Mededeling

Collapse
No announcement yet.

Graag hulp bij goede verwijdering van trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Graag hulp bij goede verwijdering van trojan

    Goedemiddag!

    Graag zou ik willen vragen om hulp bij een goede verwijdering van alles wat te maken heeft met een trojan die gedetecteerd is op mijn pc.
    Ik lees op de website van de virusscan dat trojans met backdoors werken en ook malware gebruiken.
    Dus misschien is niet alles opgelost als ik de gevonden trojan alleen verwijder?
    Hoe kan je alles echt goed nalopen zodat alle infecties en mogelijkheden aangepakt worden.
    Binnenkort moet ik namelijk van een harde schijf naar een ssd en daarom graag alles schoon hebben

    alvast bedankt!
    groet,
    Gelukkige

  • #2
    De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!

    Post de gevraagde logjes.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Wil het lukken?
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Ja, hier is de eerste log, van adwarecleaner;

        # AdwCleaner v4.108 - Rapport aangemaakt 21/01/2015 op 18:34:21
        # Laatste Update 17/01/2015 door Xplode
        # Database : 2015-01-13.2 [Local]
        # Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
        # Gebruikersnaam : XXXXXXX
        # Gestart vanuit : C:\Users\xxxxx\Downloads\adwcleaner_4.108.exe
        # Optie : Verwijderen

        ***** [ Services ] *****


        ***** [ Bestanden / Mappen ] *****

        Map Verwijderd : C:\Users\xxxxxxx\AppData\Local\Hola

        ***** [ Taken ] *****


        ***** [ Snelkoppelingen ] *****


        ***** [ Register ] *****

        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}

        ***** [ Browsers ] *****

        -\\ Internet Explorer v11.0.9600.17496


        -\\ Mozilla Firefox v35.0 (x86 nl)


        *************************

        AdwCleaner[R1].txt - [1492 octets] - [21/01/2015 18:27:36]
        AdwCleaner[S0].txt - [1422 octets] - [21/01/2015 18:34:21]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1482 octets] ##########
        Last edited by Emphyrio; 02-02-15, 10:33.

