Mededeling

Collapse
No announcement yet.

Mogelijke rootkit?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Mogelijke rootkit?

    Hallo,

    Sinds mijn laatste (en eerste) onderwerp/bericht afgelopen april is mijn harde schijf vervangen (gelukkig nog in de garantie), omdat bleek dat mijn problemen kwamen door een kapotte harde schijf. Sindsdien heb ik geen problemen ondervonden en scan ik mijn laptop (handmatig) regelmatig, in ieder geval 1x per week.

    De laatste paar weken merkte ik dat mijn laptop trager werd en meer lawaai ging maken. Videobestanden en muziek afspelen gaat de laatste tijd ook moeilijker, het blijft regelmatig eventjes haperen. Meestal als ik mijn laptop laat scannen, ga ik wat anders doen en is de scan al klaar als ik terugkom. Vandaag was de scan nog niet klaar. Ik merkte op dat de snelle scan relatief lang bij 98% bleef hangen. De scan gaf aan dat het bezig was met een rootkit te scannen. Maar de scan gaf geen problemen aan.

    Vandaar dit bericht, om de mogelijke rootkit te verwijderen en hopelijk om mijn laptop weer wat sneller te kunnen maken.

    Hier de logbestanden.

    MBAM logbestand:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.01.01.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    THOM :: THOM-PC [administrator]

    1-1-2014 18:51:22
    mbam-log-2014-01-01 (18-51-22).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 256224
    Verstreken tijd: 6 minuut/minuten, 35 seconde(n)

    Geheugenprocessen gedetecteerd: 1
    C:\Program Files (x86)\WADesktop.Updater.exe (PUP.Optional.WebCake.A) -> 2140 -> Zal worden verwijderd tijdens het herstarten.

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 2
    HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.Optional.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\Program Files (x86)\WADesktop.Updater.exe (PUP.Optional.WebCake.A) -> Zal worden verwijderd tijdens het herstarten.

    (einde)


    DDS logbestand:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by THOM at 20:07:30 on 2014-01-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.1923 [GMT 1:00]
    .
    AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.nl/
    uDefault_Page_URL = hxxp://www.dell.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRunOnce: [{91120000-0030-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    StartupFolder: C:\Users\THOM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{19FFCBC8-56ED-4E2F-BEF0-DC4CB84DBEA2} : DHCPNameServer = 192.168.0.150
    TCP: Interfaces\{254762A6-0BA3-4A0F-9467-390604BE6BEA} : DHCPNameServer = 192.168.0.150
    TCP: Interfaces\{2B7354A2-F63D-4A26-9383-ED0CA6449320} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2B7354A2-F63D-4A26-9383-ED0CA6449320}\14256573531393238333233453 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{2B7354A2-F63D-4A26-9383-ED0CA6449320}\54E67456E6965737931424837334 : DHCPNameServer = 8.8.8.8 192.168.19.1
    TCP: Interfaces\{700446BD-6CF2-4E11-94CE-A3BD2BB0DD1B} : DHCPNameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{72F618F0-929B-43D4-B938-56540B4B1427} : DHCPNameServer = 192.168.0.150
    TCP: Interfaces\{9AA4A4E7-B282-483D-B1F2-AF529180537B} : DHCPNameServer = 192.168.0.150
    TCP: Interfaces\{F5C6E20C-F19D-4562-A977-2706210FA750} : DHCPNameServer = 192.168.0.150
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-12-26 782360]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 343696]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-6-13 21616]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-2-4 98208]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
    R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-6 328928]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-13 13336]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-12-18 121616]
    R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-6-6 178048]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-6 328928]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-6 328928]
    R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-6 328928]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-6 328928]
    R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-6-6 1017016]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-6-6 219272]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-6 182752]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-13 2656280]
    R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-6-13 27760]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 70112]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-10-30 176000]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 311120]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 519576]
    R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-2-24 107912]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-2-24 226696]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-7-2 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-26 708200]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
    S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2013-2-4 103184]
    S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;C:\Windows\System32\drivers\d554scard.sys [2013-2-4 61992]
    S3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2013-2-4 26664]
    S3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2013-2-4 29736]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-18 197704]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-6-13 174168]
    S3 Mbm3CBus;Dell Wireless 5540 HSPA Mini-Card Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2013-2-4 419400]
    S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2013-2-4 430664]
    S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2013-2-4 19528]
    S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2013-2-4 483400]
    S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-13 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2013-2-4 279312]
    .
    =============== Created Last 30 ================
    .
    2014-01-01 17:48:45 -------- d-----w- C:\Users\THOM\AppData\Roaming\Malwarebytes
    2014-01-01 17:48:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-01 17:48:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-01-01 17:47:24 -------- d-----w- C:\Users\THOM\AppData\Local\Programs
    2013-12-31 11:07:28 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F30D3695-7A9E-4EC1-B2D1-97C8874C48F3}\mpengine.dll
    2013-12-19 11:37:55 -------- d-----w- C:\ProgramData\Oracle
    2013-12-19 11:37:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-11 12:35:49 -------- d-----w- C:\Windows\Migration
    2013-12-11 11:48:30 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2013-12-11 11:48:30 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2013-12-11 11:48:28 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2013-12-11 11:48:27 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2013-12-11 10:08:15 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2013-12-11 10:08:15 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-12-11 10:08:13 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-12-11 10:08:12 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-12-11 10:08:12 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-12-11 10:08:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-12-11 10:08:10 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-12-11 10:08:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-12-11 10:08:02 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-12-11 10:07:52 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2013-12-11 10:07:52 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
    2013-12-11 10:07:51 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2013-12-11 10:07:51 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2013-12-11 10:07:50 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2013-12-11 10:07:50 168960 ----a-w- C:\Windows\System32\wscript.exe
    2013-12-11 10:07:50 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-12-11 10:07:50 156160 ----a-w- C:\Windows\System32\cscript.exe
    2013-12-11 10:07:50 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2013-12-11 10:07:40 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    .
    ==================== Find3M ====================
    .
    2013-12-10 20:28:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-10 20:28:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-04 15:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2013-11-04 15:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2013-11-04 15:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
    2013-11-04 15:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2013-11-04 15:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2013-11-04 15:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2013-11-04 15:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    .
    ============= FINISH: 20:08:33,61 ===============


