De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!

Post de gevraagde logjes.

Emphyrio

Wil het lukken?

Ja, hier is de eerste log, van adwarecleaner;

# AdwCleaner v4.108 - Rapport aangemaakt 21/01/2015 op 18:34:21
# Laatste Update 17/01/2015 door Xplode
# Database : 2015-01-13.2 [Local]
# Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
# Gebruikersnaam : XXXXXXX
# Gestart vanuit : C:\Users\xxxxx\Downloads\adwcleaner_4.108.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\Users\xxxxxxx\AppData\Local\Hola

***** [ Taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 nl)


*************************

AdwCleaner[R1].txt - [1492 octets] - [21/01/2015 18:27:36]
AdwCleaner[S0].txt - [1422 octets] - [21/01/2015 18:34:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1482 octets] ##########

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.71.2
Run by xxxxxx at 19:03:34 on 2015-01-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3071.1707 [GMT 1:00]
.
AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
dRun: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender-Geldbörse] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender-Geldbörse-Anwendungs-Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{2FFFDAF8-CF73-4A92-99CC-C529829A7846} : DHCPNameServer = 62.179.104.196 213.46.228.196
SSODL: WebCheck - <orphaned>
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\x5oz68h0.default-1406959650984\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\xxxxxx\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2014-11-6 54176]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-4-24 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-4-24 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-4-24 23088]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-14 283200]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2014-11-6 126880]
R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2014-11-6 65008]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2014-11-7 106648]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2014-11-6 64416]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-4-5 30112]
R1 RapportCerberus_80120;RapportCerberus_80120;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus64_80120.sys [2015-1-13 845464]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-12-22 445816]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-12-22 558872]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-4-24 4920104]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-6-10 70984]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-13 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-13 21007192]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2015-1-18 86656]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-12-22 1919256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-29 411936]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-4-24 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-4-24 57024]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2014-4-18 62368]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-3-29 470008]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-13 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-13 40392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-6-10 393032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-4-26 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-13 114688]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-6-27 535576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-3 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-3 30208]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-6-10 384840]
S4 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-4-26 155824]
.
=============== Created Last 30 ================
.
2015-01-21 17:50:42 -------- d-----w- C:\Users\xxxxxx\AppData\Local\Hola
2015-01-21 16:51:07 -------- d-----w- C:\AdwCleaner
2015-01-21 07:20:38 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14A492B1-E7E1-4730-A2D0-8ECF49C66BBE}\mpengine.dll
2015-01-18 12:38:19 -------- d-----w- C:\ProgramData\PCPitstop
2015-01-18 12:38:18 -------- d-----w- C:\Program Files (x86)\PCPitstop
2015-01-18 11:15:54 -------- d-sh--w- C:\Users\xxxxxx\AppData\Local\EmieBrowserModeList
2015-01-14 19:35:01 73840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-14 14:45:48 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2015-01-14 14:45:48 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2015-01-14 14:45:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-01-14 14:45:48 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-01-14 14:45:48 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-01-14 14:45:47 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-01-14 14:45:47 4121600 ----a-w- C:\Windows\System32\mf.dll
2015-01-14 14:45:47 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2015-01-14 14:45:47 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-01-14 14:45:47 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2015-01-14 14:43:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-01-14 14:43:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-01-14 14:29:58 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 14:28:42 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-01-14 14:28:42 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-01-14 14:28:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 14:28:10 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 14:28:09 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 14:28:08 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 14:28:08 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 14:28:08 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 14:28:08 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 14:27:59 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-14 14:27:56 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-14 06:38:59 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 06:38:42 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 06:38:41 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 06:38:40 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 06:38:39 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-01 12:42:09 -------- d-----w- C:\Program Files\DivX
2015-01-01 12:41:10 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2015-01-01 12:40:33 -------- d-----w- C:\Program Files (x86)\DivX
2015-01-01 12:39:43 -------- d-----w- C:\ProgramData\DivX
.
==================== Find3M ====================
.
2015-01-21 08:28:52 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 19:35:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 19:35:20 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-06 03:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-22 16:52:44 535576 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 05:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-09 17:45:18 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-07 07:20:09 16504 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys
2014-11-07 07:20:06 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys
2014-11-06 19:17:08 64416 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2014-11-06 19:17:07 54176 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2014-11-06 19:17:07 126880 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2014-11-06 19:17:05 65008 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2014-11-06 05:42:16 341848 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 19:05:51.05 ===============

Dit is GMER deel 1;

