Mededeling

Collapse
No announcement yet.

Popups Firefox

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Popups Firefox

    Goedendag,

    in de Firefox-browser heb ik last van add-popups door SpaceOffers. Bij IE en Safari is dit niet het geval. Gaarne hulp bij verwijderen. Log van DDS als bijlage.

    Mvg
    Bijgevoegde Bestanden

  • #2
    De eerste stap is het uitvoeren van deze richtlijn:

    !!! BELANGRIJK !!!: Lees dit eerst voor je hier een bericht plaatst!

    Post de gevraagde logjes.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Excuses, te snel over eea heengelezen Hier alsnog het gehele lijstje in meeredere postings, omdat het GMER logje nogal veel tekens bevat:


      DDS (Ver_2012-11-05.02) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
      Run by Remco at 16:55:41 on 2015-04-11
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6048.3366 [GMT 2:00]
      .
      AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
      SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\FBAgent.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
      C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
      C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Windows\SysWOW64\PnkBstrA.exe
      C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
      C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
      C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
      C:\ASUS.SYS\SIONExportService.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
      C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
      C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
      C:\Program Files\P4G\BatteryLife.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
      C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
      C:\Windows\Explorer.EXE
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Windows\System32\rundll32.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
      C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
      C:\Windows\AsScrPro.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
      C:\Program Files (x86)\Sitecom\Common\RaUI.exe
      C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe
      C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
      C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
      C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      mWinlogon: Userinit = userinit.exe,
      uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      uRun: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
      uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      uRun: [LightShot] C:\Users\Remco\AppData\Local\Skillbrains\lightshot\Lightshot.exe
      uRun: [Spotify] "C:\Users\Remco\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
      uRun: [Spotify Web Helper] "C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
      uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      uRun: [HP ENVY 5530 series (NET)] "C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4B8463NF067B:NW" -scfn "HP ENVY 5530 series (NET)" -AutoStart 1
      mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
      mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
      mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
      mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
      mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
      mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
      mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
      mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
      mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      mRun: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
      mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Remco\AppData\Roaming\Dropbox\bin\Dropbox.exe
      StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GANGLA~1.LNK - C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SITECO~1.LNK - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      TCP: NameServer = 195.121.1.34 195.121.1.66
      TCP: Interfaces\{1AA93963-4675-4022-A2B7-DEA5AA1C79DD} : DHCPNameServer = 195.121.1.34 195.121.1.66
      TCP: Interfaces\{1AA93963-4675-4022-A2B7-DEA5AA1C79DD}\14256573531393535363039303 : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{1AA93963-4675-4022-A2B7-DEA5AA1C79DD}\4586F6D637F6E6238373337344 : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{1AA93963-4675-4022-A2B7-DEA5AA1C79DD}\B405E40264F6E6 : DHCPNameServer = 194.151.228.2 194.151.228.18
      TCP: Interfaces\{8A2B01D5-6089-4343-9054-BB1F6773DC9C} : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{FA8CA53B-2B11-47C1-81D5-D0004B30BFB3} : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{FA8CA53B-2B11-47C1-81D5-D0004B30BFB3}\84232303E4831343731373 : DHCPNameServer = 192.168.2.254
      Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
      Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      SSODL: WebCheck - <orphaned>
      x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
      x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
      x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
      x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
      x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
      x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
      x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
      x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
      x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
      x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
      x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
      x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
      x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
      x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
      x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
      x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
      x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
      x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Remco\AppData\Roaming\mozilla\firefox\Profiles\q7jnkt6h.default\
      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
      FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
      FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-1-24 32544]
      R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
      R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-1-24 299352]
      R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-8-28 379520]
      R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
      R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
      R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-6-2 64128]
      R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
      R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
      R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
      R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
      R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
      R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-1-24 1148560]
      R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-11 1871160]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-11 1080120]
      R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-1-24 1706128]
      R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-1-24 21833360]
      R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [2012-6-1 185632]
      R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [2012-6-1 212256]
      R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
      R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-11 338208]
      R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-1-24 411936]
      R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]
      R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-4-13 67664]
      R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
      R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
      R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-28 2655768]
      R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-8-28 16768]
      R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
      R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
