Mededeling

Collapse
No announcement yet.

laptop traag, fiesiek geheugen vaak om 90% daardoor zeer traag.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • laptop traag, fiesiek geheugen vaak om 90% daardoor zeer traag.

    Hallo beste mensen.

    mijn fysiek geheugen loopt vaak naar de 90 % of hoger, hierdoor hoor ik de fan hard draaien, en reageert de laptop zeer traag.

    zie hier onder voor de logies, alvast bedankt.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 26/10/2015
    Scantijd: 20:32
    Logboekbestand: mbamlog.txt
    Beheerder: Ja

    Versie: 2.2.0.1024
    Malware-database: v2015.10.26.06
    Rootkit-database: v2015.10.23.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: davidsamsung

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 551847
    Verstreken tijd: 3 u., 1 min, 46 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.17519 BrowserJavaVersion: 11.40.2
    Run by davidsamsung at 16:51:41 on 2015-10-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6056.3944 [GMT 0:00]
    .
    AV: AVG Internet Security *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
    .
    ============== Running Processes ===============
    .
    c:\PROGRA~2\AVG\Av\avgrsa.exe
    C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\Av\avgfws.exe
    C:\Program Files (x86)\AVG\Av\avgidsagent.exe
    C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    C:\windows\System32\svchost.exe -k utcsvc
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    C:\ProgramData\MobileBrServ\mbbservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\System32\alg.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\AVG\Av\avgnsa.exe
    C:\Program Files (x86)\AVG\Av\avgemca.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\sppsvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    C:\Program Files (x86)\AVG\Av\avgui.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\windows\SysWOW64\ctfmon.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
    C:\windows\system32\igfxext.exe
    \\?\C:\windows\system32\wbem\WMIADAP.EXE
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.co.uk/
    uProxyOverride = <local>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
    mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\DAVIDS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{5FE6BD13-2613-4A61-94F2-A918D2913CC4} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A0A5E21B-8668-46AD-BD2C-7B408D2BA7C8} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{C24681C1-9190-411F-AE85-81F7D0C58E02} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{C24681C1-9190-411F-AE85-81F7D0C58E02}\4514C4B44514C4B4D2632403444483 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C24681C1-9190-411F-AE85-81F7D0C58E02}\46166796461313 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D0941AC8-17D8-4D80-9ED9-0F50778DA7C2} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll, c:\windows\syswow64\nvinit.dll, C:\windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com/?cid={BAA3163F-100B-47EC-BDDA-1AFD07D13C4F}&mid=b4b8741aa3fd42cc837960c40d360ef6-a9cb44774754139365bb8a96e483307bdd37cb1a&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0715avt&pr=fr&d=2015-07-17 18:11:58&v=4.1.5.143&pid=wtu&sg=&sap=hp
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2015-8-20 298416]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2015-8-14 398256]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2015-8-10 251312]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2015-8-10 42416]
    R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-4-11 14456]
    R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2015-8-10 197040]
    R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2015-8-29 97208]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2015-9-11 312752]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2015-8-10 293296]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2015-8-28 301488]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-7 13824]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/30 19:42:42];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-5-20 148976]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-9-12 1568904]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-9-12 3793392]
    R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-10-16 1046952]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-9-12 595832]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
    R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-30 83240]
    R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-30 70952]
    R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-11-30 312616]
    R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-24 1149760]
    R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-12-24 232288]
    R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-30 75248]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1796928]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-23 19440960]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-7 2656536]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