        Comment


        • #5
          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.71.2
          Run by xxxxxx at 19:03:34 on 2015-01-21
          Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3071.1707 [GMT 1:00]
          .
          AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
          AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
          SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
          FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\nvvsvc.exe
          C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
          C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
          C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k GPSvcGroup
          C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
          C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
          C:\Windows\system32\nvvsvc.exe
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
          C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
          C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
          C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
          C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\System32\WUDFHost.exe
          C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
          C:\Windows\system32\taskhost.exe
          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
          C:\Windows\system32\Dwm.exe
          C:\Windows\Explorer.EXE
          C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
          C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
          C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
          C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
          C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
          C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
          C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Windows\System32\svchost.exe -k secsvcs
          C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          C:\Windows\system32\svchost.exe -k SDRSVC
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxp://www.google.com
          mWinlogon: Userinit = userinit.exe,
          BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
          BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
          TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
          EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
          mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
          mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
          mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
          mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
          dRun: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
          dRun: [Bitdefender-Geldbörse] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
          dRun: [Bitdefender-Geldbörse-Anwendungs-Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
          uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
          mPolicies-Explorer: NoActiveDesktop = dword:1
          mPolicies-Explorer: NoActiveDesktopChanges = dword:1
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableLUA = dword:0
          mPolicies-System: EnableUIADesktopToggle = dword:0
          mPolicies-System: PromptOnSecureDesktop = dword:0
          .
          INFO: HKCU has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
          DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
          DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          TCP: NameServer = 62.179.104.196 213.46.228.196
          TCP: Interfaces\{2FFFDAF8-CF73-4A92-99CC-C529829A7846} : DHCPNameServer = 62.179.104.196 213.46.228.196
          SSODL: WebCheck - <orphaned>
          x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
          x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
          x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
          x64-SSODL: WebCheck - <orphaned>
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\x5oz68h0.default-1406959650984\
          FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
          FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
          FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
          FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
          FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
          FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
          FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
          FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
          FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
          FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
          FF - plugin: C:\Users\xxxxxx\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
          FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2014-11-6 54176]
          R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-4-24 26176]
          R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-4-24 45208]
          R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-4-24 23088]
          R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-14 283200]
          R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2014-11-6 126880]
          R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2014-11-6 65008]
          R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2014-11-7 106648]
          R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2014-11-6 64416]
          R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-4-5 30112]
          R1 RapportCerberus_80120;RapportCerberus_80120;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus64_80120.sys [2015-1-13 845464]
          R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-12-22 445816]
          R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-12-22 558872]
          R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-4-24 4920104]
          R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
          R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
          R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
          R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-6-10 70984]
          R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-13 1617696]
          R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-13 21007192]
          R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2015-1-18 86656]
          R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-12-22 1919256]
          R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-29 411936]
          R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-4-24 71472]
          R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-4-24 57024]
          R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
          R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2014-4-18 62368]
          R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-3-29 470008]
          R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-13 18776]
          R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-13 40392]
          R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
          S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-6-10 393032]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
          S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
          S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
          S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-4-26 14448]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-13 114688]
          S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
          S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-6-27 535576]
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-3 19456]
          S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
          S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 56832]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-3 30208]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
          S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-6-10 384840]
          S4 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-4-26 155824]
          .
          =============== Created Last 30 ================
          .
          2015-01-21 17:50:42 -------- d-----w- C:\Users\xxxxxx\AppData\Local\Hola
          2015-01-21 16:51:07 -------- d-----w- C:\AdwCleaner
          2015-01-21 07:20:38 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14A492B1-E7E1-4730-A2D0-8ECF49C66BBE}\mpengine.dll
          2015-01-18 12:38:19 -------- d-----w- C:\ProgramData\PCPitstop
          2015-01-18 12:38:18 -------- d-----w- C:\Program Files (x86)\PCPitstop
          2015-01-18 11:15:54 -------- d-sh--w- C:\Users\xxxxxx\AppData\Local\EmieBrowserModeList
          2015-01-14 19:35:01 73840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
          2015-01-14 14:45:48 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
          2015-01-14 14:45:48 24576 ----a-w- C:\Windows\System32\mfpmp.exe
          2015-01-14 14:45:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
          2015-01-14 14:45:48 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
          2015-01-14 14:45:48 2048 ----a-w- C:\Windows\System32\mferror.dll
          2015-01-14 14:45:47 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
          2015-01-14 14:45:47 4121600 ----a-w- C:\Windows\System32\mf.dll
          2015-01-14 14:45:47 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
          2015-01-14 14:45:47 206848 ----a-w- C:\Windows\System32\mfps.dll
          2015-01-14 14:45:47 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
          2015-01-14 14:43:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
          2015-01-14 14:43:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
          2015-01-14 14:29:58 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
          2015-01-14 14:28:42 3241984 ----a-w- C:\Windows\System32\msi.dll
          2015-01-14 14:28:42 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
          2015-01-14 14:28:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
          2015-01-14 14:28:10 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
          2015-01-14 14:28:09 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
          2015-01-14 14:28:08 503808 ----a-w- C:\Windows\System32\srcore.dll
          2015-01-14 14:28:08 50176 ----a-w- C:\Windows\System32\srclient.dll
          2015-01-14 14:28:08 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
          2015-01-14 14:28:08 296960 ----a-w- C:\Windows\System32\rstrui.exe
          2015-01-14 14:27:59 6584320 ----a-w- C:\Windows\System32\mstscax.dll
          2015-01-14 14:27:56 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
          2015-01-14 06:38:59 210432 ----a-w- C:\Windows\System32\profsvc.dll
          2015-01-14 06:38:42 303616 ----a-w- C:\Windows\System32\nlasvc.dll
          2015-01-14 06:38:41 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
          2015-01-14 06:38:40 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
          2015-01-14 06:38:39 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
          2015-01-01 12:42:09 -------- d-----w- C:\Program Files\DivX
          2015-01-01 12:41:10 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
          2015-01-01 12:40:33 -------- d-----w- C:\Program Files (x86)\DivX
          2015-01-01 12:39:43 -------- d-----w- C:\ProgramData\DivX
          .
          ==================== Find3M ====================
          .
          2015-01-21 08:28:52 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
          2015-01-14 19:35:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2015-01-14 19:35:20 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2015-01-06 03:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
          2014-12-22 16:52:44 535576 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
          2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
          2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
          2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
          2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
          2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
          2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
          2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
          2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
          2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-11-21 05:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
          2014-11-21 05:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
          2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
          2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
          2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
          2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
          2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
          2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
          2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
          2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
          2014-11-09 17:45:18 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
          2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
          2014-11-07 07:20:09 16504 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys
          2014-11-07 07:20:06 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys
          2014-11-06 19:17:08 64416 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
          2014-11-06 19:17:07 54176 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
          2014-11-06 19:17:07 126880 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
          2014-11-06 19:17:05 65008 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
          2014-11-06 05:42:16 341848 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
          2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
          2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
          2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
          2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
          .
          ============= FINISH: 19:05:51.05 ===============
          Last edited by Emphyrio; 02-02-15, 10:35.

