S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
                        S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
                        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
                        S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
                        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
                        S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
                        S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-17 1255736]
                        S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                        .
                        =============== File Associations ===============
                        .
                        FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
                        .
                        =============== Created Last 30 ================
                        .
                        2013-12-27 10:33:12 -------- d-----w- C:\Program Files\CCleaner
                        2013-12-25 13:53:25 -------- d-----w- C:\AdwCleaner
                        2013-12-25 09:41:00 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B2193A4-4828-41B5-8BC5-2FF58D0F5A99}\mpengine.dll
                        2013-12-17 03:06:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                        2013-12-15 02:00:27 -------- d-----w- C:\51fca232d7541abcc3ef
                        2013-12-12 02:05:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
                        2013-12-12 02:05:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                        2013-12-12 02:05:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
                        2013-12-12 02:05:13 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
                        2013-12-12 00:14:24 335360 ----a-w- C:\Windows\System32\msieftp.dll
                        2013-12-12 00:13:59 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
                        .
                        ==================== Find3M ====================
                        .
                        2013-12-27 18:29:16 45056 ----a-w- C:\Windows\System32\acovcnt.exe
                        2013-12-10 22:40:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                        2013-12-10 22:40:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                        2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                        2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                        2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
                        2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                        2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                        2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                        2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                        2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                        2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
                        2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                        2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
                        2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
                        2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                        2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
                        2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                        2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
                        2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
                        2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
                        2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
                        2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                        2013-11-04 15:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
                        2013-11-04 15:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
                        2013-11-04 15:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
                        2013-11-04 15:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
                        2013-11-04 15:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
                        2013-11-04 15:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
                        2013-11-04 15:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
                        2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
                        2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
                        2013-10-23 14:11:22 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
                        2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
                        2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
                        2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
                        2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
                        2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
                        2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
                        2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
                        2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
                        2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
                        2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
                        2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
                        2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
                        2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
                        2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
                        2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                        2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
                        2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
                        2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
                        2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
                        2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
                        2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
                        2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
                        2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
                        2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
                        2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
                        2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
                        2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                        .
                        ============= FINISH: 19:37:51,88 ===============

                        Comment


                        • #13
                          hoi,

                          Tot nu toe wel denk ik. mbam zag nog wel de 2 infecties. sorry dat ik niet zo snel kon reageren, maar gisteren lag jullie site eruit volgens mij.

                          Groeten Rob

                          Comment


                          • #14
                            Download Combofix naar je bureaublad.

                            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                            Als Combofix vraagt om een update, dan staat je dit toe.

                            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                            Deze kan je vinden als C:\combofix.txt.