    R3 BTHprint;Microsoft Bluetooth-printerklasse;C:\windows\System32\drivers\BTHPRINT.SYS [2009-7-14 67072]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
    R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-7-7 138024]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
    R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-18 17920]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-7 317440]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2015-10-26 25816]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-24 20288]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-9-24 38048]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-7 471144]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-26 1135416]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
    S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-9-30 604712]
    S3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-3-8 46592]
    S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\windows\System32\drivers\jnprvamgr.sys [2014-7-8 45352]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-10-12 50072]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2015-10-26 63704]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-21 19456]
    S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-7 166704]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-21 30208]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
    .
    =============== Created Last 30 ================
    .
    2015-10-26 20:32:10 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2015-10-26 20:32:01 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
    2015-10-26 20:32:01 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
    2015-10-26 20:32:01 109272 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
    2015-10-26 20:32:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-15 05:22:43 766464 ----a-w- C:\windows\System32\generaltel.dll
    2015-10-15 05:22:43 73216 ----a-w- C:\windows\System32\acmigration.dll
    2015-10-15 05:22:43 700416 ----a-w- C:\windows\System32\invagent.dll
    2015-10-15 05:22:43 503808 ----a-w- C:\windows\System32\devinv.dll
    2015-10-15 05:22:43 25432 ----a-w- C:\windows\System32\CompatTelRunner.exe
    2015-10-15 05:22:43 1291264 ----a-w- C:\windows\System32\appraiser.dll
    2015-10-15 05:22:43 1163776 ----a-w- C:\windows\System32\aeinv.dll
    2015-10-14 07:35:55 5569472 ----a-w- C:\windows\System32\ntoskrnl.exe
    2015-10-10 17:05:28 -------- d-----w- C:\ProgramData\Avg_Update_0615pit
    2015-10-10 17:03:34 -------- d-----w- C:\Users\davidsamsung\AppData\Roaming\AVG
    2015-10-10 16:58:12 -------- d-----w- C:\ProgramData\Avg
    2015-10-10 16:57:14 -------- d-----w- C:\Users\davidsamsung\AppData\Local\AvgSetupLog
    .
    ==================== Find3M ====================
    .
    2015-10-26 20:17:28 780488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2015-10-26 20:17:28 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-01 18:06:49 692672 ----a-w- C:\windows\System32\winload.efi
    2015-10-01 18:04:11 616360 ----a-w- C:\windows\System32\winresume.efi
    2015-10-01 18:00:59 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
    2015-10-01 18:00:43 59392 ----a-w- C:\windows\System32\appidapi.dll
    2015-10-01 18:00:43 32768 ----a-w- C:\windows\System32\appidsvc.dll
    2015-10-01 18:00:06 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
    2015-10-01 18:00:06 147456 ----a-w- C:\windows\System32\appidpolicyconverter.exe
    2015-10-01 17:50:35 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
    2015-10-01 17:00:54 61440 ----a-w- C:\windows\System32\drivers\appid.sys
    2015-09-29 03:13:50 1730496 ----a-w- C:\windows\System32\ntdll.dll
    2015-09-29 03:11:19 362496 ----a-w- C:\windows\System32\wow64win.dll
    2015-09-29 03:11:19 243712 ----a-w- C:\windows\System32\wow64.dll
    2015-09-29 03:11:19 215040 ----a-w- C:\windows\System32\winsrv.dll
    2015-09-29 03:11:19 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2015-09-29 03:11:06 210944 ----a-w- C:\windows\System32\wdigest.dll
    2015-09-29 03:11:03 86528 ----a-w- C:\windows\System32\TSpkg.dll
    2015-09-29 03:11:01 503808 ----a-w- C:\windows\System32\srcore.dll
    2015-09-29 03:11:01 50176 ----a-w- C:\windows\System32\srclient.dll
    2015-09-29 03:10:59 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
    2015-09-29 03:10:56 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2015-09-29 03:10:55 315392 ----a-w- C:\windows\System32\msv1_0.dll
    2015-09-29 03:10:53 729088 ----a-w- C:\windows\System32\kerberos.dll
    2015-09-29 03:10:53 424960 ----a-w- C:\windows\System32\KernelBase.dll
    2015-09-29 03:10:47 44032 ----a-w- C:\windows\System32\cryptbase.dll
    2015-09-29 03:10:47 43520 ----a-w- C:\windows\System32\csrsrv.dll
    2015-09-29 03:10:47 22016 ----a-w- C:\windows\System32\credssp.dll
    2015-09-29 03:10:30 112640 ----a-w- C:\windows\System32\smss.exe
    2015-09-29 03:10:25 296960 ----a-w- C:\windows\System32\rstrui.exe
    2015-09-29 03:09:59 338432 ----a-w- C:\windows\System32\conhost.exe