          Comment


          • #6
            Dit is GMER deel 1;

            GMER 2.1.19357 - http://www.gmer.net
            Rootkit scan 2015-01-21 19:42:09
            Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1 ST3160021A rev.3.04 149.05GB
            Running: 4z372k5d.exe; Driver: C:\Users\DANNYV~1\AppData\Local\Temp\kxlcapob.sys


            ---- Kernel code sections - GMER 2.1 ----

            INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800031a3000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
            INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff800031a302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

            ---- User code sections - GMER 2.1 ----

            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077010028 5 bytes JMP 0000000101313ea0
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71ab0000
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074a34296 5 bytes JMP 0000000171a50022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074a34889 5 bytes JMP 0000000171a10022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000074a3d1ea 5 bytes JMP 0000000171390022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074a47673 5 bytes JMP 0000000171ae0022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
            .text ... * 2
            .text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
            .text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
            .text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd9a55c8 6 bytes {JMP QWORD [RIP+0xe8aa68]}
            .text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefd9bb85c 6 bytes {JMP QWORD [RIP+0xe547d4]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e71510 6 bytes {JMP QWORD [RIP+0x92ceb20]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076e71520 6 bytes {JMP QWORD [RIP+0x932eb10]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e715e0 4 bytes [FF, 25, 50, EA]
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 5 0000000076e715e5 1 byte [09]
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e71800 6 bytes {JMP QWORD [RIP+0x92ee830]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076e718b0 6 bytes {JMP QWORD [RIP+0x928e780]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076e71e40 6 bytes {JMP QWORD [RIP+0x92ae1f0]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e727e0 6 bytes {JMP QWORD [RIP+0x934d850]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
            .text C:\Windows\system32\Dwm.exe[3192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e71510 6 bytes {JMP QWORD [RIP+0x92ceb20]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076e71520 6 bytes {JMP QWORD [RIP+0x932eb10]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e715e0 4 bytes [FF, 25, 50, EA]
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 5 0000000076e715e5 1 byte [09]
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e71800 6 bytes {JMP QWORD [RIP+0x92ee830]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076e718b0 6 bytes {JMP QWORD [RIP+0x928e780]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076e71e40 6 bytes {JMP QWORD [RIP+0x92ae1f0]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e727e0 6 bytes {JMP QWORD [RIP+0x934d850]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 0A]
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd2f3030 6 bytes {JMP QWORD [RIP+0x14d000]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd2f45c1 5 bytes {JMP QWORD [RIP+0xeba70]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!listen 000007fefd2f8290 6 bytes {JMP QWORD [RIP+0x127da0]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd31e0f0 6 bytes {JMP QWORD [RIP+0xe1f40]}
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef30c5c70 6 bytes JMP 69006c
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef3142ad4 2 bytes JMP d7efe6db
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductA + 3 000007fef3142ad7 3 bytes JMP d7efe6db
            .text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef315167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717e000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717e000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7175000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7175000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7178000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7178000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 717b000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 717b000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7184000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7184000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes [FF, 25, 1E]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes [80, 71]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes [FF, 25, 1E]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes [71, 71]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 716f000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 716f000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 71a2000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!connect 0000000074a36bdd 6 bytes JMP 71ab000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes {JMP QWORD [RIP+0x71a4001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000074a3cc3f 6 bytes {JMP QWORD [RIP+0x71a7001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes {JMP QWORD [RIP+0x7192001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 718d000a
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes {JMP QWORD [RIP+0x718f001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes {JMP QWORD [RIP+0x7195001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes [FF, 25, 1E]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes [98, 71]
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes {JMP QWORD [RIP+0x719e001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes {JMP QWORD [RIP+0x719b001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes {JMP QWORD [RIP+0x7186001e]}
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes {JMP QWORD [RIP+0x7189001e]}
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077010028 5 bytes JMP 0000000100d8acf0
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717e000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717e000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7175000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7175000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7178000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7178000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 717b000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 717b000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7184000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7184000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes [FF, 25, 1E]
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes [80, 71]
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes [FF, 25, 1E]
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes [71, 71]
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074a34296 5 bytes JMP 0000000171600022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074a34889 5 bytes JMP 0000000171390022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 71a2000a
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes {JMP QWORD [RIP+0x71a4001e]}
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000074a3d1ea 5 bytes JMP 0000000171350022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074a47673 5 bytes JMP 0000000171640022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]

