Mededeling

Collapse
No announcement yet.

Windows verkenner crasht voortdurend

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Windows verkenner crasht voortdurend

    Omdat mijn pc traag opstartte en slecht afsloot plaatste ik een vraag in Windows 7:
    http://www.nucia.eu/forum/threads/71...t-niet-goed-af

    Na veel getob kreeg ik van Dorado en Emphyrio het advies om hierheen te gaan, als laatste mogelijkheid voordat ik een schone installatie moet uitvoeren.
    Omdat Kladblok ook steeds crasht hoop ik wel, dat ik de bestanden hier kan plaatsen.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.02.23.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Ellen :: ELLEN-HP [administrator]

    23-2-2014 11:50:13
    MBAM-log-2014-02-23 (11-55-00).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 219599
    Verstreken tijd: 4 minuut/minuten, 21 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\$RECYCLE.BIN\S-1-5-21-3830738549-3398929584-3822463750-1001\$R44U2GX.exe (PUP.Optional.Softonic.A) -> Geen actie ondernomen.

    (einde)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518
    Run by Ellen at 11:29:15 on 2014-02-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6125.4250 [GMT 1:00]
    .
    AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    c:\program files\soluto\soluto.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Soluto\SolutoLauncherService.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\SpywareGuard\sgmain.exe
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\SpywareGuard\sgbhp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\WhatPulse2\whatpulse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/webhp?complete=0
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyServer = :0
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    uRun: [whatpulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
    mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{BCAC6B5F-5A44-491B-B967-08FF0FEF950D} : DHCPNameServer = 62.179.104.196 213.46.228.196
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 0.0.0.0 fr.a2dfp.net
    Hosts: 0.0.0.0 m.fr.a2dfp.net
    Hosts: 0.0.0.0 mfr.a2dfp.net
    Hosts: 0.0.0.0 ad.a8.net
    Hosts: 0.0.0.0 asy.a8ww.net
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\
    FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?complete=0
    FF - prefs.js: keyword.URL -
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie32.dll
    FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie64.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-3-21 280656]
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-21 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-21 40064]
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-7-19 560408]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2011-7-19 23320]
    R0 iaStorS;iaStorS;C:\Windows\System32\drivers\iaStorS.sys [2011-7-19 630552]
    R0 megasas2;megasas2;C:\Windows\System32\drivers\megasas2.sys [2011-5-11 51280]
    R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-3 54728]
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-10-14 26176]
    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-10-14 45208]
    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-10-14 17384]
    R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-10-14 4163584]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-6-23 182848]
    R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-6-23 763968]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-10-14 70960]
    R3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-3 235520]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-3 95248]
    R3 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-14 57024]
    R3 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
    R3 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-3 128280]
    R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-3 2431792]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-3 363800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-23 5087584]
    S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-5-25 87168]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-5-25 188544]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-3 57840]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-1-10 1512640]
    S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-6 227904]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 HDDHealth;HDDHealth;C:\Program Files (x86)\HDD Health\HDDHealthService.exe [2014-1-4 17760]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-21 111616]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-21 78848]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-21 180224]
    S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-3 1128952]
    S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-5-3 31152]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
    S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-6-23 1671680]
    S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-5-17 131656]
    S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-5-17 399944]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
    S3 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-18 84080]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-18 1255736]
    .
    =============== File Associations ===============
    .
    ShellExec: PhotoPls.exe: open=C:\PROGRA~2\Serif\PHOTOP~1\1.0\Program\PHOTOP~1.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2014-02-22 16:38:22 -------- d-----w- C:\Windows\en
    2014-02-22 16:33:05 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c333070b1cf2feb01\onedrivesetup.exe
    2014-02-22 16:27:34 28160 ----a-w- C:\Windows\System32\fdWNet.dll
    2014-02-22 16:27:33 24576 ----a-w- C:\Windows\SysWow64\fdWNet.dll
    2014-02-22 01:32:29 -------- d-----w- C:\ProgramData\LSI
    2014-02-21 18:30:05 -------- d-----w- C:\Users\Ellen\AppData\Local\Innovative Solutions
    2014-02-21 18:28:37 -------- d--h--w- C:\ProgramData\Common Files
    2014-02-21 17:15:10 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0692A050-E78F-46FD-9260-3C236481AEBE}\mpengine.dll
    2014-02-21 17:02:08 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2014-02-08 18:50:46 -------- d-----w- C:\ProgramData\BlueStacks
    2014-02-02 18:16:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2014-02-02 18:16:46 -------- d-----w- C:\Program Files (x86)\VisiPics
    2014-02-02 16:07:18 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DSETUP.dll
    2014-02-02 16:07:18 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DXSETUP.exe
    2014-02-02 16:07:18 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\dsetup32.dll
    2014-02-02 16:07:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DXSETUP.exe
    2014-02-02 16:07:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\dsetup32.dll
    2014-02-02 16:07:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DSETUP.dll
    2014-02-02 16:06:58 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DSETUP.dll
    2014-02-02 16:06:58 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DXSETUP.exe
    2014-02-02 16:06:58 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\dsetup32.dll
    2014-02-02 15:52:00 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools
    2014-01-24 18:43:42 -------- d-----w- C:\Program Files\Q-Dir
    2014-01-24 18:43:00 -------- d-----w- C:\Users\Ellen\AppData\Roaming\Q-Dir
    2014-01-24 18:11:05 -------- d-----w- C:\Users\Ellen\AppData\Local\Skype
    2014-01-24 18:10:56 -------- d-----r- C:\Program Files (x86)\Skype
    .
    ==================== Find3M ====================
    .
    2014-02-21 18:13:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-21 18:13:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-01-14 20:56:33 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-01-10 12:40:12 58560 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2014-01-10 12:31:32 322240 ----a-w- C:\Windows\WLXPGSS.SCR
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-06 15:53:57 49940480 ----a-w- C:\Program Files (x86)\GUT2F0C.tmp
    2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    .
    ============= FINISH: 11:29:37,03 ===============
    Ellen