      R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
      R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
      R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
      R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
      R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
      R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
      R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
      R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-8 76912]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-11 25816]
      R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-11 136408]
      R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-11 63704]
      R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-1-24 19600]
      R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-1-24 38032]
      R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
      R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
      R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
      R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
      R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
      S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/28 01:54:26;"C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc --> C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [?]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
      S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-13 267480]
      S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
      S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-11 19456]
      S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-11 56832]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-11 30208]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-22 1255736]
      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
      .
      =============== Created Last 30 ================
      .
      2015-04-11 12:10:46 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2015-04-11 12:10:25 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2015-04-11 12:10:25 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2015-04-11 12:10:25 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2015-04-11 12:10:25 -------- d-----w- C:\ProgramData\Malwarebytes
      2015-04-11 12:10:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2015-04-11 08:42:04 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0C886AC-7A6A-4EA7-BD7E-89ADD4B61ED1}\offreg.dll
      2015-04-10 07:51:53 20 ----a-w- C:\Users\Remco\AppData\Roaming\appdataFr3.bin
      2015-04-10 07:26:50 -------- d-----w- C:\ProgramData\{e6702481-fa04-35f2-e670-02481fa09207}
      2015-04-10 07:25:50 12002392 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0C886AC-7A6A-4EA7-BD7E-89ADD4B61ED1}\mpengine.dll
      2015-04-10 07:21:46 -------- d-----w- C:\Program Files (x86)\compfix
      2015-04-10 07:21:27 -------- d-----w- C:\Program Files (x86)\Counter Strike Best Online Games Collection
      2015-04-10 07:21:09 -------- d-----w- C:\Program Files (x86)\BrowsiinggcLearlY
      2015-04-10 07:20:56 883712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll
      2015-04-10 07:20:38 -------- d-----w- C:\ProgramData\9716055902769314962
      2015-04-05 18:54:58 -------- d-s---w- C:\Windows\SysWow64\GWX
      2015-04-05 18:54:58 -------- d-s---w- C:\Windows\System32\GWX
      2015-03-25 09:43:50 943616 ----a-w- C:\Windows\System32\appraiser.dll
      2015-03-25 09:43:50 677888 ----a-w- C:\Windows\System32\generaltel.dll
      2015-03-25 09:43:50 30720 ----a-w- C:\Windows\System32\acmigration.dll
      2015-03-25 09:43:50 1107456 ----a-w- C:\Windows\System32\aeinv.dll
      2015-03-25 09:43:49 760832 ----a-w- C:\Windows\System32\invagent.dll
      2015-03-25 09:43:49 414720 ----a-w- C:\Windows\System32\devinv.dll
      2015-03-25 09:43:49 227328 ----a-w- C:\Windows\System32\aepdu.dll
      2015-03-25 09:43:49 192000 ----a-w- C:\Windows\System32\aepic.dll
      2015-03-24 08:04:24 -------- d-----w- C:\Users\Remco\AppData\Local\{7EA0F7F2-1DA2-4D8A-BA74-21375ACBB1BD}
      2015-03-15 11:29:49 -------- d-----w- C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}
      .
      ==================== Find3M ====================
      .
      2015-04-11 14:40:20 45056 ----a-w- C:\Windows\System32\acovcnt.exe
      2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
      2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
      2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
      2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
      2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
      2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
      2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
      2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
      2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
      2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
      2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
      2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
      2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
      2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
      2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
      2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
      2015-02-24 03:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
      2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
      2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
      2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
      2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
      2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
      2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
      2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
      2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
      2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
      2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
      2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
      2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
      2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
      2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
      2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
      2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
      2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
      2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
      2015-02-06 09:40:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2015-02-06 09:40:07 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
      2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
      2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
      2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
      2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
      2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
      2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
      2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
      2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
      2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
      2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
      2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
      2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
      2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
      2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
      2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
      2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
      2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
      2015-01-31 03:48:54 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
      2015-01-31 03:48:54 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
      2015-01-30 23:56:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
      2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
      2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
      2015-01-24 19:49:33 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
      2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
      .
      ============= FINISH: 16:55:58,26 ===============
      Bijgevoegde Bestanden