    2015-09-29 03:09:53 64000 ----a-w- C:\windows\System32\auditpol.exe
    2015-09-29 03:05:56 60416 ----a-w- C:\windows\System32\msobjs.dll
    2015-09-29 03:05:36 146432 ----a-w- C:\windows\System32\msaudite.dll
    2015-09-29 03:05:01 3990976 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2015-09-29 03:05:01 3936192 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2015-09-29 03:02:09 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll
    2015-09-29 02:59:20 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
    2015-09-29 02:59:17 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
    2015-09-29 02:59:16 43008 ----a-w- C:\windows\SysWow64\srclient.dll
    2015-09-29 02:59:10 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2015-09-29 02:59:08 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
    2015-09-29 02:59:04 552960 ----a-w- C:\windows\SysWow64\kerberos.dll
    2015-09-29 02:58:57 36864 ----a-w- C:\windows\SysWow64\cryptbase.dll
    2015-09-29 02:58:57 17408 ----a-w- C:\windows\SysWow64\credssp.dll
    2015-09-29 02:58:52 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2015-09-29 02:58:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2015-09-29 02:58:05 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
    2015-09-29 02:57:53 665088 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2015-09-29 02:57:53 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2015-09-29 02:57:52 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2015-09-29 02:53:44 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
    2015-09-29 02:53:28 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
    2015-09-29 01:50:29 159232 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
    2015-09-29 01:49:43 290816 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
    2015-09-29 01:49:31 129024 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
    2015-09-29 01:43:29 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2015-09-29 01:43:27 2048 ----a-w- C:\windows\SysWow64\user.exe
    2015-09-29 01:40:57 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2015-09-29 01:40:57 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-09-29 01:40:57 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2015-09-29 01:40:57 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2015-09-25 18:07:19 98816 ----a-w- C:\windows\System32\wudriver.dll
    2015-09-25 18:07:19 3168768 ----a-w- C:\windows\System32\wucltux.dll
    2015-09-25 18:07:19 192512 ----a-w- C:\windows\System32\wuwebv.dll
    2015-09-25 18:06:54 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
    2015-09-25 18:06:44 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
    2015-09-25 18:06:40 37888 ----a-w- C:\windows\System32\wuapp.exe
    2015-09-25 17:59:08 93696 ----a-w- C:\windows\SysWow64\wudriver.dll
    2015-09-25 17:59:08 174080 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2015-09-25 17:58:25 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
    2015-09-17 23:48:11 2239488 ----a-w- C:\windows\System32\wininet.dll
    2015-09-17 23:48:02 603648 ----a-w- C:\windows\System32\vbscript.dll
    2015-09-17 23:46:54 3960832 ----a-w- C:\windows\System32\jscript9.dll
    2015-09-17 23:46:50 67072 ----a-w- C:\windows\System32\iesetup.dll
    2015-09-17 23:46:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2015-09-17 23:46:13 1509376 ----a-w- C:\windows\System32\inetcpl.cpl
    2015-09-17 20:44:58 1763328 ----a-w- C:\windows\SysWow64\wininet.dll
    2015-09-17 20:44:52 525824 ----a-w- C:\windows\SysWow64\vbscript.dll
    2015-09-17 20:43:56 2866176 ----a-w- C:\windows\SysWow64\jscript9.dll
    2015-09-17 20:43:52 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2015-09-17 20:43:52 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2015-09-17 20:43:22 1441280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2015-09-17 18:58:49 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2015-09-17 18:58:32 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2015-09-17 18:31:32 441856 ----a-w- C:\windows\System32\html.iec
    2015-09-17 18:27:40 361984 ----a-w- C:\windows\SysWow64\html.iec
    2015-09-17 18:06:09 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2015-09-17 18:02:21 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2015-09-15 18:17:05 157016 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2015-09-15 18:17:04 97112 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2015-09-15 18:11:30 29184 ----a-w- C:\windows\System32\sspisrv.dll
    2015-09-15 18:11:30 136192 ----a-w- C:\windows\System32\sspicli.dll
    2015-09-15 18:11:28 342016 ----a-w- C:\windows\System32\schannel.dll
    2015-09-15 18:11:28 28160 ----a-w- C:\windows\System32\secur32.dll
    2015-09-15 18:11:24 309760 ----a-w- C:\windows\System32\ncrypt.dll
    2015-09-15 18:11:20 1461760 ----a-w- C:\windows\System32\lsasrv.dll
    2015-09-15 18:10:32 31232 ----a-w- C:\windows\System32\lsass.exe
    2015-09-15 17:36:38 248832 ----a-w- C:\windows\SysWow64\schannel.dll
    2015-09-15 17:36:38 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    .
    ============= FINISH: 16:53:52.34 ===============