    "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

  • #2
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-02-23 11:47:53
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MN5O 1397,27GB
    Running: ygot5lcn.exe; Driver: C:\Users\Ellen\AppData\Local\Temp\pgtiapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fbe000 14 bytes [48, 83, C4, 30, 41, 5F, 41, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 923 fffff80002fbe18b 52 bytes [80, B9, 6C, 02, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
    .text ... * 2
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
    .text c:\program files\soluto\soluto.exe[1828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes [B5, 6F, 06]
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
    .text C:\Windows\system32\Dwm.exe[1836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes CALL 9000027
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes CALL 9000027
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007feec735cd0 6 bytes {JMP QWORD [RIP+0x19aa360]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\msi.dll!MsiInstallProductA 000007feec7b0f20 6 bytes {JMP QWORD [RIP+0x18ef110]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\msi.dll!MsiInstallProductW 000007feec7bfaa8 6 bytes {JMP QWORD [RIP+0x1900588]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007feef5e7b34 6 bytes {JMP QWORD [RIP+0xa84fc]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007feef5f03c0 6 bytes JMP 0
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefe5f3030 6 bytes {JMP QWORD [RIP+0x62d000]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefe5f45c1 5 bytes {JMP QWORD [RIP+0x5eba70]}
    .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\WS2_32.dll!listen 000007fefe5f8290 6 bytes {JMP QWORD [RIP+0x607da0]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes [B5, 6F, 06]
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeca55c8 6 bytes JMP 0
    .text C:\Windows\system32\taskhost.exe[1240] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefecbb85c 6 bytes {JMP QWORD [RIP+0xc47d4]}
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 7181000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 7181000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 717b000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 717b000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 717e000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 717e000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7187000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7187000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 7184000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 7184000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7178000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7178000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 7175000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 7175000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 7196000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7190000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 7193000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 7199000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 719c000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 719c000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71a2000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 719f000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 718a000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 718d000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007604575a 6 bytes JMP 71a5000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\WS2_32.dll!connect 0000000076046bdd 6 bytes JMP 71ab000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\WS2_32.dll!listen 000000007604b001 6 bytes JMP 71a8000a
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
    .text C:\Program Files (x86)\SpywareGuard\sgmain.exe[3664] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes [89, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes [83, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes [86, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes [8F, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes [8C, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes [80, 71]
    .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes {CALL QWORD [RIP+0x71af000a]}
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
    .text C:\Program Files (x86)\SpywareGuard\sgbhp.exe[3872] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
    Ellen