      Comment


      • #4
        GMER 2.1.19357 - http://www.gmer.net
        Rootkit scan 2015-04-11 17:04:54
        Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
        Running: 0ujohu5v.exe; Driver: C:\Users\Remco\AppData\Local\Temp\pxldypob.sys


        ---- User code sections - GMER 2.1 ----

        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
        .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1628] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
        .text C:\Windows\system32\taskeng.exe[2572] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
        .text C:\Windows\system32\taskeng.exe[2656] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000721e17fa 2 bytes CALL 767f11a9 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000721e1860 2 bytes CALL 767f11a9 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000721e1942 2 bytes JMP 75417089 C:\Windows\syswow64\WS2_32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000721e194d 2 bytes JMP 7541cba6 C:\Windows\syswow64\WS2_32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\SysWOW64\PnkBstrA.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
        .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[3592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810

        Comment


        • #5
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
          .text ... * 9
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
          .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3600] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
          .text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7292460 5 bytes JMP 000007fefd8202d0
          .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3736] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef72c96b0 6 bytes JMP 000007fefd820298
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
          .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef593dc88 5 bytes JMP 000007fff57300d8
          .text C:\Windows\system32\Dwm.exe[3896] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef593de10 5 bytes JMP 000007fff5730110
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
          .text ... * 9
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
          .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
          .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2128] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
          .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1040] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
          .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0

          Comment


          • #6
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
            .text ... * 9
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\AsScrPro.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
            .text C:\Windows\System32\igfxpers.exe[5772] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
            .text ... * 9
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
            .text C:\Program Files\iTunes\iTunesHelper.exe[5708] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
            .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
            .text C:\Users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[5956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
            .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890

            Comment


            • #7
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5580] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
              .text ... * 9
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
              .text ... * 9
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
              .text C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe[2360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
              .text C:\Program Files (x86)\Sitecom\Common\RaUI.exe[2292] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!CreateEventA + 8 00000000767f3254 7 bytes JMP 0000000101201710
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!lstrcmpW + 30 00000000767f590f 7 bytes JMP 0000000101201910
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!LoadResource + 8 00000000767f591c 7 bytes JMP 0000000101201bb0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!LockResource + 19 00000000767f5934 7 bytes JMP 0000000101201000
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!GetLocalTime + 30 00000000767f5a8c 7 bytes JMP 0000000101201cb0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus + 19 000000007680d3a6 7 bytes JMP 0000000101201f50
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!SetEndOfFile + 152 0000000075a9c850 7 bytes JMP 000000010128def0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!GetFileType + 218 0000000075a9dc45 7 bytes JMP 000000010128dc10
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!UnlockFile + 103 0000000075a9dff3 7 bytes JMP 000000010128e240
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!CreateFileMappingNumaW + 298 0000000075a9e826 7 bytes JMP 000000010128e390
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!UnmapViewOfFile + 81 0000000075a9eb2c 7 bytes JMP 000000010128e4f0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!SetFileInformationByHandle + 168 0000000075aac294 7 bytes JMP 000000010128d710
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\OLEAUT32.dll!LoadTypeLibEx + 742 0000000075af1d45 7 bytes JMP 000000010128d6c0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
              .text ... * 9
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
              .text C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe[5968] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
              .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00

              Comment


              • #8
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[5980] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6364] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
                .text ... * 9
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[7068] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6724] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
                .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
                .text ... * 9
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
                .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a400 7 bytes JMP 000000016fff0228
                .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f20 5 bytes JMP 000000016fff0180

                Comment


                • #9
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffb0 5 bytes JMP 000000016fff01b8
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f2e0 5 bytes JMP 000000016fff0110
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689a30 7 bytes JMP 000000016fff00d8
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776994c0 5 bytes JMP 000000016fff0148
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b87e0 7 bytes JMP 000000016fff01f0
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd5f0180
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd5f00d8
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd5f0148
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd5f0110
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 3 bytes JMP 000007fffd5f01f0
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feffa689f4 4 bytes [FD, CC, CC, CC]
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 3 bytes JMP 000007fffd5f01b8
                  .text C:\Program Files\CCleaner\CCleaner64.exe[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feffa6be54 4 bytes [FD, CC, CC, CC]
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016f2c3320
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016f2c32b0
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755c1401 2 bytes JMP 7681b21b C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755c1419 2 bytes JMP 7681b346 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755c1431 2 bytes JMP 76898ea9 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755c144a 2 bytes CALL 767f48ad C:\Windows\syswow64\kernel32.dll
                  .text ... * 9
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755c14dd 2 bytes JMP 768987a2 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755c14f5 2 bytes JMP 76898978 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755c150d 2 bytes JMP 76898698 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755c1525 2 bytes JMP 76898a62 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755c153d 2 bytes JMP 7680fca8 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755c1555 2 bytes JMP 768168ef C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755c156d 2 bytes JMP 76898f61 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755c1585 2 bytes JMP 76898ac2 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755c159d 2 bytes JMP 7689865c C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755c15b5 2 bytes JMP 7680fd41 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755c15cd 2 bytes JMP 7681b2dc C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755c16b2 2 bytes JMP 76898e24 C:\Windows\syswow64\kernel32.dll
                  .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755c16bd 2 bytes JMP 768985f1 C:\Windows\syswow64\kernel32.dll
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd820180
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8200d8
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd820148
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd820110
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffd820228
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffd820260
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa689f0 8 bytes JMP 000007fffd8201f0
                  .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa6be50 8 bytes JMP 000007fffd8201b8
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000767f1f0e 7 bytes JMP 000000016f2c3dd0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000767f5bad 7 bytes JMP 000000016f2c40e0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076801409 7 bytes JMP 000000016f2c3f10
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007680ea45 7 bytes JMP 000000016f2c3dc0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076898e24 7 bytes JMP 000000016f2c3b50
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898ea9 5 bytes JMP 000000016f2c3c00
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768991ff 5 bytes JMP 000000016f2c3b60
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075aa1d29 5 bytes JMP 000000016f2c3b00
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075aa1dd7 5 bytes JMP 000000016f2c3ab0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075aa2ab1 5 bytes JMP 000000016f2c3c10
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075aa2d17 5 bytes JMP 000000016f2c3890
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007646e96b 5 bytes JMP 000000016f2c33e0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007646eba5 5 bytes JMP 000000016f2c33f0
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075998a29 5 bytes JMP 000000016f2c3370
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759a4572 5 bytes JMP 000000016f2c3810
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759be567 5 bytes JMP 000000016f2c3880
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759e07d7 5 bytes JMP 000000016f2c3280
                  .text C:\Users\Remco\Downloads\0ujohu5v.exe[2000] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759f7a5c 5 bytes JMP 000000016f2c3800