    # AdwCleaner v5.015 - Logbestand aangemaakt 27/10/2015 op 16:44:12
    # Laatste update 26/10/2015 door Xplode
    # Database : 2015-10-26.2 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : davidsamsung - DAVIDSAMSUNG-PC
    # Gestart vanuit : C:\Users\davidsamsung\Desktop\adwcleaner_5.015.exe
    # Optie : Verwijderen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****

    [-] Map Verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Map Verwijderd : C:\ProgramData\AVG Secure Search
    [-] Map Verwijderd : C:\ProgramData\AVG Security Toolbar
    [-] Map Verwijderd : C:\ProgramData\Avg_Update_0615avt
    [-] Map Verwijderd : C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\Extensions\[email protected] ar

    ***** [ Bestanden ] *****

    [-] Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
    [-] Bestand Verwijderd : C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\searchplugins\avg-secure-search.xml

    ***** [ DLLs ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ geplande taken ] *****

    [-] Taak Verwijderd : RunAsStdUser Task
    [-] Taak Verwijderd : AVG-Secure-Search-Update_0615pit_RML
    [-] Taak Verwijderd : AVG-Secure-Search-Update_0615pit_RML

    ***** [ Register ] *****

    [-] Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update BrowseFox
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Sleutel Verwijderd : HKU\.DEFAULT\Software\Avg Secure Update
    [-] Sleutel Verwijderd : HKCU\Software\Avg Secure Update
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Avg Secure Update
    Sleutel Niet Verwijderd : [x64] HKCU\Software\Avg Secure Update

    ***** [ Internetbrowsers ] *****

    [-] [C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\prefs.js] [Preference] Verwijderd : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{89271932-c601-4633-b1dd-5463e685088d}\",\"mid\":\"b4b8741aa3fd42cc837960c40d360ef6-
    [-] [C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\prefs.js] [Preference] Verwijderd : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value
    [-] [C:\Users\davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Verwijderd : uk.ask.com

    *************************

    :: Winsock instellingen gereset

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4590 bytes] ##########
    Last edited by daidai; 27-10-15, 18:14.

  • #2
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-10-27 17:05:30
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
    Running: wxybuf0p.exe; Driver: C:\Users\DAVIDS~1\AppData\Local\Temp\ffxcraow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgfws.exe[1876] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\Av\avgidsagent.exe[1896] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3188] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
    .text C:\windows\System32\alg.exe[3444] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
    .text C:\windows\System32\alg.exe[3444] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
    .text C:\windows\System32\alg.exe[3444] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
    .text C:\windows\System32\alg.exe[3444] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
    .text C:\windows\System32\alg.exe[3444] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
    .text C:\windows\System32\alg.exe[3444] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
    .text C:\windows\System32\alg.exe[3444] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
    .text C:\windows\System32\alg.exe[3444] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
    .text C:\windows\servicing\TrustedInstaller.exe[3492] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000177020128
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000177020018
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000001770201b0
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000177020238
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000001770202c0
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000001770200a0
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0xfffffffffffd2590}
    .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3628] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000177020128
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000177020018
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000001770201b0
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000177020238
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000001770202c0
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000001770200a0
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0xfffffffffffd2590}
    .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3636] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
    .text C:\windows\system32\svchost.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000177020128
    .text C:\windows\system32\svchost.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000177020018
    .text C:\windows\system32\svchost.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000001770201b0
    .text C:\windows\system32\svchost.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000177020238
    .text C:\windows\system32\svchost.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000001770202c0
    .text C:\windows\system32\svchost.exe[3880] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000001770200a0
    .text C:\windows\system32\svchost.exe[3880] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0xfffffffffffd2590}
    .text C:\windows\system32\svchost.exe[3880] C:\windows\system32\KERNELBASE.dll!ResumeThread

    Comment


    • #3
      000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4608] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
      .text C:\windows\system32\svchost.exe[4748] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000177020128
      .text C:\windows\system32\svchost.exe[4748] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000177020018
      .text C:\windows\system32\svchost.exe[4748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000001770201b0
      .text C:\windows\system32\svchost.exe[4748] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000177020238
      .text C:\windows\system32\svchost.exe[4748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000001770202c0
      .text C:\windows\system32\svchost.exe[4748] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000001770200a0
      .text C:\windows\system32\svchost.exe[4748] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0xfffffffffffd2590}
      .text C:\windows\system32\svchost.exe[4748] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\system32\SearchIndexer.exe[4876] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5020] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\windows\system32\wbem\wmiprvse.exe[3024] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\windows\system32\taskhost.exe[3152] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3436] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\windows\system32\conhost.exe[3248] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\system32\conhost.exe[3248] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\system32\conhost.exe[3248] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\system32\conhost.exe[3248] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\system32\conhost.exe[3248] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\system32\conhost.exe[3248] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\windows\system32\conhost.exe[3248] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\windows\system32\conhost.exe[3248] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\windows\system32\Dwm.exe[4272] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\windows\Explorer.EXE[2672] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\windows\Explorer.EXE[2672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\windows\Explorer.EXE[2672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\windows\Explorer.EXE[2672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\windows\Explorer.EXE[2672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\windows\Explorer.EXE[2672] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\windows\Explorer.EXE[2672] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\windows\Explorer.EXE[2672] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
      .text ... * 9
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
      .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4512] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Windows\System32\rundll32.exe[4492] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Program Files\Elantech\ETDCtrl.exe[3892] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Windows\System32\igfxtray.exe[4656] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
      .text C:\Windows\System32\hkcmd.exe[4684] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
      .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\system32\kernel32.dll!CreateProcessInternalW