    "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

    Comment


    • #3
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
      .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 7184000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 7184000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 717e000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 717e000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7181000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7181000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 718a000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 718a000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 7187000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 7187000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 717b000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 717b000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 7178000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 7178000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 7199000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7193000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 7196000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 719c000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 719f000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 719f000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71a5000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a2000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 718d000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7190000a
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes [B5, 6F, 06]
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007feef5e7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
      .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3672] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007feef5f03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe[4248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe[4248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\ws2_32.dll!WSALookupServiceBeginW 000000007604575a 6 bytes JMP 7175000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\ws2_32.dll!connect 0000000076046bdd 6 bytes JMP 717b000a
      .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe[4452] C:\Windows\syswow64\ws2_32.dll!listen 000000007604b001 6 bytes JMP 7178000a
      .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
      .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
      .text ... * 2
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
      .text C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe[4696] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
      .text C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe[2460] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 7184000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 7184000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 717e000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 717e000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7181000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7181000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 718a000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 718a000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 7187000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 7187000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 717b000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 717b000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 7178000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 7178000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 7199000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7193000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 7196000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 719c000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 719f000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 719f000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71a5000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a2000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 718d000a
      .text C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7190000a
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b71510 6 bytes {JMP QWORD [RIP+0x85ceb20]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b715e0 6 bytes {JMP QWORD [RIP+0x860ea50]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b71800 6 bytes {JMP QWORD [RIP+0x85ee830]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b718b0 6 bytes {JMP QWORD [RIP+0x858e780]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077b71e40 6 bytes {JMP QWORD [RIP+0x85ae1f0]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b727e0 6 bytes {JMP QWORD [RIP+0x862d850]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007791e750 6 bytes {JMP QWORD [RIP+0x88a18e0]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefdc89055 3 bytes [B5, 6F, 06]
      .text C:\Windows\splwow64.exe[4328] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007feef5e7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
      .text C:\Windows\splwow64.exe[4328] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007feef5f03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
      .text C:\Program Files (x86)\WhatPulse2\whatpulse.exe[1276] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
      .text C:\Program Files (x86)\WhatPulse2\whatpulse.exe[1276] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
      .text ... * 2
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d1fc20 3 bytes JMP 718a000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000077d1fc24 2 bytes JMP 718a000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d1fd64 3 bytes JMP 7184000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d1fd68 2 bytes JMP 7184000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d200b4 3 bytes JMP 7187000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d200b8 2 bytes JMP 7187000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d201c4 3 bytes JMP 7190000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077d201c8 2 bytes JMP 7190000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077d20a44 3 bytes JMP 718d000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077d20a48 2 bytes JMP 718d000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d21920 3 bytes JMP 7181000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077d21924 2 bytes JMP 7181000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075e93b93 3 bytes JMP 717e000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075e93b97 2 bytes JMP 717e000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075e02c91 4 bytes CALL 71af0000
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075879679 6 bytes JMP 719f000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758812a5 6 bytes JMP 7199000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075883baa 6 bytes JMP 719c000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007588612e 6 bytes JMP 71a2000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!SendInput 000000007589ff4a 3 bytes JMP 71a5000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007589ff4e 2 bytes JMP 71a5000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758d027b 6 bytes JMP 71ab000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758d02bf 6 bytes JMP 71a8000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000757a70c4 6 bytes JMP 7193000a
      .text C:\Users\Ellen\Desktop\ygot5lcn.exe[1864] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c3264 6 bytes JMP 7196000a

      ---- Threads - GMER 2.1 ----

      Thread C:\Windows\System32\svchost.exe [3732:4756] 000007fee5b39688

      ---- Registry - GMER 2.1 ----

      Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}\[email protected] isatap.{F3E97A27-E78D-4EB9-A379-420AF71A26D6}
      Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{440ABF1F-19CA-4647-85FF-04856542AF56}?\Device\{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}?\Device\{9FF2CDB6-7C7F-4C6D-8A2B-6468B1C85E6C}?\Device\{42869324-FD06-483C-A736-7F90B9A8F329}?\Device\{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}?
      Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{440ABF1F-19CA-4647-85FF-04856542AF56}"?"{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}"?"{9FF2CDB6-7C7F-4C6D-8A2B-6468B1C85E6C}"?"{42869324-FD06-483C-A736-7F90B9A8F329}"?"{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}"?
      Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{440ABF1F-19CA-4647-85FF-04856542AF56}?\Device\TCPIP6TUNNEL_{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}?\Device\TCPIP6TUNNEL_{9FF2CDB6-7C7F-4C6D-8A2B-6468B1C85E6C}?\Device\TCPIP6TUNNEL_{42869324-FD06-483C-A736-7F90B9A8F329}?\Device\TCPIP6TUNNEL_{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}?
      Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}@InterfaceName isatap.{F3E97A27-E78D-4EB9-A379-420AF71A26D6}
      Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D4F3DDF1-5BB8-46D9-9DF7-C40A36466480}@ReusableType 0
      Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\[email protected] 58453
      Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\[email protected] 2001:0:5ef5:79fd:14bc:1baa:afc6:8c52
      Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 39978
      Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 13774

      ---- EOF - GMER 2.1 ----
      Ellen

      "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

      Comment


      • #4
        Bedankt, Patrick. De tweede helft van het GMER log kwam er nog aan.
        Ik ga verder aan de slag.
        Ellen

        "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

        Comment


        • #5
          Hoi Ellen ,

          Ik heb deze achter je tweede Gmer log gezet. Staat anders zo raar

          Stap 1:

          Malware scannen en verwijderen....

          Start MBAM.
          Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
          • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
          • Ga naar het tabblad "Updates" en Update MBAM.
          • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
          • Druk vervolgens op "Scannen" om de scan te starten.
          • Het scannen kan een tijdje duren, dus wees geduldig.
          • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
          • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
          • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

          Indien MBAM vraagt om een herstart, doe dit dan ook.
          Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
          In dat geval post je dus de twee logs.

          De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


          Bij problemen!!!

          .___________________________________________________________

          Stap 2:

          Controle op slechte toolbars...

          Download AdwCleaner by Xplode naar je Bureaublad.
          • Sluit alle openstaande vensters
          • Start AdwCleaner
          • Klik op Scan
          • Klik op Clean
          • KLIK HIER voor een vergroting! 

          Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
          Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner\AdwCleaner[xx].txt post de inhoud hier op het Forum.

          Enkel de log na de "clean" optie heb ik nodig.

          Vergeet niet om je "smileys" uit te schakelen.

          Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com
          ___________________________________________________________

          Stap 3:

          Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


          DDS is een diagnosetool en maakt gebruik van scripts.
          Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


          Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
          Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
          Beide logfiles sla je op je bureaublad.

          Post de inhoud van DDS.txt.

          De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


          ___________________________________________________________

          Stap 4:

          Download Security Check op je bureaublad via hier of hier

          Start Security Check
          Volg de Instructies in het scherm
          Aan het eind verschijnt een log ( checkup.txt )
          Plaats de inhoud ervan in je volgende antwoord.


          In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
          .
          • MBAM
          • AdwCleaner
          • DDS
          • checkup.txt

          .
          Deze logs NIET als bijlage of tussen codetags posten aub.
          (Desnoods in meerdere postingen.)

          Emphyrio
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
            Hoi Ellen ,
            Ik heb deze achter je tweede Gmer log gezet. Staat anders zo raar
            Ja, ik mag niet zo'n grote post plaatsen...

            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2014.02.23.04

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.16518
            Ellen :: ELLEN-HP [administrator]

            23-2-2014 14:13:02
            mbam-log-2014-02-23 (14-13-02).txt

            Scan type: Volledige scan (C:\|D:\|)
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 436233
            Verstreken tijd: 54 minuut/minuten, 29 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 2
            C:\$RECYCLE.BIN\S-1-5-21-3830738549-3398929584-3822463750-1001\$R44U2GX.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
            C:\Oude HD xp\My Documents\WhatPulse-Install.exe (PUP.Optional.Miner) -> Succesvol in quarantaine geplaatst en verwijderd.

            (einde)




            # AdwCleaner v3.019 - Report created 23/02/2014 at 15:18:25
            # Updated 17/02/2014 by Xplode
            # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
            # Username : Ellen - ELLEN-HP
            # Running from : C:\Users\Ellen\Desktop\adwcleaner.exe
            # Option : Clean

            ***** [ Services ] *****


            ***** [ Files / Folders ] *****


            ***** [ Shortcuts ] *****


            ***** [ Registry ] *****


            ***** [ Browsers ] *****

            -\\ Internet Explorer v11.0.9600.16518


            -\\ Mozilla Firefox v27.0.1 (nl)

            [ File : C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\prefs.js ]


            *************************

            AdwCleaner[R0].txt - [8119 octets] - [01/12/2013 22:02:55]
            AdwCleaner[R1].txt - [1801 octets] - [23/02/2014 12:49:07]
            AdwCleaner[R2].txt - [1010 octets] - [23/02/2014 15:17:47]
            AdwCleaner[S0].txt - [7953 octets] - [01/12/2013 22:04:06]
            AdwCleaner[S1].txt - [1888 octets] - [23/02/2014 12:53:11]
            AdwCleaner[S2].txt - [933 octets] - [23/02/2014 15:18:25]

            ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [992 octets] ##########

            DDS in post 1.


            Results of screen317's Security Check version 0.99.79
            Windows 7 Service Pack 1 x64 (UAC is enabled)
            Internet Explorer 11
            ``````````````Antivirus/Firewall Check:``````````````
            Emsisoft Anti-Malware
            Antivirus up to date!
            `````````Anti-malware/Other Utilities Check:`````````
            MVPS Hosts File
            SpywareBlaster 5.0
            SpywareGuard v2.2
            Secunia PSI (3.0.0.7011)
            Adobe Flash Player 12.0.0.70 Flash Player out of Date!
            Adobe Reader XI
            Mozilla Firefox (27.0.1)
            Mozilla Thunderbird (24.3.0)
            ````````Process Check: objlist.exe by Laurent````````
            Emsisoft Anti-Malware a2service.exe
            Emsisoft Anti-Malware a2guard.exe
            CheckPoint ZoneAlarm vsmon.exe
            CheckPoint ZoneAlarm ZAPrivacyService.exe
            CheckPoint ZoneAlarm zatray.exe
            `````````````````System Health check`````````````````
            Total Fragmentation on Drive C: 3%
            ````````````````````End of Log``````````````````````
            Last edited by Tom Poes; 23-02-14, 16:46.
            Ellen