                  ---- Threads - GMER 2.1 ----

                  Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4536:7400] 000007fefbc02bf8
                  Thread C:\Windows\System32\svchost.exe [7860:8152] 000007feeb359688
                  ---- Processes - GMER 2.1 ----

                  Process C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe (*** suspicious ***) @ C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe [5968](2015-03-15 11:29:49) 0000000001200000

                  ---- Registry - GMER 2.1 ----

                  Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
                  Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b1887c
                  Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x73 0x96 0x40 0x2A ...
                  Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
                  Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b1887c (not active ControlSet)
                  Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x73 0x96 0x40 0x2A ...

                  ---- EOF - GMER 2.1 ----

                  Comment


                  • #10
                    Dat is/was een hele hoop

                    Geef je verborgen bestanden en mappen weer.

                    Ga naar Virus Total en upload de volgende file:

                    C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe

                    Druk op verzenden en wacht tot de resultaten verschijnen.
                    Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

                    Uit het rapport, koppieer je het volgende:

                    KLIK HIER voor een vergroting! 
                    .
                    Plaats ook even de link naar dat rapport.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Click image for larger version

Name:	Screenshot_2.jpg
Views:	1
Size:	38,2 KB
ID:	1068207


                      https://www.virustotal.com/nl/file/8...is/1428773326/

                      Comment


                      • #12
                        Download SystemLook.exe x64 en plaats het bestand op het Bureaublad.
                        Dubbelklik SystemLook.exe om het programma te starten.
                        In het venster dat opent kopieer je onderstaande code:

                        Code:
                        :filefind
                        gangland*.*
                        :folderfind
                        gangland*.*
                        :regfind
                        gangland
                        Klik op de knop "Look" om de scan te activeren.

                        Als de scan klaar is opent een tekstbestand (SystemLook.txt).
                        Post de inhoud van dit bestand.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          SystemLook 30.07.11 by jpshortstuff
                          Log created at 19:57 on 11/04/2015 by Remco
                          Administrator - Elevation successful

                          ========== filefind ==========

                          Searching for "gangland*.*"
                          C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.dat --a---- 878 bytes [11:29 15/03/2015] [11:29 15/03/2015] 1420EE6EE67F1522D1CDE9DBF2F0E9F0
                          C:\ProgramData\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe --a---- 839680 bytes [11:29 15/03/2015] [11:29 15/03/2015] D8D89C5965E9519C2E50F3E49136033B
                          C:\Users\All Users\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.dat --a---- 878 bytes [11:29 15/03/2015] [11:29 15/03/2015] 1420EE6EE67F1522D1CDE9DBF2F0E9F0
                          C:\Users\All Users\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe --a---- 839680 bytes [11:29 15/03/2015] [11:29 15/03/2015] D8D89C5965E9519C2E50F3E49136033B
                          C:\Users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gangland 46.lnk --a---- 1947 bytes [11:29 15/03/2015] [11:29 15/03/2015] E6AB1309A918E70CF88996C91C187423

                          ========== folderfind ==========

                          Searching for "gangland*.*"
                          No folders found.

                          ========== regfind ==========

                          Searching for "gangland"
                          No data found.