            Comment


            • #7
              GMER deel 2;

              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
              .text ... * 2
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes {JMP QWORD [RIP+0x7192001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes {JMP QWORD [RIP+0x718c001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 7190000a
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes {JMP QWORD [RIP+0x7195001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes [FF, 25, 1E]
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes [98, 71]
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes {JMP QWORD [RIP+0x719e001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes {JMP QWORD [RIP+0x719b001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes {JMP QWORD [RIP+0x7186001e]}
              .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes {JMP QWORD [RIP+0x7189001e]}
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd2f3030 6 bytes {JMP QWORD [RIP+0x1ed000]}
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd2f45c1 5 bytes JMP 20000
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!listen 000007fefd2f8290 6 bytes {JMP QWORD [RIP+0x1c7da0]}
              .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd31e0f0 6 bytes JMP 310030
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717b000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717b000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7172000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7172000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7175000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7175000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7178000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7178000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7181000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7181000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 717e000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 717e000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 716f000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 716f000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 716c000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 716c000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71ac0000
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7184000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7187000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 7190000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 718a000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 718d000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 7193000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 7196000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 7196000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 719c000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 7199000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
              .text ... * 2
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 7160000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!connect 0000000074a36bdd 6 bytes JMP 7169000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes JMP 7163000a
              .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000074a3cc3f 6 bytes JMP 7166000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
              .text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
              .text ... * 2
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
              .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
              .text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
              ---- Processes - GMER 2.1 ----

              Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [404] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071600000
              Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [404] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071560000
              Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3808] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 00000000030d0000
              Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3808] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071560000

              ---- Registry - GMER 2.1 ----

              Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}
              Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}@jagcllcaelbjicglfonk 0x64 0x62 0x6A 0x62 ...

              ---- EOF - GMER 2.1 ----

              Comment


              • #8
                Ter verduidelijking, de trojan was al gedetecteerd door mijn virusscanner en deze staat momenteel in quarantaine.
                Hiervoor is de pc uitgezet, maar deze sloot niet af. Hij bleef hangen in het afsluitscherm van windows 7.

                Comment


                • #9
                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                  • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                  .




                  Download Combofix naar je bureaublad.
                  (Dus niet naar een download map of temp map)

                  Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                  Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                  Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                  Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                  Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                  Als Combofix vraagt om een update, dan staat je dit toe.

                  Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                  Deze kan je vinden als C:\combofix.txt.

                  Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                  * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                  • Illegal operation attempted on a registry key that has been marked for deletion.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Wi het lukken?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Het lag even stil, ik ben ook bezig met de verwijdering van iets anders, muizen! en dan bedoel ik de die met de tanden
                      Was op zoek naar een goede en goedkoop mogelijke en minst schadelijke oplossing en daar gaat wel wat tijd in zitten.
                      Ik heb alleen nog combofix wat ik moet uitvoeren.
                      Ccleaner is voltooid
                      Morgen, zondag waarschijnlijk verder

                      Comment


                      • #12
                        Prima
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Hoe weet ik zeker dat alle verstorende programma's zijn uitgeschakeld?
                          Bijvoorbeeld ook op de achtergrond draaiende onderdelen van bijvoorbeeld anti malware programma's?