            "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

            Comment


            • #7
              Mag ik een verse DDS log, Ellen?
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 11.0.9600.16518
                Run by Ellen at 19:16:35 on 2014-02-23
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6125.3858 [GMT 1:00]
                .
                AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
                SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
                FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
                C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
                c:\program files\soluto\soluto.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\Explorer.EXE
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\taskeng.exe
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Windows\system32\taskhost.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                C:\Program Files (x86)\Secunia\PSI\psia.exe
                C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                C:\Program Files\Soluto\SolutoLauncherService.exe
                C:\Program Files\Soluto\SolutoService.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
                C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                C:\Program Files (x86)\Secunia\PSI\sua.exe
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Windows\servicing\TrustedInstaller.exe
                C:\Windows\System32\WUDFHost.exe
                C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
                C:\Program Files (x86)\WhatPulse2\whatpulse.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files (x86)\Skype\Phone\Skype.exe
                C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
                C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
                C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
                C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
                C:\Program Files (x86)\SpywareGuard\sgmain.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Program Files (x86)\SpywareGuard\sgbhp.exe
                C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                C:\Windows\System32\svchost.exe -k secsvcs
                C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                C:\Windows\system32\atiesrxx.exe
                C:\Windows\system32\atieclxx.exe
                C:\Windows\system32\svchost.exe -k SDRSVC
                C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
                C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
                C:\Windows\SysWOW64\ezSharedSvcHost.exe
                C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
                C:\Windows\system32\rundll32.exe
                C:\Windows\system32\vssvc.exe
                C:\Windows\System32\svchost.exe -k swprv
                C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
                c:\Program Files\Intel\iCLS Client\HeciServer.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
                C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                C:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
                C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
                C:\Windows\splwow64.exe
                C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
                C:\Windows\system32\wbengine.exe
                C:\Windows\System32\vds.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = hxxps://www.google.com/webhp?complete=0
                uSearch Bar = hxxp://www.google.com/ie
                uSearch Page = hxxp://www.google.com
                uDefault_Search_URL = hxxp://www.google.com/ie
                uProxyServer = :0
                uSearchAssistant = hxxp://www.google.com/ie
                uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                mWinlogon: Userinit = userinit.exe,
                BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
                BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
                BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
                uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
                uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
                uRun: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
                mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
                mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
                mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
                StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
                StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
                uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
                mPolicies-Explorer: NoActiveDesktop = dword:1
                mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                mPolicies-Explorer: EnableShellExecuteHooks = dword:1
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableUIADesktopToggle = dword:0
                IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
                IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
                IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                .
                INFO: HKCU has more than 50 listed domains.
                If you wish to scan all of them, select the 'Force scan all domains' option.
                .
                .
                INFO: HKLM has more than 50 listed domains.
                If you wish to scan all of them, select the 'Force scan all domains' option.
                .
                TCP: NameServer = 62.179.104.196 213.46.228.196
                TCP: Interfaces\{BCAC6B5F-5A44-491B-B967-08FF0FEF950D} : DHCPNameServer = 62.179.104.196 213.46.228.196
                Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
                SSODL: WebCheck - <orphaned>
                SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
                SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
                mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
                x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
                x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
                x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                .
                INFO: x64-HKLM has more than 50 listed domains.
                If you wish to scan all of them, select the 'Force scan all domains' option.
                .
                x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                x64-SSODL: WebCheck - <orphaned>
                Hosts: 0.0.0.0 fr.a2dfp.net
                Hosts: 0.0.0.0 m.fr.a2dfp.net
                Hosts: 0.0.0.0 mfr.a2dfp.net
                Hosts: 0.0.0.0 ad.a8.net
                Hosts: 0.0.0.0 asy.a8ww.net
                .
                Note: multiple HOSTS entries found. Please refer to Attach.txt
                .
                ================= FIREFOX ===================
                .
                FF - ProfilePath - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\
                FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
                FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?complete=0
                FF - prefs.js: keyword.URL -
                FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
                FF - plugin: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
                FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
                FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
                FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
                FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
                FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
                FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
                FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
                FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie32.dll
                FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie64.dll
                FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
                FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
                FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
                FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
                FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-3-21 280656]
                R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-21 79488]
                R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-21 40064]
                R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-7-19 560408]
                R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2011-7-19 23320]
                R0 iaStorS;iaStorS;C:\Windows\System32\drivers\iaStorS.sys [2011-7-19 630552]
                R0 megasas2;megasas2;C:\Windows\System32\drivers\megasas2.sys [2011-5-11 51280]
                R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-3 54728]
                R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-10-14 26176]
                R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-10-14 45208]
                R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-10-14 17384]
                R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-10-14 4163584]
                R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
                R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
                R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
                R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
                R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-6-23 182848]
                R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-6-23 763968]
                R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-23 5087584]
                R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
                R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-10-14 70960]
                R3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-3 235520]
                R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-3 95248]
                R3 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
                R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-14 57024]
                R3 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
                R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                R3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
                R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
                R3 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-3 128280]
                R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
                R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-3 2431792]
                R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
                R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
                R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
                R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
                R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
                R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
                R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
                R3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
                R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-3 363800]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-5-25 87168]
                S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-5-25 188544]
                S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
                S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-3 57840]
                S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-1-10 1512640]
                S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-6 227904]
                S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
                S3 HDDHealth;HDDHealth;C:\Program Files (x86)\HDD Health\HDDHealthService.exe [2014-1-4 17760]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-21 111616]
                S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
                S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
                S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-21 78848]
                S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-21 180224]
                S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-3 1128952]
                S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-5-3 31152]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
                S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-6-23 1671680]
                S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-5-17 131656]
                S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-5-17 399944]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
                S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
                S3 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-18 84080]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-18 1255736]
                .
                =============== File Associations ===============
                .
                ShellExec: PhotoPls.exe: open=C:\PROGRA~2\Serif\PHOTOP~1\1.0\Program\PHOTOP~1.EXE "%1"
                .
                =============== Created Last 30 ================
                .
                2014-02-22 16:38:22 -------- d-----w- C:\Windows\en
                2014-02-22 16:33:05 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c333070b1cf2feb01\onedrivesetup.exe
                2014-02-22 16:27:34 28160 ----a-w- C:\Windows\System32\fdWNet.dll
                2014-02-22 16:27:33 24576 ----a-w- C:\Windows\SysWow64\fdWNet.dll
                2014-02-22 01:32:29 -------- d-----w- C:\ProgramData\LSI
                2014-02-21 18:30:05 -------- d-----w- C:\Users\Ellen\AppData\Local\Innovative Solutions
                2014-02-21 18:28:37 -------- d--h--w- C:\ProgramData\Common Files
                2014-02-21 17:15:10 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0692A050-E78F-46FD-9260-3C236481AEBE}\mpengine.dll
                2014-02-21 17:02:08 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
                2014-02-08 18:50:46 -------- d-----w- C:\ProgramData\BlueStacks
                2014-02-02 18:16:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
                2014-02-02 18:16:46 -------- d-----w- C:\Program Files (x86)\VisiPics
                2014-02-02 16:07:18 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DSETUP.dll
                2014-02-02 16:07:18 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DXSETUP.exe
                2014-02-02 16:07:18 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\dsetup32.dll
                2014-02-02 16:07:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DXSETUP.exe
                2014-02-02 16:07:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\dsetup32.dll
                2014-02-02 16:07:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DSETUP.dll
                2014-02-02 16:06:58 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DSETUP.dll
                2014-02-02 16:06:58 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DXSETUP.exe
                2014-02-02 16:06:58 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\dsetup32.dll
                2014-02-02 15:52:00 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools
                2014-01-24 18:43:42 -------- d-----w- C:\Program Files\Q-Dir
                2014-01-24 18:43:00 -------- d-----w- C:\Users\Ellen\AppData\Roaming\Q-Dir
                .
                ==================== Find3M ====================
                .
                2014-02-21 18:13:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-02-21 18:13:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
                2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
                2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
                2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                2014-01-14 20:56:33 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                2014-01-10 12:40:12 58560 ----a-w- C:\Windows\SysWow64\sirenacm.dll
                2014-01-10 12:31:32 322240 ----a-w- C:\Windows\WLXPGSS.SCR
                2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
                2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
                2013-12-06 15:53:57 49940480 ----a-w- C:\Program Files (x86)\GUT2F0C.tmp
                2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
                2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
                2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
                2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
                2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
                2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
                2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
                2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
                2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
                2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
                2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
                2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
                2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
                2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
                2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
                2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
                2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
                2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
                2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
                2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
                2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
                2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
                2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
                2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
                2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
                2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
                2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
                2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
                2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
                2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
                2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
                2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
                .
                ============= FINISH: 19:17:43,13 ===============
                Ellen