    GMER logbestand staat in de volgende post, vanwege het aantal tekens.
    Last edited by Alfaxa; 02-01-14, 12:58.

  • #2
    GMER logbestand, deel 1:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2014-01-01 20:23:06
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.MH00 596,17GB
    Running: lv1hpfjf.exe; Driver: C:\Users\THOM\AppData\Local\Temp\pxldipoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003dfa000 45 bytes [52, 43, 52, 44, 28, 00, 09, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80003dfa02f 16 bytes [00, 18, 00, 00, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
    .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2764] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d06f80 5 bytes JMP 000000017120f140
    .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2764] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076d07070 5 bytes JMP 000000017120f020
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef97ddc88 5 bytes JMP 000007fff97b00d8
    .text C:\Windows\system32\Dwm.exe[3252] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef97dde10 5 bytes JMP 000007fff97b0110
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
    .text C:\Program Files\Dell\QuickSet\quickset.exe[4324] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
    .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
    .text C:\Windows\System32\igfxpers.exe[4524] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4564] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
    .text C:\Program Files\Windows Sidebar\sidebar.exe[4628] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074e11465 2 bytes [E1, 74]
    .text C:\Users\THOM\AppData\Roaming\Dropbox\bin\Dropbox.exe[4716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074e114bb 2 bytes [E1, 74]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4796] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
    .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
    .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
    .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339

    Comment


    • #3
      GMER logbestand, deel 2:

      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
      .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4868] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
      .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
      .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
      .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffcd50180
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffcd500d8
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffcd50148
      .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffcd50110
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
      .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
      .text C:\Windows\system32\wuauclt.exe[5700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd1b7490 11 bytes JMP 000007fffce00228
      .text C:\Program Files\Internet Explorer\iexplore.exe[5960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd1cbf00 7 bytes JMP 000007fffce00260
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e11465 2 bytes [E1, 74]
      .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e114bb 2 bytes [E1, 74]
      .text ... * 2
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce12db0 5 bytes JMP 000007fffce00180
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce137d0 7 bytes JMP 000007fffce000d8
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce18ef0 6 bytes JMP 000007fffce00148
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce2af60 5 bytes JMP 000007fffce00110
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0d89e0 8 bytes JMP 000007fffce001f0
      .text C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0dbe40 8 bytes JMP 000007fffce001b8
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000752b13e1 7 bytes JMP 000000016ce2128f
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000752cb1d3 5 bytes JMP 000000016ce2159b
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000753488b4 7 bytes JMP 000000016ce21339
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075348939 5 bytes JMP 000000016ce216b8
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075348c8f 5 bytes JMP 000000016ce2101e
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076961d1b 5 bytes JMP 000000016ce211d1
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076961dc9 5 bytes JMP 000000016ce21019
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076962aa4 5 bytes JMP 000000016ce2154b
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076962d0a 5 bytes JMP 000000016ce21276
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751de96b 5 bytes JMP 000000016ce215b4
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751deba5 5 bytes JMP 000000016ce2119a
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c15ea5 5 bytes JMP 000000016ce215e6
      .text C:\Users\THOM\Desktop\lv1hpfjf.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c49d0b 5 bytes JMP 000000016ce2122b

      ---- User IAT/EAT - GMER 2.1 ----

      IAT C:\Windows\system32\mfevtps.exe[2092] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fc5ba40] C:\Windows\system32\mfevtps.exe

      ---- Disk sectors - GMER 2.1 ----

      Disk \Device\Harddisk0\DR0 unknown MBR code

      ---- EOF - GMER 2.1 ----


      De scan gaf tijdens het scannen 2x een (fout-)melding. Dat er iets niet gescand kon worden omdat een ander programma het had geopend. Ik kan met niet herinneren wat voor soort melding het was en over welke programma's het ging. Na op 'OK' geklikt te hebben, ging de scan weer verder.