                            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                            • Illegal operation attempted on a registry key that has been marked for deletion.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              ComboFix 13-12-26.01 - Rob 28-12-2013 10:33:19.1.8 - x64
                              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4001.2119 [GMT 1:00]
                              Gestart vanuit: c:\users\Rob\Desktop\ComboFix.exe
                              AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
                              FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
                              SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
                              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                              * Nieuw herstelpunt werd aangemaakt
                              .
                              .
                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              c:\users\Rob\AppData\Roaming\IHelper
                              c:\users\Rob\AppData\Roaming\inst.exe
                              c:\users\Rob\AppData\Roaming\WindowsLogonS
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\killer.bat
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\compile.bat
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part1
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part2
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part3
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part4
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part5
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part6
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\compile.bat
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part1
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part10
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part11
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part12
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part13
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part14
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part15
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part16
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part17
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part18
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part19
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part2
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part20
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part21
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part22
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part23
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part24
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part25
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part26
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part27
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part28
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part29
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part3
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part30
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part31
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part32
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part33
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part34
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part35
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part4
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part5
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part6
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part7
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part8
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\min\miner.dll_part9
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\openssl.dll
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\phatk.cl
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\phatk.ptx
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\puts.vbs
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\compile.bat
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part1
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part2
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part3
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part4
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part5
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\shel\shell.exe_part6
                              c:\users\Rob\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs
                              c:\windows\AsPatch10430001.exe
                              c:\windows\msvcr71.dll
                              .
                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2013-11-28 to 2013-12-28 ))))))))))))))))))))))))))))))
                              .
                              .
                              2013-12-28 10:08 . 2013-12-28 10:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
                              2013-12-28 10:08 . 2013-12-28 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
                              2013-12-28 02:54 . 2013-12-28 02:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B08E6F94-D656-4A21-AEE6-D349C356AC0A}\offreg.dll
                              2013-12-27 20:13 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B08E6F94-D656-4A21-AEE6-D349C356AC0A}\mpengine.dll
                              2013-12-27 10:33 . 2013-12-27 10:33 -------- d-----w- c:\program files\CCleaner
                              2013-12-25 13:53 . 2013-12-25 20:37 -------- d-----w- C:\AdwCleaner
                              2013-12-15 02:00 . 2013-12-15 02:02 -------- d-----w- C:\51fca232d7541abcc3ef
                              2013-12-12 02:05 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
                              2013-12-12 02:05 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
                              2013-12-12 02:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
                              2013-12-12 02:05 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
                              2013-12-12 02:05 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
                              2013-12-12 00:14 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
                              2013-12-12 00:13 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
                              .
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2013-12-27 18:29 . 2013-02-17 13:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
                              2013-12-15 02:00 . 2013-02-18 08:27 90708896 ----a-w- c:\windows\system32\MRT.exe
                              2013-12-10 22:40 . 2013-02-22 06:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                              2013-12-10 22:40 . 2013-02-22 06:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                              2013-11-19 02:33 . 2013-02-17 14:08 267936 ------w- c:\windows\system32\MpSigStub.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 235008 ----a-w- c:\windows\system32\elshyph.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 182272 ----a-w- c:\windows\SysWow64\msls31.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
                              2013-11-15 06:42 . 2013-11-15 06:42 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 337408 ----a-w- c:\windows\SysWow64\html.iec
                              2013-11-15 06:42 . 2013-11-15 06:42 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 139264 ----a-w- c:\windows\SysWow64\wextract.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 13312 ----a-w- c:\windows\SysWow64\mshta.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 942592 ----a-w- c:\windows\system32\jsIntl.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 247808 ----a-w- c:\windows\system32\msls31.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 195584 ----a-w- c:\windows\system32\msrating.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 13312 ----a-w- c:\windows\system32\msfeedssync.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 105984 ----a-w- c:\windows\system32\iesysprep.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 77312 ----a-w- c:\windows\system32\tdc.ocx
                              2013-11-15 06:42 . 2013-11-15 06:42 453120 ----a-w- c:\windows\system32\dxtmsft.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 413696 ----a-w- c:\windows\system32\html.iec
                              2013-11-15 06:42 . 2013-11-15 06:42 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 296960 ----a-w- c:\windows\system32\dxtrans.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 81408 ----a-w- c:\windows\system32\icardie.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 616104 ----a-w- c:\windows\system32\ieapfltr.dat
                              2013-11-15 06:42 . 2013-11-15 06:42 30208 ----a-w- c:\windows\system32\licmgr10.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 263376 ----a-w- c:\windows\system32\iedkcs32.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 243200 ----a-w- c:\windows\system32\webcheck.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 235520 ----a-w- c:\windows\system32\url.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 84992 ----a-w- c:\windows\system32\mshtmled.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 626176 ----a-w- c:\windows\system32\msfeeds.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 167424 ----a-w- c:\windows\system32\iexpress.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 143872 ----a-w- c:\windows\system32\wextract.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 101376 ----a-w- c:\windows\system32\inseng.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 548352 ----a-w- c:\windows\system32\vbscript.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 62464 ----a-w- c:\windows\system32\pngfilt.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 147968 ----a-w- c:\windows\system32\occache.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 13824 ----a-w- c:\windows\system32\mshta.exe
                              2013-11-15 06:42 . 2013-11-15 06:42 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 774144 ----a-w- c:\windows\system32\jscript.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 48128 ----a-w- c:\windows\system32\imgutil.dll
                              2013-11-15 06:42 . 2013-11-15 06:42 135680 ----a-w- c:\windows\system32\iepeers.dll
                              2013-11-04 15:51 . 2012-11-09 05:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
                              2013-11-04 15:46 . 2012-11-09 05:37 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
                              2013-11-04 15:46 . 2013-02-17 14:08 182752 ----a-w- c:\windows\system32\mfevtps.exe
                              2013-11-04 15:43 . 2012-11-09 05:35 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys
                              2013-11-04 15:41 . 2012-11-09 05:34 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
                              2013-11-04 15:40 . 2012-11-09 05:34 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
                              2013-11-04 15:39 . 2012-11-09 05:33 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
                              2013-10-23 14:11 . 2012-07-19 09:38 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
                              2013-10-14 17:00 . 2013-11-15 06:48 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
                              2013-10-12 02:30 . 2013-11-13 09:33 830464 ----a-w- c:\windows\system32\nshwfp.dll
                              2013-10-12 02:29 . 2013-11-13 09:33 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
                              2013-10-12 02:29 . 2013-11-13 09:33 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
                              2013-10-12 02:03 . 2013-11-13 09:33 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
                              2013-10-12 02:01 . 2013-11-13 09:33 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
                              2013-10-08 05:50 . 2013-10-23 10:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                              2013-10-05 20:25 . 2013-11-13 09:33 1474048 ----a-w- c:\windows\system32\crypt32.dll
                              2013-10-05 19:57 . 2013-11-13 09:33 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
                              2013-10-04 02:28 . 2013-11-13 09:33 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
                              2013-10-04 02:25 . 2013-11-13 09:33 197120 ----a-w- c:\windows\system32\credui.dll
                              2013-10-04 02:24 . 2013-11-13 09:33 1930752 ----a-w- c:\windows\system32\authui.dll
                              2013-10-04 01:58 . 2013-11-13 09:33 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
                              2013-10-04 01:56 . 2013-11-13 09:33 168960 ----a-w- c:\windows\SysWow64\credui.dll
                              2013-10-04 01:56 . 2013-11-13 09:33 1796096 ----a-w- c:\windows\SysWow64\authui.dll
                              2013-10-03 02:23 . 2013-11-13 09:33 404480 ----a-w- c:\windows\system32\gdi32.dll