                          Comment


                          • #14
                            In jouw geval gaat het om :
                            • AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
                            • AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
                            • SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

                            .
                            Diegene die actief is, staat in het rood (enabled), de G-Dta is disabled (niet actief).
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              ComboFix 15-01-22.02 - xxxxxxx 25-01-2015 18:55:33.1.2 - x64
                              Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3071.1965 [GMT 1:00]
                              Gestart vanuit: c:\users\xxxxxxx\Desktop\ComboFix.exe
                              AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
                              AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
                              FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
                              SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
                              SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
                              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                              .
                              .
                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              c:\programdata\1391949673.bdinstall.bin
                              c:\programdata\1392350609.bdinstall.bin
                              c:\windows\ST6UNST.000
                              .
                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2014-12-25 to 2015-01-25 ))))))))))))))))))))))))))))))
                              .
                              .
                              2015-01-25 18:16 . 2015-01-25 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
                              2015-01-23 16:00 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9DD55C9-73DF-4F7A-BDD7-430980666092}\mpengine.dll
                              2015-01-21 17:50 . 2015-01-21 17:50 -------- d-----w- c:\users\xxxxxxx\AppData\Local\Hola
                              2015-01-21 16:51 . 2015-01-21 17:34 -------- d-----w- C:\AdwCleaner
                              2015-01-18 17:52 . 2015-01-18 17:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
                              2015-01-18 12:38 . 2015-01-24 07:56 -------- d-----w- c:\programdata\PCPitstop
                              2015-01-18 12:38 . 2015-01-24 19:50 -------- d-----w- c:\program files (x86)\PCPitstop
                              2015-01-18 11:15 . 2015-01-18 11:15 -------- d-sh--w- c:\users\xxxxxxx\AppData\Local\EmieBrowserModeList
                              2015-01-14 14:45 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
                              2015-01-14 14:45 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
                              2015-01-14 14:45 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
                              2015-01-14 14:45 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
                              2015-01-14 14:45 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
                              2015-01-14 14:45 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
                              2015-01-14 14:45 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
                              2015-01-14 14:45 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
                              2015-01-14 14:45 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
                              2015-01-14 14:45 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
                              2015-01-14 14:43 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
                              2015-01-14 14:43 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
                              2015-01-14 14:29 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
                              2015-01-14 14:28 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
                              2015-01-14 14:28 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
                              2015-01-14 14:28 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
                              2015-01-14 14:28 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
                              2015-01-14 14:28 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
                              2015-01-14 14:28 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
                              2015-01-14 14:28 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
                              2015-01-14 14:28 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
                              2015-01-14 14:28 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
                              2015-01-14 14:27 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
                              2015-01-14 14:27 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
                              2015-01-14 06:38 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
                              2015-01-14 06:38 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
                              2015-01-14 06:38 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
                              2015-01-14 06:38 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
                              2015-01-14 06:38 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
                              2015-01-01 12:42 . 2015-01-01 12:42 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\DivX
                              2015-01-01 12:42 . 2015-01-01 12:42 -------- d-----w- c:\program files\DivX
                              2015-01-01 12:41 . 2015-01-01 12:42 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
                              2015-01-01 12:40 . 2015-01-01 12:42 -------- d-----w- c:\program files (x86)\DivX
                              2015-01-01 12:39 . 2015-01-01 12:46 -------- d-----w- c:\programdata\DivX
                              .
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2015-01-25 14:35 . 2013-04-04 16:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                              2015-01-25 14:35 . 2013-04-04 16:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                              2015-01-21 08:28 . 2014-05-04 07:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                              2015-01-14 14:32 . 2013-04-03 14:50 113365784 ----a-w- c:\windows\system32\MRT.exe
                              2015-01-06 03:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
                              2014-12-22 16:52 . 2013-06-27 05:04 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
                              2014-12-13 05:09 . 2014-12-18 17:54 144384 ----a-w- c:\windows\system32\ieUnatt.exe
                              2014-12-13 03:33 . 2014-12-18 17:54 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                              2014-11-27 01:43 . 2014-12-13 07:49 389296 ----a-w- c:\windows\system32\iedkcs32.dll
                              2014-11-22 03:13 . 2014-12-13 07:48 25059840 ----a-w- c:\windows\system32\mshtml.dll
                              2014-11-22 03:06 . 2014-12-13 07:50 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                              2014-11-22 03:06 . 2014-12-13 07:49 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
                              2014-11-22 02:50 . 2014-12-13 07:49 66560 ----a-w- c:\windows\system32\iesetup.dll