      Comment


      • #4
        Download Zoek.zip naar het bureaublad.
        • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


        Antivirussoftware uitschakelen
        Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

        Zoek.exe uitvoeren
        Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
        • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
        • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
        • Klik nu op de knop "Run script".
        • Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
        • Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
        • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
        • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
        • Post het geopende logje in het volgende bericht als bijlage.


        Zoek.exe logbestand plaatsen
        • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht.
          (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          zoek-results.txt

          Comment


          • #6
            Download Delfix by Xplode naar het bureaublad.

            Dubbelklik op Delfix.exe om de tool te starten.
            Zet nu vinkjes voor de volgende items:
            • Activate UAC
            • Remove disinfection tools
            • Create registry backup
            • Purge System Restore
            • Reset system settings

            Klik nu op "Run" en wacht geduldig tot de tool gereed is.
            Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Delfix uitgevoerd, DDS, Defogger en Zoek zijn verwijderd.

              Ik heb weer even de snelle scan van McAfee uitgevoerd. De scan geeft nog steeds aan dat het een rootkit aan het scannen is bij 98%. Laptop lijkt wel iets sneller te werken, maar nog niet op dezelfde snelheid als een paar weken geleden. Ook zijn er nog haperingen als ik muziek of videobestanden afspeel.

              Comment


              • #8
                Download TDSSKiller en plaats het op je bureaublad.
                • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
                • Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
                • Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
                • Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
                • Start nu TDSSkiller opnieuw.
                • Klik in het licentiescherm op "Accept" om door te gaan.
                • Vervolgens krijgt u het scherm te zien van het "Kaspersky Security Network Statement" klik hier eveneens op "Accept".
                • Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
                • Klik op "OK".
                • Klik op de knop "Start Scan" en volg de instructies.
                  • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
                  • Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Hier is de log van TDSS.

                  TDSSKiller.3.0.0.19_03.01.2014_13.22.30_log.txt

                  De TDSS scan gaf aan dat er 0 gevaren waren gevonden. Dit vind ik zelf enigszins apart.

                  Comment


                  • #10
                    Ik niet
                    Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
                    Klik hier voor een uitgebreide handleiding van HitmanPro.

                    HitmanPro uitvoeren
                    • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
                    • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
                    • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
                    • Als de scan klaar is klik je op "volgende"
                    • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
                    • U dient de gratis licentie middels uw e-mailadres te activeren, klik vervolgens op "Activeren".
                    • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
                    • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
                      Post dit logje.
                    • Klik nu op de knop "Herstarten".


                    HitmanPro logbestand plaatsen[list][*] Voeg het logbestand met de naam "HitmanPro_20131015_1056" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in HitmanPro onder het tabblad geschiedenis > logbestanden)

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Oh haha, dan zal het wel kloppen.

                      Hier de log van HitmanPro
                      HitmanPro_20140103_1609.txt

                      De scan had geen schadelijke software gevonden, dus de stappen van de licentie activeren werden automatisch overgeslagen. Het scherm ging na het scannen meteen naar het scherm waarbij je het logbestand kan opslaan.

                      McAfee scant nog steeds een rootkit. Ik blijf dit maar voor de zekerheid melden, aangezien ik geen idee heb wanneer de rootkit weg hoort te zijn.

                      Comment


                      • #12
                        Ik denk dat Mcafee een valse positieve heeft, volgens mijn onderzoek met de gebruikte tools besluit ik dan er geen rootkits aanwezig zijn.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Is er een manier om dat in McAfee aan te kunnen passen?

                          In ieder geval bedankt voor je hulp en goed om te horen dat er geen rootkits aanwezig zijn.

                          Comment


                          • #14
                            Is het te doen om die gevonden items op negeren te zetten?

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Nee, want McAfee vind niets. Bij 98% geeft de snelle scan een paar keer aan dat het rootkit aan het scannen is, en gaat dan weer (veel sneller) iets anders scannen. Dan gaat het de rootkit weer scannen (nog steeds bij 98%). Daar blijft de scan een aantal minuten mee bezig en is daarna klaar met scannen en geeft dan aan dat er niks (schadelijks) is gevonden tijdens de scan.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X