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-21 19:42:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1 ST3160021A rev.3.04 149.05GB
Running: 4z372k5d.exe; Driver: C:\Users\DANNYV~1\AppData\Local\Temp\kxlcapob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800031a3000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff800031a302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077010028 5 bytes JMP 0000000101313ea0
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074a34296 5 bytes JMP 0000000171a50022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074a34889 5 bytes JMP 0000000171a10022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000074a3d1ea 5 bytes JMP 0000000171390022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074a47673 5 bytes JMP 0000000171ae0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
.text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd9a55c8 6 bytes {JMP QWORD [RIP+0xe8aa68]}
.text C:\Windows\system32\taskhost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefd9bb85c 6 bytes {JMP QWORD [RIP+0xe547d4]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e71510 6 bytes {JMP QWORD [RIP+0x92ceb20]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076e71520 6 bytes {JMP QWORD [RIP+0x932eb10]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e715e0 4 bytes [FF, 25, 50, EA]
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 5 0000000076e715e5 1 byte [09]
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e71800 6 bytes {JMP QWORD [RIP+0x92ee830]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076e718b0 6 bytes {JMP QWORD [RIP+0x928e780]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076e71e40 6 bytes {JMP QWORD [RIP+0x92ae1f0]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e727e0 6 bytes {JMP QWORD [RIP+0x934d850]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
.text C:\Windows\system32\Dwm.exe[3192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e71510 6 bytes {JMP QWORD [RIP+0x92ceb20]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076e71520 6 bytes {JMP QWORD [RIP+0x932eb10]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e715e0 4 bytes [FF, 25, 50, EA]
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 5 0000000076e715e5 1 byte [09]
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e71800 6 bytes {JMP QWORD [RIP+0x92ee830]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076e718b0 6 bytes {JMP QWORD [RIP+0x928e780]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076e71e40 6 bytes {JMP QWORD [RIP+0x92ae1f0]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e727e0 6 bytes {JMP QWORD [RIP+0x934d850]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 0A]
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd2f3030 6 bytes {JMP QWORD [RIP+0x14d000]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd2f45c1 5 bytes {JMP QWORD [RIP+0xeba70]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!listen 000007fefd2f8290 6 bytes {JMP QWORD [RIP+0x127da0]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd31e0f0 6 bytes {JMP QWORD [RIP+0xe1f40]}
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef30c5c70 6 bytes JMP 69006c
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef3142ad4 2 bytes JMP d7efe6db
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductA + 3 000007fef3142ad7 3 bytes JMP d7efe6db
.text C:\Windows\Explorer.EXE[3236] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef315167c 6 bytes {JMP QWORD [RIP+0x2ce9b4]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717e000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717e000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7175000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7175000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7178000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7178000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 717b000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 717b000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7184000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7184000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes [80, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes [71, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 716f000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 716f000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!connect 0000000074a36bdd 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes {JMP QWORD [RIP+0x71a4001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000074a3cc3f 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 718d000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes [98, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes {JMP QWORD [RIP+0x7186001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077010028 5 bytes JMP 0000000100d8acf0
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7175000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7175000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7178000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7178000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes [80, 71]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes [71, 71]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074a34296 5 bytes JMP 0000000171600022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074a34889 5 bytes JMP 0000000171390022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes {JMP QWORD [RIP+0x71a4001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000074a3d1ea 5 bytes JMP 0000000171350022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074a47673 5 bytes JMP 0000000171640022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]

GMER deel 2;