                          -= EOF =-

                          Comment


                          • #14
                            Download Combofix naar je bureaublad.
                            (Dus niet naar een download map of temp map)

                            Extra nota... Zorg ervoor dat je Security software uitgeschakeld is tijdens het gebruik van Combofix.
                            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                            Als Combofix vraagt om een update, dan staat je dit toe.

                            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                            Deze kan je vinden als C:\combofix.txt.

                            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                            • Illegal operation attempted on a registry key that has been marked for deletion.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              ComboFix 15-04-09.01 - Remco 11-04-2015 20:11:15.1.8 - x64
                              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6048.3622 [GMT 2:00]
                              Gestart vanuit: c:\users\Remco\Desktop\ComboFix.exe
                              AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
                              SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
                              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                              .
                              .
                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              c:\programdata\9716055902769314962
                              c:\programdata\9716055902769314962\377962ddc33f184ae836e26460811fb5.ini
                              c:\programdata\9716055902769314962\86710d2f0f189829e836e26460811fb5.ini
                              c:\programdata\9716055902769314962\ca37268ddf812824e836e26460811fb5.ini
                              c:\programdata\9716055902769314962\f69f0751a4086cede836e26460811fb5.ini
                              c:\programdata\9716055902769314962\fae94211cd977c87e836e26460811fb5.ini
                              c:\windows\IsUn0413.exe
                              c:\windows\msdownld.tmp
                              D:\install.exe
                              .
                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2015-03-11 to 2015-04-11 ))))))))))))))))))))))))))))))
                              .
                              .
                              2015-04-11 18:18 . 2015-04-11 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
                              2015-04-11 12:10 . 2015-04-11 14:49 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                              2015-04-11 12:10 . 2015-04-11 12:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
                              2015-04-11 12:10 . 2015-04-11 12:10 -------- d-----w- c:\programdata\Malwarebytes
                              2015-04-11 12:10 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                              2015-04-11 12:10 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                              2015-04-11 12:10 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                              2015-04-11 08:42 . 2015-04-11 18:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0C886AC-7A6A-4EA7-BD7E-89ADD4B61ED1}\offreg.dll
                              2015-04-10 07:51 . 2015-04-10 07:51 20 ----a-w- c:\users\Remco\AppData\Roaming\appdataFr3.bin
                              2015-04-10 07:26 . 2015-04-10 07:26 -------- d-----w- c:\programdata\{e6702481-fa04-35f2-e670-02481fa09207}
                              2015-04-10 07:25 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0C886AC-7A6A-4EA7-BD7E-89ADD4B61ED1}\mpengine.dll
                              2015-04-10 07:21 . 2015-04-11 14:39 -------- d-----w- c:\program files (x86)\compfix
                              2015-04-10 07:21 . 2015-04-10 07:41 -------- d-----w- c:\program files (x86)\Counter Strike Best Online Games Collection
                              2015-04-10 07:21 . 2015-04-10 07:42 -------- d-----w- c:\program files (x86)\BrowsiinggcLearlY
                              2015-04-05 18:54 . 2015-04-05 18:55 -------- d-s---w- c:\windows\system32\GWX
                              2015-04-05 18:54 . 2015-04-05 18:54 -------- d-s---w- c:\windows\SysWow64\GWX
                              2015-03-25 09:43 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
                              2015-03-25 09:43 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
                              2015-03-25 09:43 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
                              2015-03-25 09:43 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
                              2015-03-25 09:43 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
                              2015-03-25 09:43 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
                              2015-03-25 09:43 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
                              2015-03-25 09:43 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
                              2015-03-15 11:29 . 2015-04-10 07:19 -------- d-----w- c:\programdata\{4c17c129-8a98-8eab-4c17-7c1298a904a6}
                              .
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2015-04-11 14:40 . 2011-08-28 09:00 45056 ----a-w- c:\windows\system32\acovcnt.exe
                              2015-03-11 13:28 . 2012-07-16 19:23 122905848 ----a-w- c:\windows\system32\MRT.exe
                              2015-03-06 05:56 . 2015-03-11 08:16 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
                              2015-03-06 05:56 . 2015-03-11 08:16 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
                              2015-03-06 05:42 . 2015-03-11 08:16 210944 ----a-w- c:\windows\system32\wdigest.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 86528 ----a-w- c:\windows\system32\TSpkg.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 29184 ----a-w- c:\windows\system32\sspisrv.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 136192 ----a-w- c:\windows\system32\sspicli.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 341504 ----a-w- c:\windows\system32\schannel.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 28160 ----a-w- c:\windows\system32\secur32.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 314880 ----a-w- c:\windows\system32\msv1_0.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 309760 ----a-w- c:\windows\system32\ncrypt.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 1461760 ----a-w- c:\windows\system32\lsasrv.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 728064 ----a-w- c:\windows\system32\kerberos.dll
                              2015-03-06 05:42 . 2015-03-11 08:16 22016 ----a-w- c:\windows\system32\credssp.dll
                              2015-03-06 05:41 . 2015-03-11 08:16 31232 ----a-w- c:\windows\system32\lsass.exe
                              2015-03-06 05:41 . 2015-03-11 08:16 64000 ----a-w- c:\windows\system32\auditpol.exe
                              2015-03-06 05:39 . 2015-03-11 08:16 60416 ----a-w- c:\windows\system32\msobjs.dll
                              2015-03-06 05:38 . 2015-03-11 08:16 146432 ----a-w- c:\windows\system32\msaudite.dll
                              2015-03-06 05:36 . 2015-03-11 08:16 686080 ----a-w- c:\windows\system32\adtschema.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
                              2015-03-06 05:10 . 2015-03-11 08:16 17408 ----a-w- c:\windows\SysWow64\credssp.dll
                              2015-03-06 05:09 . 2015-03-11 08:16 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
                              2015-03-06 05:09 . 2015-03-11 08:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