                "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

                Comment


                • #9
                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                  • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



                  Download Combofix naar je bureaublad.

                  Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                  Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                  Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                  Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                  Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                  Als Combofix vraagt om een update, dan staat je dit toe.

                  Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                  Deze kan je vinden als C:\combofix.txt.

                  Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                  * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                  • Illegal operation attempted on a registry key that has been marked for deletion.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Ccleaner wordt niet geopend helaas. Foutmelding: "Kan de toepassing niet correct starten. (0x0000005)"
                    En ik kan niet bij het logje van Combofix komen, omdat zich dat in C:\ bevindt. Stond het maar op het bureaublad, zoals de andere logs, daar kan ik wel bij.

                    Ik heb wel een nieuw DDS logje:

                    DDS (Ver_2012-11-20.01) - NTFS_AMD64
                    Internet Explorer: 11.0.9600.16518
                    Run by Ellen at 21:32:37 on 2014-02-23
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6125.3986 [GMT 1:00]
                    .
                    AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
                    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
                    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
                    .
                    ============== Running Processes ===============
                    .
                    C:\Windows\system32\lsm.exe
                    C:\Windows\system32\svchost.exe -k DcomLaunch
                    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
                    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                    C:\Windows\system32\svchost.exe -k RPCSS
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    C:\Windows\system32\svchost.exe -k LocalService
                    C:\Windows\system32\svchost.exe -k netsvcs
                    C:\Windows\system32\svchost.exe -k GPSvcGroup
                    C:\Windows\system32\svchost.exe -k NetworkService
                    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
                    C:\Windows\System32\spoolsv.exe
                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                    C:\Windows\system32\taskhost.exe
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    c:\program files\soluto\soluto.exe
                    C:\Windows\system32\Dwm.exe
                    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                    C:\Program Files (x86)\Secunia\PSI\psia.exe
                    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                    C:\Program Files\Soluto\SolutoLauncherService.exe
                    C:\Windows\system32\svchost.exe -k imgsvc
                    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
                    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                    C:\Program Files (x86)\Secunia\PSI\sua.exe
                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                    C:\Windows\System32\WUDFHost.exe
                    C:\Program Files (x86)\Skype\Phone\Skype.exe
                    C:\Program Files (x86)\WhatPulse2\whatpulse.exe
                    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
                    C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
                    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
                    C:\Windows\system32\SearchIndexer.exe
                    C:\Program Files (x86)\SpywareGuard\sgmain.exe
                    C:\Program Files (x86)\SpywareGuard\sgbhp.exe
                    C:\Program Files\Windows Media Player\wmpnetwk.exe
                    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                    C:\Windows\System32\svchost.exe -k secsvcs
                    C:\Windows\system32\svchost.exe -k SDRSVC
                    C:\Windows\System32\svchost.exe -k WerSvcGroup
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\Explorer.exe
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Windows\System32\cscript.exe
                    .
                    ============== Pseudo HJT Report ===============
                    .
                    uStart Page = hxxps://www.google.com/webhp?complete=0
                    uSearch Bar = hxxp://www.google.com/ie
                    uSearch Page = hxxp://www.google.com
                    uDefault_Search_URL = hxxp://www.google.com/ie
                    uProxyServer = :0
                    uSearchAssistant = hxxp://www.google.com/ie
                    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
                    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
                    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                    TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
                    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
                    uRun: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
                    mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
                    mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
                    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                    StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
                    StartupFolder: C:\Users\Ellen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
                    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
                    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
                    uPolicies-Explorer: NoDrives = dword:0
                    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
                    mPolicies-Explorer: NoDrives = dword:0
                    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                    mPolicies-System: ConsentPromptBehaviorUser = dword:3
                    mPolicies-System: EnableUIADesktopToggle = dword:0
                    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
                    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
                    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                    .
                    INFO: HKCU has more than 50 listed domains.
                    If you wish to scan all of them, select the 'Force scan all domains' option.
                    .
                    .
                    INFO: HKLM has more than 50 listed domains.
                    If you wish to scan all of them, select the 'Force scan all domains' option.
                    .
                    TCP: NameServer = 62.179.104.196 213.46.228.196
                    TCP: Interfaces\{BCAC6B5F-5A44-491B-B967-08FF0FEF950D} : DHCPNameServer = 62.179.104.196 213.46.228.196
                    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                    SSODL: WebCheck - <orphaned>
                    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
                    SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
                    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
                    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                    .
                    INFO: x64-HKLM has more than 50 listed domains.
                    If you wish to scan all of them, select the 'Force scan all domains' option.
                    .
                    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                    x64-SSODL: WebCheck - <orphaned>
                    .
                    ================= FIREFOX ===================
                    .
                    FF - ProfilePath - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\
                    FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
                    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?complete=0
                    FF - prefs.js: keyword.URL -
                    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
                    FF - plugin: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
                    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
                    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
                    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
                    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
                    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
                    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
                    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
                    FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie32.dll
                    FF - plugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\amk9flsm.default\extensions\[email protected] g\plugins\npfireie64.dll
                    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
                    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
                    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
                    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
                    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                    .
                    ============= SERVICES / DRIVERS ===============
                    .
                    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-3-21 280656]
                    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-21 79488]
                    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-21 40064]
                    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-7-19 560408]
                    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2011-7-19 23320]
                    R0 iaStorS;iaStorS;C:\Windows\System32\drivers\iaStorS.sys [2011-7-19 630552]
                    R0 megasas2;megasas2;C:\Windows\System32\drivers\megasas2.sys [2011-5-11 51280]
                    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-10-14 26176]
                    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-10-14 45208]
                    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-10-14 17384]
                    R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-10-14 4163584]