.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 7190000a
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes [98, 71]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes {JMP QWORD [RIP+0x7186001e]}
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[3808] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c1db80 6 bytes {JMP QWORD [RIP+0x95c24b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcdb9055 3 bytes [B5, 6F, 06]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefd2f3030 6 bytes {JMP QWORD [RIP+0x1ed000]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd2f45c1 5 bytes JMP 20000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!listen 000007fefd2f8290 6 bytes {JMP QWORD [RIP+0x1c7da0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4080] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd31e0f0 6 bytes JMP 310030
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7172000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7172000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7175000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7175000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7178000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7178000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 716f000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 716f000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 716c000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 716c000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7184000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7187000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 7190000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 718a000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 718d000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 7196000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 7196000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000074a3575a 6 bytes JMP 7160000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!connect 0000000074a36bdd 6 bytes JMP 7169000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!listen 0000000074a3b001 6 bytes JMP 7163000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000074a3cc3f 6 bytes JMP 7166000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[4400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007701fc20 3 bytes JMP 718a000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007701fc24 2 bytes JMP 718a000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007701fc38 3 bytes JMP 7181000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007701fc3c 2 bytes JMP 7181000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007701fd64 3 bytes JMP 7184000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007701fd68 2 bytes JMP 7184000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770200b4 3 bytes JMP 7187000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000770200b8 2 bytes JMP 7187000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770201c4 3 bytes JMP 7190000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000770201c8 2 bytes JMP 7190000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077020a44 3 bytes JMP 718d000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077020a48 2 bytes JMP 718d000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077021920 3 bytes JMP 717e000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077021924 2 bytes JMP 717e000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074a93bbb 3 bytes JMP 717b000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000074a93bbf 2 bytes JMP 717b000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075462c9e 4 bytes CALL 71af0000
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075549679 6 bytes JMP 719f000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755512a5 6 bytes JMP 7199000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075553baa 6 bytes JMP 719c000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007555612e 6 bytes JMP 71a2000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendInput 000000007556ff4a 3 bytes JMP 71a5000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007556ff4e 2 bytes JMP 71a5000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!mouse_event 00000000755a027b 6 bytes JMP 71ab000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\USER32.dll!keybd_event 00000000755a02bf 6 bytes JMP 71a8000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756970c4 6 bytes JMP 7193000a
.text C:\Users\Danny van Hoorn\Desktop\4z372k5d.exe[4756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756b3264 6 bytes JMP 7196000a
---- Processes - GMER 2.1 ----

Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [404] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071600000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [404] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071560000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3808] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 00000000030d0000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3808] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-06-27 05:04:09) 0000000071560000

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}@jagcllcaelbjicglfonk 0x64 0x62 0x6A 0x62 ...

---- EOF - GMER 2.1 ----

Ter verduidelijking, de trojan was al gedetecteerd door mijn virusscanner en deze staat momenteel in quarantaine.
Hiervoor is de pc uitgezet, maar deze sloot niet af. Hij bleef hangen in het afsluitscherm van windows 7.

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
• Selecteer het tabblad Geavanceerd
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
• Selecteer het tabblad Instellingen
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
• Klik in de linkse kolom op Cleaner.
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
• Klik vervolgens in de linkse kolom op Register
• Klik op Scan naar problemen.
• Op de vraag of je een backup wil maken van het register, klik je "Ja".
• Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.

---

Download Combofix naar je bureaublad.
(Dus niet naar een download map of temp map)

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.
Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Illegal operation attempted on a registry key that has been marked for deletion.

Wi het lukken?

Het lag even stil, ik ben ook bezig met de verwijdering van iets anders, muizen! en dan bedoel ik de die met de tanden
Was op zoek naar een goede en goedkoop mogelijke en minst schadelijke oplossing en daar gaat wel wat tijd in zitten.
Ik heb alleen nog combofix wat ik moet uitvoeren.
Ccleaner is voltooid
Morgen, zondag waarschijnlijk verder

Prima

Hoe weet ik zeker dat alle verstorende programma's zijn uitgeschakeld?
Bijvoorbeeld ook op de achtergrond draaiende onderdelen van bijvoorbeeld anti malware programma's?

In jouw geval gaat het om :

• AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
• AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
• SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

.
Diegene die actief is, staat in het rood (enabled), de G-Dta is disabled (niet actief).