      Comment


      • #4
        000000007704db10 1 byte JMP 00000000773000a0
        .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
        .text C:\Windows\System32\igfxpers.exe[4668] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
        .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\AVG\Av\avgui.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\AVG\Av\avgui.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\AVG\Av\avgui.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\AVG\Av\avgui.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\AVG\Av\avgui.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1584] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\windows\SysWOW64\ctfmon.exe[4620] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
        .text C:\windows\system32\taskeng.exe[5216] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
        .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5268] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5268] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5268] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5268] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5268] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[5296] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
        .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[5304] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
        .text C:\windows\system32\igfxext.exe[5364] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000077300128
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000077300018
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000000773001b0
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000077300238
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000000773002c0
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000000773000a0
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0x2b2590}
        .text C:\Program Files\Internet Explorer\iexplore.exe[5704] C:\windows\system32\KERNELBASE.dll!ResumeThread

        Comment


        • #5
          000007fefbe16f00 5 bytes JMP 000007fff5281f50
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753e1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753e1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753e1431 2 bytes JMP 76838fd1 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753e144a 2 bytes CALL 7679489d C:\windows\syswow64\kernel32.dll
          .text ... * 9
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753e14dd 2 bytes JMP 768388c4 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753e14f5 2 bytes JMP 76838aa0 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753e150d 2 bytes JMP 768387ba C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753e1525 2 bytes JMP 76838b8a C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753e153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753e1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753e156d 2 bytes JMP 76839089 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753e1585 2 bytes JMP 76838bea C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753e159d 2 bytes JMP 7683877e C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753e15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753e15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753e16b2 2 bytes JMP 76838f4c C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5764] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753e16bd 2 bytes JMP 76838713 C:\windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
          .text C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe[1292] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]
          .text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4056] C:\windows\syswow64\KERNELBASE.dll!ResumeThread 0000000075063b49 5 bytes JMP 00000001727b1de0
          .text C:\windows\System32\svchost.exe[5508] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719dc30 5 bytes JMP 0000000177020128
          .text C:\windows\System32\svchost.exe[5508] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007719dd50 5 bytes JMP 0000000177020018
          .text C:\windows\System32\svchost.exe[5508] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007719de30 5 bytes JMP 00000001770201b0
          .text C:\windows\System32\svchost.exe[5508] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007719e380 5 bytes JMP 0000000177020238
          .text C:\windows\System32\svchost.exe[5508] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007719e410 5 bytes JMP 00000001770202c0
          .text C:\windows\System32\svchost.exe[5508] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007704db10 1 byte JMP 00000001770200a0
          .text C:\windows\System32\svchost.exe[5508] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007704db12 3 bytes {JMP 0xfffffffffffd2590}
          .text C:\windows\System32\svchost.exe[5508] C:\windows\system32\KERNELBASE.dll!ResumeThread 000007fefbe16f00 5 bytes JMP 000007fff5281f50
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc90 5 bytes JMP 00000001727b1c00
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007734fe54 5 bytes JMP 00000001727b1820
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007734ffb4 5 bytes JMP 00000001727b1ec0
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773507dc 5 bytes JMP 00000001727b1ee0
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000773508b4 5 bytes JMP 00000001727b1f00
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000767a3bab 3 bytes JMP 00000001727b1990
          .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[6080] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000767a3baf 1 byte [FC]

          ---- User IAT/EAT - GMER 2.1 ----

          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\user32.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shlwapi.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shlwapi.DLL[USER32.dll!DialogBoxParamW] [7feee2f4bf0] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shlwapi.DLL[USER32.dll!DialogBoxParamA] [7feee31e5a4] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shlwapi.DLL[USER32.dll!MessageBoxW] [7feee31e1bc] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7feee31e1bc] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7feee2f4bf0] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7feee2f4170] C:\Program Files\Internet Explorer\IEShims.dll
          IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\shell32.DLL[USER32.dll!

          Comment


          • #6
            \amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.DLL[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7feee2f4bf0] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7feee2e2e04] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\IconCodecService.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\SHDOCVW.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\SHDOCVW.dll[USER32.dll!EnableWindow] [7feee2e2e04] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\SHDOCVW.dll[USER32.dll!DialogBoxParamW] [7feee2f4bf0] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\SearchFolder.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\NetworkExplorer.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\System32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\System32\DAVHLPR.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\WINMM.dll[USER32.dll!MessageBoxW] [7feee31e1bc] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\PortableDeviceApi.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\EhStorAPI.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\zipfldr.dll[KERNEL32.dll!GetProcAddress] [7feee2e1cf8] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\zipfldr.dll[USER32.dll!EnableWindow] [7feee2e2e04] C:\Program Files\Internet Explorer\IEShims.dll
            IAT C:\Program Files\Internet Explorer\iexplore.exe[5704] @ C:\windows\system32\zipfldr.dll[USER32.dll!DialogBoxParamW] [7feee2f4bf0] C:\Program Files\Internet Explorer\IEShims.dll