                    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
                    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
                    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
                    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
                    R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-6-23 182848]
                    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-23 5087584]
                    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
                    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-10-14 70960]
                    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-3 95248]
                    R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-14 57024]
                    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-3 2431792]
                    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
                    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
                    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
                    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
                    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
                    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
                    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
                    S0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-3 54728]
                    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                    S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-6-23 763968]
                    S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-3 235520]
                    S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-5-25 87168]
                    S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-5-25 188544]
                    S3 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
                    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
                    S3 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
                    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-3 57840]
                    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-1-10 1512640]
                    S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-6 227904]
                    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
                    S3 HDDHealth;HDDHealth;C:\Program Files (x86)\HDD Health\HDDHealthService.exe [2014-1-4 17760]
                    S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                    S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
                    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-21 111616]
                    S3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
                    S3 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-3 128280]
                    S3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
                    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
                    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
                    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-21 78848]
                    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-21 180224]
                    S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-3 1128952]
                    S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-5-3 31152]
                    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
                    S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-6-23 1671680]
                    S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-5-17 131656]
                    S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-5-17 399944]
                    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
                    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
                    S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
                    S3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-3 363800]
                    S3 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-18 84080]
                    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-18 1255736]
                    .
                    =============== File Associations ===============
                    .
                    ShellExec: PhotoPls.exe: open=C:\PROGRA~2\Serif\PHOTOP~1\1.0\Program\PHOTOP~1.EXE "%1"
                    .
                    =============== Created Last 30 ================
                    .
                    2014-02-23 20:29:02 -------- d-sh--w- C:\$RECYCLE.BIN
                    2014-02-23 20:18:23 98816 ----a-w- C:\Windows\sed.exe
                    2014-02-23 20:18:23 256000 ----a-w- C:\Windows\PEV.exe
                    2014-02-23 20:18:23 208896 ----a-w- C:\Windows\MBR.exe
                    2014-02-22 16:38:22 -------- d-----w- C:\Windows\en
                    2014-02-22 16:33:05 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c333070b1cf2feb01\onedrivesetup.exe
                    2014-02-22 16:27:34 28160 ----a-w- C:\Windows\System32\fdWNet.dll
                    2014-02-22 16:27:33 24576 ----a-w- C:\Windows\SysWow64\fdWNet.dll
                    2014-02-22 01:32:29 -------- d-----w- C:\ProgramData\LSI
                    2014-02-21 18:30:05 -------- d-----w- C:\Users\Ellen\AppData\Local\Innovative Solutions
                    2014-02-21 18:28:37 -------- d--h--w- C:\ProgramData\Common Files
                    2014-02-21 17:15:10 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0692A050-E78F-46FD-9260-3C236481AEBE}\mpengine.dll
                    2014-02-21 17:02:08 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
                    2014-02-08 18:50:46 -------- d-----w- C:\ProgramData\BlueStacks
                    2014-02-02 18:16:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
                    2014-02-02 18:16:46 -------- d-----w- C:\Program Files (x86)\VisiPics
                    2014-02-02 16:07:18 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DSETUP.dll
                    2014-02-02 16:07:18 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\DXSETUP.exe
                    2014-02-02 16:07:18 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d70446231cf203004\dsetup32.dll
                    2014-02-02 16:07:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DXSETUP.exe
                    2014-02-02 16:07:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\dsetup32.dll
                    2014-02-02 16:07:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c3569d1cf203003\DSETUP.dll
                    2014-02-02 16:06:58 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DSETUP.dll
                    2014-02-02 16:06:58 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\DXSETUP.exe
                    2014-02-02 16:06:58 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ccc633251cf203001\dsetup32.dll
                    2014-02-02 15:52:00 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools
                    .
                    ==================== Find3M ====================
                    .
                    2014-02-21 18:13:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                    2014-02-21 18:13:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
                    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
                    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
                    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
                    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
                    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                    2014-01-14 20:56:33 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                    2014-01-10 12:40:12 58560 ----a-w- C:\Windows\SysWow64\sirenacm.dll
                    2014-01-10 12:31:32 322240 ----a-w- C:\Windows\WLXPGSS.SCR
                    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                    2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
                    2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                    2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
                    2013-12-06 15:53:57 49940480 ----a-w- C:\Program Files (x86)\GUT2F0C.tmp
                    2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
                    2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
                    2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
                    2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
                    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
                    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
                    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
                    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
                    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
                    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
                    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
                    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
                    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
                    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
                    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
                    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
                    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
                    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
                    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
                    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
                    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
                    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
                    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
                    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
                    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
                    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
                    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
                    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
                    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
                    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
                    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
                    2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
                    .
                    ============= FINISH: 21:32:49,78 ===============
                    Last edited by Tom Poes; 23-02-14, 20:41.
                    Ellen