                              2015-03-06 05:07 . 2015-03-11 08:16 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
                              2015-03-06 05:07 . 2015-03-11 08:16 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
                              2015-03-06 05:06 . 2015-03-11 08:16 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
                              2015-02-26 03:25 . 2015-03-11 08:16 3204096 ----a-w- c:\windows\system32\win32k.sys
                              2015-02-24 03:17 . 2012-07-08 19:51 295552 ------w- c:\windows\system32\MpSigStub.exe
                              2015-02-24 03:15 . 2015-03-11 08:16 389800 ----a-w- c:\windows\system32\iedkcs32.dll
                              2015-02-21 01:16 . 2015-03-11 08:16 25021440 ----a-w- c:\windows\system32\mshtml.dll
                              2015-02-20 23:58 . 2015-03-11 08:16 92160 ----a-w- c:\windows\system32\mshtmled.dll
                              2015-02-20 04:41 . 2015-03-11 08:18 41984 ----a-w- c:\windows\system32\lpk.dll
                              2015-02-20 04:40 . 2015-03-11 08:18 100864 ----a-w- c:\windows\system32\fontsub.dll
                              2015-02-20 04:40 . 2015-03-11 08:18 14336 ----a-w- c:\windows\system32\dciman32.dll
                              2015-02-20 04:40 . 2015-03-11 08:18 46080 ----a-w- c:\windows\system32\atmlib.dll
                              2015-02-20 04:13 . 2015-03-11 08:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
                              2015-02-20 04:13 . 2015-03-11 08:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
                              2015-02-20 04:13 . 2015-03-11 08:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                              2015-02-20 04:12 . 2015-03-11 08:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll
                              2015-02-20 03:29 . 2015-03-11 08:18 372224 ----a-w- c:\windows\system32\atmfd.dll
                              2015-02-20 03:09 . 2015-03-11 08:18 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
                              2015-02-20 03:06 . 2015-03-11 08:16 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                              2015-02-20 03:05 . 2015-03-11 08:16 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
                              2015-02-20 02:50 . 2015-03-11 08:16 66560 ----a-w- c:\windows\system32\iesetup.dll
                              2015-02-20 02:49 . 2015-03-11 08:16 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
                              2015-02-20 02:49 . 2015-03-11 08:16 584192 ----a-w- c:\windows\system32\vbscript.dll
                              2015-02-20 02:48 . 2015-03-11 08:16 2886144 ----a-w- c:\windows\system32\iertutil.dll
                              2015-02-20 02:47 . 2015-03-11 08:16 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
                              2015-02-20 02:41 . 2015-03-11 08:16 54784 ----a-w- c:\windows\system32\jsproxy.dll
                              2015-02-20 02:40 . 2015-03-11 08:16 34304 ----a-w- c:\windows\system32\iernonce.dll
                              2015-02-20 02:36 . 2015-03-11 08:16 633856 ----a-w- c:\windows\system32\ieui.dll
                              2015-02-20 02:35 . 2015-03-11 08:16 144384 ----a-w- c:\windows\system32\ieUnatt.exe
                              2015-02-20 02:35 . 2015-03-11 08:16 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
                              2015-02-20 02:34 . 2015-03-11 08:16 814080 ----a-w- c:\windows\system32\jscript9diag.dll
                              2015-02-20 02:32 . 2015-03-11 08:16 6035456 ----a-w- c:\windows\system32\jscript9.dll
                              2015-02-20 02:26 . 2015-03-11 08:16 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                              2015-02-20 02:22 . 2015-03-11 08:16 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                              2015-02-20 02:22 . 2015-03-11 08:16 490496 ----a-w- c:\windows\system32\dxtmsft.dll
                              2015-02-20 02:13 . 2015-03-11 08:16 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                              2015-02-20 02:09 . 2015-03-11 08:16 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
                              2015-02-20 02:08 . 2015-03-11 08:16 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
                              2015-02-20 02:08 . 2015-03-11 08:16 199680 ----a-w- c:\windows\system32\msrating.dll
                              2015-02-20 02:08 . 2015-03-11 08:16 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                              2015-02-20 02:06 . 2015-03-11 08:16 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
                              2015-02-20 02:05 . 2015-03-11 08:16 316928 ----a-w- c:\windows\system32\dxtrans.dll
                              2015-02-20 01:56 . 2015-03-11 08:16 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                              2015-02-20 01:56 . 2015-03-11 08:16 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
                              2015-02-20 01:49 . 2015-03-11 08:16 718848 ----a-w- c:\windows\system32\ie4uinit.exe
                              2015-02-20 01:49 . 2015-03-11 08:16 801280 ----a-w- c:\windows\system32\msfeeds.dll
                              2015-02-20 01:47 . 2015-03-11 08:16 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
                              2015-02-20 01:46 . 2015-03-11 08:16 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
                              2015-02-20 01:43 . 2015-03-11 08:16 14398976 ----a-w- c:\windows\system32\ieframe.dll
                              2015-02-20 01:41 . 2015-03-11 08:16 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                              2015-02-20 01:30 . 2015-03-11 08:16 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll
                              2015-02-20 01:28 . 2015-03-11 08:16 2358784 ----a-w- c:\windows\system32\wininet.dll
                              2015-02-20 01:24 . 2015-03-11 08:16 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                              2015-02-20 01:23 . 2015-03-11 08:16 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
                              2015-02-20 01:16 . 2015-03-11 08:16 1548288 ----a-w- c:\windows\system32\urlmon.dll
                              2015-02-20 01:03 . 2015-03-11 08:16 800768 ----a-w- c:\windows\system32\ieapfltr.dll
                              2015-02-20 01:01 . 2015-03-11 08:16 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
                              2015-02-13 05:22 . 2015-03-11 08:16 14177280 ----a-w- c:\windows\system32\shell32.dll
                              2015-02-06 09:40 . 2014-03-08 21:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                              2015-02-06 09:40 . 2014-03-08 21:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                              2015-02-04 03:16 . 2015-03-11 08:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
                              2015-02-04 02:54 . 2015-03-11 08:16 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
                              2015-02-03 03:34 . 2015-03-11 08:17 693176 ----a-w- c:\windows\system32\winload.efi
                              2015-02-03 03:34 . 2015-03-11 08:17 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
                              2015-02-03 03:34 . 2015-03-11 08:17 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
                              2015-02-03 03:33 . 2015-03-11 08:17 616360 ----a-w- c:\windows\system32\winresume.efi
                              2015-02-03 03:31 . 2015-03-11 08:18 14632960 ----a-w- c:\windows\system32\wmp.dll
                              2015-02-03 03:31 . 2015-03-11 08:17 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
                              2015-02-03 03:31 . 2015-03-11 08:17 229376 ----a-w- c:\windows\system32\wintrust.dll