            ---- Registry - GMER 2.1 ----

            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97104e466
            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97104e65f
            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97120caeb
            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xEF 0xA1 0xF9 0x07 ...
            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x6B 0x6A 0x54 0x3D ...
            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xA4 0x1A 0x6B 0xD0 ...
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97104e466 (not active ControlSet)
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97104e65f (not active ControlSet)
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97120caeb (not active ControlSet)
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xEF 0xA1 0xF9 0x07 ...
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x6B 0x6A 0x54 0x3D ...
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xA4 0x1A 0x6B 0xD0 ...

            ---- Disk sectors - GMER 2.1 ----

            Disk \Device\Harddisk0\DR0 unknown MBR code

            ---- EOF - GMER 2.1 ----

            Comment


            • #7
              Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
              Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
              (hier en hier) kan je lezen hoe je dat doet.

              Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
              • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
              • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
              • Kopieer nu onderstaande code en plak die in het grote invulvenster:
              • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
                Code:
                emptyfolderscheck;delete
                firefoxlook; 
                Chromelook; 
                CHRdefaults;
                autoclean; 
                iedefaults;
              • Klik nu op de knop "Run script".
              • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
              • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
              • Post het geopende logje in het volgende bericht als bijlage.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Goede avond

                Zie logje ,dank u



                Zoek.exe v5.0.0.1 Updated 25-October-2015
                Tool run by davidsamsung on 27/10/2015 at 20:02:52.64.
                Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                Running in: Normal Mode Internet Access Detected
                Launched: C:\Users\davidsamsung\Desktop\zoek.exe [Scan all users] [Script inserted]

                ==== System Restore Info ======================

                27/10/2015 20:03:56 Zoek.exe System Restore Point Created Successfully.

                ==== Empty Folders Check ======================

                C:\PROGRA~2\AGEIA Technologies deleted successfully
                C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
                C:\Users\davidsamsung\AppData\Roaming\Malwarebytes deleted successfully
                C:\Users\davidsamsung\AppData\Local\EmieBrowserModeList deleted successfully
                C:\Users\davidsamsung\AppData\Local\EmieSiteList deleted successfully
                C:\Users\davidsamsung\AppData\Local\EmieUserList deleted successfully
                C:\Users\davidsamsung\AppData\Local\VirtualStore deleted successfully

                ==== Deleting CLSID Registry Keys ======================

                HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10E5A859-E3DB-42A1-9CBD-1ADB33B37FC6} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15874BBB-98BF-4C4C-B0B-12AA987DDF3F} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D4A9FE1-62AD-4D5B-8DC7-46A2BABAA6} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54FDA415-8B2F-413D-B312-5DD2285CB5D6} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5a6f3a76-2517-4a97-8493-9a3bb06a87cf} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89E3BBA0-C2E6-438C-9CCF-3F83CD36FD88} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B68C914-1A9C-4835-9113-70A374648E0} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5969180-DB37-433C-A741-1AAADBAC3C9B} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D72F0AB7-FD0A-4207-8092-62CD70F85E31} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB18A8F5-6767-41B3-9AB6-746B45F82ED} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC31F6E6-4E88-4E63-BD51-E6045A1274} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5713202-A776-4B3E-A411-65E2CCD087BA} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f6734a37-aae3-49eb-810d-276276aba1ba} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5a6f3a76-2517-4a97-8493-9a3bb06a87cf} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f6734a37-aae3-49eb-810d-276276aba1ba} deleted successfully

                ==== Deleting CLSID Registry Values ======================


                ==== Deleting Services ======================


                ==== FireFox Fix ======================

                ProfilePath: C:\Users\DAVIDS~1\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default