ComboFix 15-01-22.02 - xxxxxxx 25-01-2015 18:55:33.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3071.1965 [GMT 1:00]
Gestart vanuit: c:\users\xxxxxxx\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: G Data InternetSecurity 2013 PC-Welt Edition *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1391949673.bdinstall.bin
c:\programdata\1392350609.bdinstall.bin
c:\windows\ST6UNST.000
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-12-25 to 2015-01-25 ))))))))))))))))))))))))))))))
.
.
2015-01-25 18:16 . 2015-01-25 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-23 16:00 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9DD55C9-73DF-4F7A-BDD7-430980666092}\mpengine.dll
2015-01-21 17:50 . 2015-01-21 17:50 -------- d-----w- c:\users\xxxxxxx\AppData\Local\Hola
2015-01-21 16:51 . 2015-01-21 17:34 -------- d-----w- C:\AdwCleaner
2015-01-18 17:52 . 2015-01-18 17:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-01-18 12:38 . 2015-01-24 07:56 -------- d-----w- c:\programdata\PCPitstop
2015-01-18 12:38 . 2015-01-24 19:50 -------- d-----w- c:\program files (x86)\PCPitstop
2015-01-18 11:15 . 2015-01-18 11:15 -------- d-sh--w- c:\users\xxxxxxx\AppData\Local\EmieBrowserModeList
2015-01-14 14:45 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-01-14 14:45 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-01-14 14:45 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2015-01-14 14:45 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-01-14 14:45 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-01-14 14:45 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2015-01-14 14:45 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-01-14 14:45 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2015-01-14 14:45 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-01-14 14:45 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-01-14 14:43 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-01-14 14:43 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-01-14 14:29 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 14:28 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2015-01-14 14:28 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2015-01-14 14:28 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 14:28 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 14:28 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 14:28 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 14:28 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 14:28 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 14:28 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-14 14:27 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-01-14 14:27 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-01-14 06:38 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 06:38 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 06:38 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 06:38 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 06:38 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-01 12:42 . 2015-01-01 12:42 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\DivX
2015-01-01 12:42 . 2015-01-01 12:42 -------- d-----w- c:\program files\DivX
2015-01-01 12:41 . 2015-01-01 12:42 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2015-01-01 12:40 . 2015-01-01 12:42 -------- d-----w- c:\program files (x86)\DivX
2015-01-01 12:39 . 2015-01-01 12:46 -------- d-----w- c:\programdata\DivX
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 14:35 . 2013-04-04 16:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 14:35 . 2013-04-04 16:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-21 08:28 . 2014-05-04 07:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 14:32 . 2013-04-03 14:50 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-22 16:52 . 2013-06-27 05:04 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2014-12-13 05:09 . 2014-12-18 17:54 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 17:54 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-13 07:49 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-13 07:48 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-13 07:50 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-13 07:49 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-13 07:49 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-13 07:48 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-13 07:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-13 07:49 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-13 07:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-13 07:49 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-13 07:50 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-13 07:48 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-13 07:50 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-13 07:48 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-13 07:48 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-13 07:49 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-13 07:49 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-13 07:50 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-13 07:50 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-13 07:48 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-13 07:48 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-13 07:49 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-13 07:50 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-13 07:50 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-13 07:49 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-13 07:49 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-13 07:49 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-13 07:50 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-13 07:49 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-13 07:48 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-13 07:49 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-13 07:48 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-13 07:50 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-13 07:49 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-13 07:48 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-13 07:49 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-13 07:49 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-13 07:49 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-13 07:49 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-13 07:49 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-05-04 07:35 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-05-04 07:35 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2013-05-05 16:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-13 07:50 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 05:30 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 05:30 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-13 07:50 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 05:30 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 05:30 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-09 17:45 . 2014-11-09 17:45 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-07 07:20 . 2014-11-07 07:20 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2014-11-07 07:20 . 2014-11-07 07:20 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2014-11-06 19:17 . 2014-11-06 19:17 64416 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-11-06 19:17 . 2014-11-06 19:17 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-11-06 19:17 . 2014-11-06 19:17 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2014-11-06 19:17 . 2014-11-06 19:17 65008 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2015-01-01 4997872]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\Rap portKE64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCe ntre.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 RapportCerberus_80120;RapportCerberus_80120;c:\programdata\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus64_80120.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\b aseline\RapportCerberus64_80120.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2015-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 14:35]
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 09:40]
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 09:40]
.
2015-01-25 c:\windows\Tasks\WpsNotifyTask_xxxxxxx.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30 16:00]
.
2015-01-25 c:\windows\Tasks\WpsUpdateTask_xxxxxxx.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-30 15:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
FF - ProfilePath - c:\users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\x5oz68h0.default-1406959650984\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Suske en Wiske 1. De Roekeloze Ruimtereis Demo - g:\ruimte\suswis1.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3714816789-2906398789-4146990250-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D3A5D7A-241F-1391-1F5B-2E9827A20FC0}*]
"jagcllcaelbjicglfonk"=hex:64,62,6a,62,66,6e,6f,6c,6d,6e,69,61,6a,68,70,6f,67,
67,61,66,6a,70,64,61,62,64,64,6f,69,6e,6d,61,6c,68,6b,6d,62,6b,6b,6a,00,4a
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2015-01-25 19:26:51
ComboFix-quarantined-files.txt 2015-01-25 18:26
.
Pre-Run: 11,961,352,192 bytes beschikbaar
Post-Run: 11,674,361,856 bytes beschikbaar
.
- - End Of File - - 2444B2C226089EA7C4554810C299E338
A36C5E4F47E84449FF07ED3517B43A31