                              2014-11-22 02:50 . 2014-12-13 07:48 580096 ----a-w- c:\windows\system32\vbscript.dll
                              2014-11-22 02:49 . 2014-12-13 07:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
                              2014-11-22 02:49 . 2014-12-13 07:49 2885120 ----a-w- c:\windows\system32\iertutil.dll
                              2014-11-22 02:48 . 2014-12-13 07:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
                              2014-11-22 02:41 . 2014-12-13 07:49 54784 ----a-w- c:\windows\system32\jsproxy.dll
                              2014-11-22 02:40 . 2014-12-13 07:50 34304 ----a-w- c:\windows\system32\iernonce.dll
                              2014-11-22 02:37 . 2014-12-13 07:48 633856 ----a-w- c:\windows\system32\ieui.dll
                              2014-11-22 02:35 . 2014-12-13 07:50 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
                              2014-11-22 02:34 . 2014-12-13 07:48 814080 ----a-w- c:\windows\system32\jscript9diag.dll
                              2014-11-22 02:34 . 2014-12-13 07:48 6039552 ----a-w- c:\windows\system32\jscript9.dll
                              2014-11-22 02:26 . 2014-12-13 07:49 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                              2014-11-22 02:22 . 2014-12-13 07:49 490496 ----a-w- c:\windows\system32\dxtmsft.dll
                              2014-11-22 02:20 . 2014-12-13 07:50 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                              2014-11-22 02:14 . 2014-12-13 07:50 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                              2014-11-22 02:09 . 2014-12-13 07:48 199680 ----a-w- c:\windows\system32\msrating.dll
                              2014-11-22 02:08 . 2014-12-13 07:48 92160 ----a-w- c:\windows\system32\mshtmled.dll
                              2014-11-22 02:07 . 2014-12-13 07:49 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
                              2014-11-22 02:07 . 2014-12-13 07:50 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
                              2014-11-22 02:06 . 2014-12-13 07:50 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                              2014-11-22 02:05 . 2014-12-13 07:49 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
                              2014-11-22 02:05 . 2014-12-13 07:49 316928 ----a-w- c:\windows\system32\dxtrans.dll
                              2014-11-22 01:54 . 2014-12-13 07:49 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
                              2014-11-22 01:49 . 2014-12-13 07:50 718848 ----a-w- c:\windows\system32\ie4uinit.exe
                              2014-11-22 01:49 . 2014-12-13 07:49 800768 ----a-w- c:\windows\system32\msfeeds.dll
                              2014-11-22 01:47 . 2014-12-13 07:48 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
                              2014-11-22 01:46 . 2014-12-13 07:49 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
                              2014-11-22 01:43 . 2014-12-13 07:48 14412800 ----a-w- c:\windows\system32\ieframe.dll
                              2014-11-22 01:40 . 2014-12-13 07:50 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                              2014-11-22 01:29 . 2014-12-13 07:49 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
                              2014-11-22 01:28 . 2014-12-13 07:48 2358272 ----a-w- c:\windows\system32\wininet.dll
                              2014-11-22 01:22 . 2014-12-13 07:49 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                              2014-11-22 01:21 . 2014-12-13 07:49 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
                              2014-11-22 01:15 . 2014-12-13 07:49 1548288 ----a-w- c:\windows\system32\urlmon.dll
                              2014-11-22 01:03 . 2014-12-13 07:49 800768 ----a-w- c:\windows\system32\ieapfltr.dll
                              2014-11-22 01:00 . 2014-12-13 07:49 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
                              2014-11-21 05:14 . 2014-05-04 07:35 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                              2014-11-21 05:14 . 2014-05-04 07:35 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                              2014-11-21 05:14 . 2013-05-05 16:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                              2014-11-11 03:09 . 2014-12-13 07:50 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
                              2014-11-11 03:08 . 2014-11-20 05:30 241152 ----a-w- c:\windows\system32\pku2u.dll
                              2014-11-11 03:08 . 2014-11-20 05:30 728064 ----a-w- c:\windows\system32\kerberos.dll
                              2014-11-11 02:44 . 2014-12-13 07:50 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
                              2014-11-11 02:44 . 2014-11-20 05:30 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
                              2014-11-11 02:44 . 2014-11-20 05:30 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
                              2014-11-09 17:45 . 2014-11-09 17:45 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                              2014-11-07 07:20 . 2014-11-07 07:20 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
                              2014-11-07 07:20 . 2014-11-07 07:20 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
                              2014-11-06 19:17 . 2014-11-06 19:17 64416 ----a-w- c:\windows\system32\drivers\HookCentre.sys
                              2014-11-06 19:17 . 2014-11-06 19:17 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
                              2014-11-06 19:17 . 2014-11-06 19:17 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
                              2014-11-06 19:17 . 2014-11-06 19:17 65008 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
                              2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                              REGEDIT4
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
                              "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2015-01-01 4997872]
                              "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1035216]
                              "GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                              "ConsentPromptBehaviorAdmin"= 0 (0x0)
                              "ConsentPromptBehaviorUser"= 3 (0x3)
                              "EnableLUA"= 0 (0x0)
                              "EnableUIADesktopToggle"= 0 (0x0)
                              "PromptOnSecureDesktop"= 0 (0x0)
                              .
                              R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
                              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                              R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
                              R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
                              R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
                              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                              R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
                              R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\Rap portKE64.sys [x]
                              R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                              R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
                              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                              R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                              R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
                              R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