                user.js not found
                ---- Lines BrowseFox removed from prefs.js ----
                user_pref("extensions.BrowseFox.aul", "1385165360344");
                user_pref("extensions.BrowseFox.irl", true);
                user_pref("extensions.BrowseFox.is", "fmxbfrs");
                user_pref("extensions.BrowseFox.ug", "D5BB175D-85AB-424C-9611-992925F0667A");
                ---- Lines a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220 removed from prefs.js ----
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.active", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.addressbar", "NA");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.addressbarenhanced", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncdb.was_copied", "true");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncdb_dbWasSet", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncdb_dbWasSet_FF25_FIX", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncinternaldb.was_copied", "true");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncinternaldb_dbWasSet", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.asyncinternaldb_dbWasSet_FF25_FIX", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.backgroundver", 1);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.certdomaininstaller", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.changeprevious", false);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.cookie.InstallationTime.expiration", "Fri Feb 01
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.cookie.InstallationTime.value", "%221391951975%2
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.cookie.InstallerParams.expiration", "Fri Feb 01
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.cookie.InstallerParams.value", "%7B%22source_id%
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.description", "DP1815");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.domain", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.enablesearch", false);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.homepage", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.iframe", false);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.InstallationThankYouPage", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.InstallationTime", 1391951975);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.__defualt_browser__.expiration", "Fri
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.__defualt_browser__.value", "%22ie%22
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.installer.expiration", "Fri Feb 01 20
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.installer.value", "%7B%22InstallerIde
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerIdentifiers.expiration", "Fr
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerIdentifiers.value", "%7B%22i
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerParams.expiration", "Fri Feb
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerParams.value", "%7B%22source
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerParamsCache.expiration", "Fr
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerParamsCache.value", "%7B%22s
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerUserIdentifiersCache.expirat
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.InstallerUserIdentifiersCache.value",
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_bundledUrls.expir
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_bundledUrls.value
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_bundledWithHash.e
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_bundledWithHash.v
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_notBundledArr_.ex
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.monetization_plugin_notBundledArr_.va
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_appVer.expiration", "Fri Fe
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_appVer.value", "46");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_lastVersion.expiration", "F
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_lastVersion.value", "1");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_meta.expiration", "Fri Feb
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_meta.value", "%7B%7D");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_queue.expiration", "Fri Feb
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.internaldb.Resources_queue.value", "%7B%7D");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.lastDailyReport", "1397980200444");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.lastUpdate", "1405804772920");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.manifesturl", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.name", "DP1815");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.newtab", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.opensearch", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.pluginsversion", 40);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.publisher", "mrlmedia");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.searchstatus", 0);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.setnewtab", false);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.thankyou", "");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.updateinterval", 360);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.4722 0.ver", 45);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.apps ", "47220");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.bic" , "1444837ce75de05d14e1a0e8a27093be");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.cid" , 47220);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.File sValidatorDueTime", "1397980257371");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.firs trun", false);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.hada ppinstalled", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.inst allationdate", 1392781021);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.mode type", "production");
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.repo rtInstall", true);
                user_pref("extensions.a858a779a4bec47f4ac06ed86e2daad75d82626c3adcb475bb77d9a1e67c4fd2acom47220.stat sDailyCounter", 2);
                ---- Lines mysearch removed from prefs.js ----
                user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={BAA3163F-100B-47EC-BDDA-1AFD07D13C4F}&mid=b4b8741aa3fd42cc837960c40d360ef6-a9cb4
                ---- Lines extensions.cRq removed from prefs.js ----
                user_pref("extensions.cRq.epoch", "1385250427");
                user_pref("extensions.cRq.url", "http://getjpit.info/sync2/?q=hfZ9ofqOg7YMCyVUojnErdCMg708BNmGWj8znShGheDUojwHrjwFrdsErHs9pchIC7n0rjrFrjsGrTr9qHa6tNhV
                ---- FireFox user.js and prefs.js backups ----

                prefs_102015_2018_.backup

                ==== Deleting Files \ Folders ======================

                C:\PROGRA~2\AGEIA Technologies not found
                C:\windows\SysNative\Tasks\0615avtUpdateInfo deleted
                C:\windows\SysNative\Tasks\AVG_SYS_TASK_0615pit deleted
                C:\windows\SysNative\Tasks\AVG_SYS_TASK_0615pit_DELETE deleted
                C:\Users\davidsamsung\AppData\Local\AVG Web TuneUp deleted
                C:\Users\davidsamsung\.android deleted
                C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
                C:\PROGRA~2\AVG Web TuneUp deleted
                C:\PROGRA~3\AVG Web TuneUp deleted
                C:\PROGRA~3\Avg_Update_0615pit deleted
                C:\Users\davidsamsung\AppData\Local\cache deleted
                C:\Users\davidsamsung\AppData\LocalLow\{A10BC05B-FDA1-8430-F75F-31796F232226} deleted
                C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
                C:\windows\wininit.ini deleted
                C:\windows\tasks\0615avtUpdateInfo.job deleted
                C:\windows\SysNative\config\systemprofile\Searches deleted
                C:\windows\SysNative\GroupPolicy\Machine deleted
                C:\windows\SysNative\GroupPolicy\User deleted
                C:\windows\SysNative\GroupPolicy\gpt.ini deleted
                C:\windows\Syswow64\InstallUtil.InstallLog deleted
                C:\Users\davidsamsung\Documents\Add-in Express deleted