                              2013-10-03 02:00 . 2013-11-13 09:33 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                              REGEDIT4
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                              "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
                              "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
                              "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
                              "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]
                              "SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
                              "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
                              "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
                              "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
                              "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
                              "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
                              "RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
                              "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
                              "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
                              "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
                              "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
                              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                              "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
                              "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-10-23 337432]
                              "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
                              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                              "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
                              .
                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                              "{90140000-0011-0000-1000-0000000FF1CE}"="del" [X]
                              "{90140000-0018-0413-1000-0000000FF1CE}"="del" [X]
                              .
                              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                              AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
                              FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2013-2-17 12862]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                              "ConsentPromptBehaviorAdmin"= 5 (0x5)
                              "ConsentPromptBehaviorUser"= 3 (0x3)
                              "EnableUIADesktopToggle"= 0 (0x0)
                              "EnableLinkedConnections"= 1 (0x1)
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                              "LoadAppInit_DLLs"=1 (0x1)
                              "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                              @=""
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
                              @=""
                              .
                              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                              R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                              R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\V AWinService.exe [x]
                              R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
                              R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
                              R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
                              R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
                              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                              R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                              R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
                              R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
                              R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                              R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                              R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                              R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                              R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                              R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                              S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
                              S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
                              S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
                              S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                              S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                              S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
                              S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
                              S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                              S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                              S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
                              S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
                              S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
                              S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
                              S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
                              S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
                              S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
                              S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
                              S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
                              S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
                              S2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
                              S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
                              S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                              S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                              S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
                              S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
                              S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
                              S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
                              S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
                              S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                              S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
                              S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
                              S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                              S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
                              .
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                              2013-12-05 04:39 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              .
                              2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
                              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 22:40]
                              .
                              2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
                              .
                              2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
                              .
                              .
                              --------- X64 Entries -----------
                              .
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
                              @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
                              [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
                              2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
                              @="{64174815-8D98-4CE6-8646-4C039977D808}"
                              [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
                              2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MO BK]
                              @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
                              [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
                              2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MO BK2]
                              @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
                              [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
                              2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MO BK3]
                              @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
                              [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
                              2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
                              "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
                              "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
                              "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
                              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
                              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
                              "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
                              "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
                              "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
                              "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                              "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
                              .
                              ------- Bijkomende Scan -------
                              .
                              uLocal Page = c:\windows\system32\blank.htm
                              uStart Page = hxxp://www.google.nl/
                              mLocal Page = c:\windows\SysWOW64\blank.htm
                              uInternet Settings,ProxyOverride = *.local
                              IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
                              IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
                              TCP: DhcpNameServer = 192.168.0.1
                              TCP: Interfaces\{4D0F5E8E-9114-4B70-BE1C-78C0D524139D}: DhcpNameServer = 192.168.0.1
                              .
                              - - - - ORPHANS VERWIJDERD - - - -
                              .
                              BHO-{53504356-3700-A76A-76A7-7A786E7484D7} - (no file)
                              Toolbar-Locked - (no file)
                              Toolbar-{53504356-3700-A76A-76A7-7A786E7484D7} - (no file)
                              Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
                              HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                              Toolbar-Locked - (no file)
                              WebBrowser-{53504356-3700-A76A-76A7-7A786E7484D7} - (no file)
                              HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
                              .
                              .
                              .
                              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe ,-101"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker5"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe ,-101"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Shockwave Flash Object"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                              @="0"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="ShockwaveFlash.ShockwaveFlash.11"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="ShockwaveFlash.ShockwaveFlash"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Macromedia Flash Factory Object"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="FlashFactory.FlashFactory.1"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="FlashFactory.FlashFactory"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker5"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                              "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                              @Denied: (Full) (Everyone)
                              .
                              Voltooingstijd: 2013-12-28 11:12:27
                              ComboFix-quarantined-files.txt 2013-12-28 10:12
                              .
                              Pre-Run: 119.865.450.496 bytes beschikbaar
                              Post-Run: 119.082.328.064 bytes beschikbaar
                              .
                              - - End Of File - - 21205EF520C1F49C204A5A8381133F26

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X