                              2015-02-03 03:31 . 2015-03-11 08:16 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                              REGEDIT4
                              .
                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
                              "Spotify"="c:\users\Remco\AppData\Roaming\Spotify\Spotify.exe" [2014-03-08 6118400]
                              "Spotify Web Helper"="c:\users\Remco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-08 1171968]
                              "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
                              "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
                              "AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
                              "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
                              "HP ENVY 5530 series (NET)"="c:\program files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe" [2014-07-21 3487240]
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                              "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
                              "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
                              "SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
                              "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
                              "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
                              "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
                              "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
                              "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
                              "KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288]
                              "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
                              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
                              "Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
                              "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
                              .
                              c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                              Dropbox.lnk - c:\users\Remco\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
                              gangland 46.lnk - c:\programdata\{4c17c129-8a98-8eab-4c17-7c1298a904a6}\gangland 46.exe --startup=1 [2015-3-15 839680]
                              .
                              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                              AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
                              FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2011-8-28 12862]
                              Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\RaUI.exe -s [2012-6-1 1642496]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                              "ConsentPromptBehaviorAdmin"= 5 (0x5)
                              "ConsentPromptBehaviorUser"= 3 (0x3)
                              "EnableUIADesktopToggle"= 0 (0x0)
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                              "LoadAppInit_DLLs"=1 (0x1)
                              "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
                              .
                              R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/28 01:54;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
                              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                              R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                              R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
                              R3 cpuz134;cpuz134;c:\users\Remco\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Remco\AppData\Loc al\Temp\cpuz134\cpuz134_x64.sys [x]
                              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                              R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                              R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                              R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                              R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                              R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                              S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                              S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                              S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
                              S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                              S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
                              S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                              S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [x]
                              S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
                              S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
                              S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
                              S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
                              S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
                              S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
                              S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
                              S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                              S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
                              S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
                              S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe [x]
                              S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
                              S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe;c:\asus.sys\SIONExportService.exe [x]
                              S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
                              S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
                              S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
                              S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                              S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                              S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                              S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
                              S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
                              S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
                              S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
                              S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
                              S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
                              S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
                              S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
                              S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
                              S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
                              S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                              S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                              S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
                              S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                              S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