                    "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

                    Comment


                    • #11
                      ALs je Combofix runt, wordt een log gepresenteerd, Ellen. Kan je dat niet kopie en paste in je posting?
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Dat log staat in C:\, Patrick. Ik kan Deze Computer niet openen, dus niet bij C:\ komen.
                        Als ik het icoontje aanklik verdwijnen even alle iconen van het bureaublad, daarna komen ze weer terug en er gebeurt verder niets.
                        Lukt ook niet via Start--> Computer--> Openen.
                        Ellen

                        "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

                        Comment


                        • #13
                          Dat had ik begrepen, Ellen

                          Wat ik bedoel is: als je Combofix runt, op het einde toond deze steeds de log.
                          Deze zou je dan kunnen kopiëren en in je bercht plaatsen.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Open een kladblokbestand.
                            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                            @ECHO OFF
                            START NOTEPAD.EXE "C:\combofix.txt"
                            DEL %0

                            Ga naar Bestand - Opslaan als.
                            Bij "Opslaan in" kies je: Bureaublad
                            Bij "Bestandsnaam" zet je: nucia.bat
                            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                            Klik op de knop Opslaan.
                            Dubbelklik op nucia.bat en post de inhoud van de logfile die opent.
                            * Als Vista gebruiker, kies je voor rechtsklikken en Uitvoeren als Administrator.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Ook dat lukt niet. Bij klikken op "opslaan als" of "opslaan in" valt na een flits alles weer terug op het bureaublad. Ik kan vanuit kladblok wel kopiëren en plakken, zoals bij de andere logjes, maar dit gaat niet.
                              Toen Combofix klaar was heb ik geen logje gezien. Gemeld werd, dat het in C:\ zat.
                              Ellen

                              "We don't stop playing because we grow old; we grow old because we stop playing." George Bernard Shaw.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X