                              S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
                              S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
                              S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
                              S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
                              S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
                              S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
                              S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
                              S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
                              S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCe ntre.sys [x]
                              S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
                              S1 RapportCerberus_80120;RapportCerberus_80120;c:\programdata\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus64_80120.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\b aseline\RapportCerberus64_80120.sys [x]
                              S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
                              S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
                              S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
                              S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
                              S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
                              S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
                              S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
                              S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
                              S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
                              S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
                              S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
                              S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
                              S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
                              S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
                              S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
                              S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
                              S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
                              S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
                              S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
                              .
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              .
                              2015-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
                              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 14:35]
                              .
                              2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 09:40]
                              .
                              2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 09:40]
                              .
                              2015-01-25 c:\windows\Tasks\WpsNotifyTask_xxxxxxx.job
                              - c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30 16:00]
                              .
                              2015-01-25 c:\windows\Tasks\WpsUpdateTask_xxxxxxx.job
                              - c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-30 15:41]
                              .
                              .
                              --------- X64 Entries -----------
                              .
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
                              "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
                              "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
                              .
                              ------- Bijkomende Scan -------
                              .
                              uLocal Page = c:\windows\system32\blank.htm
                              uStart Page = hxxp://www.google.com
                              mLocal Page = c:\windows\SysWOW64\blank.htm
                              uInternet Settings,ProxyOverride = *.local
                              TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
                              FF - ProfilePath - c:\users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\x5oz68h0.default-1406959650984\
                              .
                              - - - - ORPHANS VERWIJDERD - - - -
                              .
                              Wow6432Node-HKLM-Run-<NO NAME> - (no file)
                              Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
                              Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
                              Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
                              SafeBoot-CleanHlp
                              SafeBoot-CleanHlp.sys
                              HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                              ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                              ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                              ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                              ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                              AddRemove-Suske en Wiske 1. De Roekeloze Ruimtereis Demo - g:\ruimte\suswis1.exe
                              .
                              .
                              .
                              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                              .
                              [HKEY_USERS\S-1-5-21-3714816789-2906398789-4146990250-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}*]
                              "jagcllcaelbjicglfonk"=hex:64,62,6a,62,66,6e,6f,6c,6d,6e,69,61,6a,68,70,6f,67,
                              67,61,66,6a,70,64,61,62,64,64,6f,69,6e,6d,61,6c,68,6b,6d,62,6b,6b,6a,00,4a
                              .
                              [HKEY_LOCAL_MACHINE\software\BlueStacks]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker6"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Shockwave Flash Object"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                              @="0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="ShockwaveFlash.ShockwaveFlash.16"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="ShockwaveFlash.ShockwaveFlash"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Macromedia Flash Factory Object"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="FlashFactory.FlashFactory.1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="FlashFactory.FlashFactory"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker6"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                              @Denied: (Full) (Everyone)
                              .
                              Voltooingstijd: 2015-01-25 19:26:51
                              ComboFix-quarantined-files.txt 2015-01-25 18:26
                              .
                              Pre-Run: 11,961,352,192 bytes beschikbaar
                              Post-Run: 11,674,361,856 bytes beschikbaar
                              .
                              - - End Of File - - 2444B2C226089EA7C4554810C299E338
                              A36C5E4F47E84449FF07ED3517B43A31
                              Last edited by Emphyrio; 02-02-15, 10:37.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X