                              S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
                              S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
                              S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
                              S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh .sys [x]
                              S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
                              S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
                              .
                              .
                              --- Andere Services/Drivers In Geheugen ---
                              .
                              *NewlyCreated* - CPUZ135
                              *NewlyCreated* - MBAMSWISSARMY
                              *NewlyCreated* - NVSTREAMKMS
                              *NewlyCreated* - PXLDYPOB
                              *Deregistered* - cpuz135
                              *Deregistered* - pxldypob
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              .
                              2015-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
                              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 09:40]
                              .
                              2015-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
                              .
                              2015-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
                              .
                              .
                              --------- X64 Entries -----------
                              .
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
                              @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
                              @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
                              @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
                              @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
                              @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
                              @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
                              @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
                              @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-08-17 04:10 164760 ----a-w- c:\users\Remco\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
                              "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
                              "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
                              "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
                              "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
                              "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
                              "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
                              "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
                              "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
                              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
                              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
                              "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
                              "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
                              "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
                              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                              "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
                              .
                              ------- Bijkomende Scan -------
                              .
                              uLocal Page = c:\windows\system32\blank.htm
                              mLocal Page = c:\windows\SysWOW64\blank.htm
                              TCP: DhcpNameServer = 195.121.1.34 195.121.1.66
                              FF - ProfilePath - c:\users\Remco\AppData\Roaming\mozilla\firefox\Profiles\q7jnkt6h.default\
                              .
                              - - - - ORPHANS VERWIJDERD - - - -
                              .
                              Wow6432Node-HKCU-Run-FDPRO-516 - c:\program files (x86)\Fighters\FighterLauncher.exe
                              Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
                              Wow6432Node-HKCU-Run-LightShot - c:\users\Remco\AppData\Local\Skillbrains\lightshot\Lightshot.exe
                              Wow6432Node-HKLM-Run-BDRegion - c:\program files (x86)\Cyberlink\Shared files\brs.exe
                              Wow6432Node-HKLM-Run-<NO NAME> - (no file)
                              HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
                              HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
                              HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
                              .
                              .
                              .
                              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="SafariDownload"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="IE.AssocFile.HTM"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="IE.AssocFile.HTM"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="SafariExtension"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="ChromeHTML"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="IE.AssocFile.SVG"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="SafariHTML"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="IE.AssocFile.XHT"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="IE.AssocFile.XHT"
                              .
                              [HKEY_USERS\S-1-5-21-1874403603-3095298681-2600618074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
                              @Denied: (2) (S-1-5-21-1874403603-3095298681-2600618074-1001)
                              @Denied: (2) (LocalSystem)
                              "Progid"="SafariHTML"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker6"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Shockwave Flash Object"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                              @="0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="ShockwaveFlash.ShockwaveFlash.16"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="ShockwaveFlash.ShockwaveFlash"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                              @Denied: (A 2) (Everyone)
                              @="Macromedia Flash Factory Object"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
                              "ThreadingModel"="Apartment"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                              @="FlashFactory.FlashFactory.1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                              @="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                              @="FlashFactory.FlashFactory"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker6"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                              @Denied: (Full) (Everyone)
                              .
                              Voltooingstijd: 2015-04-11 20:21:26
                              ComboFix-quarantined-files.txt 2015-04-11 18:21
                              .
                              Pre-Run: 127.002.091.520 bytes beschikbaar
                              Post-Run: 126.629.396.480 bytes beschikbaar
                              .
                              - - End Of File - - 972D10215CFE7E1D953F096828F1CFDB

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X