                ==== Firefox Extensions ======================

                ProfilePath: C:\Users\DAVIDS~1\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default
                - Undetermined - C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default\extensions\[email protected] ar

                AppDir: C:\Program Files (x86)\Mozilla Firefox
                - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

                ==== Firefox Plugins ======================

                Profilepath: C:\Users\davidsamsung\AppData\Roaming\Mozilla\Firefox\Profiles\ffoh2pcp.default
                EE8D96E7899D12FC3AA5DB2034C0853C - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash


                ==== Chromium Look ======================

                Google Chrome Version: 46.0.2490.80


                Google Slides - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
                Google Docs - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
                Google Drive - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
                YouTube - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
                Google Search - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
                Google Sheets - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
                Google Docs Offline - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
                Chrome Hotword Shared Module - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
                Chrome Web Store Payments - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
                Gmail - davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

                ==== Set IE to Default ======================

                Old Values:
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                "Start Page"="https://www.google.co.uk/"

                New Values:
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                "Start Page"="https://www.google.co.uk/"

                ==== All HKCU SearchScopes ======================

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
                "DefaultScope"="{700A7C3D-297B-4038-A971-CCF889DCEF1D}"
                {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
                {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
                {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
                {700A7C3D-297B-4038-A971-CCF889DCEF1D} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL546"

                ==== Reset Google Chrome ======================

                C:\Users\davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
                C:\Users\davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
                C:\Users\davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

                ==== Deleting CLSID Registry Keys ======================

                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
                HKEY_USERS\S-1-5-21-2320058305-2107136459-2903585659-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

                ==== Deleting CLSID Registry Values ======================


                ==== Deleting Registry Keys ======================

                HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D} deleted successfully
                HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lync deleted successfully

                ==== Empty IE Cache ======================

                C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Users\davidsamsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
                C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
                C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Users\davidsamsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ENN77D4 will be deleted at reboot

                ==== Empty FireFox Cache ======================

                No FireFox Cache found

                ==== Empty Chrome Cache ======================

                C:\Users\davidsamsung\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

                ==== Empty All Flash Cache ======================

                Flash Cache Emptied Successfully

                ==== Empty All Java Cache ======================

                Java Cache cleared successfully

                ==== C:\zoek_backup content ======================

                C:\zoek_backup (files=386 folders=131 96438273 bytes)

                ==== Empty Temp Folders ======================

                C:\Users\davidsamsung\AppData\Local\Temp will be emptied at reboot
                C:\Users\Default\AppData\Local\temp emptied successfully
                C:\Users\Default User\AppData\Local\temp emptied successfully
                C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
                C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
                C:\windows\Temp will be emptied at reboot

                ==== After Reboot ======================

                ==== Empty Temp Folders ======================

                C:\windows\Temp successfully emptied
                C:\Users\DAVIDS~1\AppData\Local\Temp successfully emptied

                ==== Empty Recycle Bin ======================

                C:\$RECYCLE.BIN successfully emptied

                ==== Deleting Files / Folders ======================

                "C:\Users\davidsamsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ENN77D4" not found

                ==== EOF on 27/10/2015 at 20:26:22.61 ======================

                Comment


                • #9
                  Hoe gaat het nu ?

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Hi

                    Ik ben op mijn werk , ik zal het morgen laten weten.

                    Dankje.

                    Comment


                    • #11
                      is goed, als de problemen weg zijn kan je onderstaande doen.,

                      Download Delfix by Xplode naar het bureaublad.

                      KLIK HIER voor een vergroting!
                      (Klik bovenstaande afbeelding aan voor een vergroting!)

                      Dubbelklik op Delfix.exe om de tool te starten.
                      Zet nu vinkjes voor de volgende items:
                      • Remove disinfection tools
                      • Purge System Restore
                      • Reset system settings

                      Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                      Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Hallo

                        wat mijn opval is als ik op internet zit gaat de fan harder draaien en dan zie ik dat het fysiek geheugen flink oploopt nu tot 60%.

                        en als ik internet afsluit blijft hij vaak daarop hangen tot dat ik opnieuw opstart dan is het wel weer rond 36%. soms loopt het wel terug na het afsluiten van IE. maar heb de laptop niet veel gebruikt nu, maar is ieder geval niet tot over 90% opgelopen op dit moment, als dat wel gebeurd , kan ik de laptop niet eens normaal afsluiten, maar alleen via de knop inhouden.

                        zal ik het even aanzien?

                        Comment


                        • #13
                          Doe dat.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Hoi

                            Het is niet over, maar wat mij opvalt is dat het gebeurd als ik mijn laptop 3 dagen aan heb staan. dan is het op 90%.

                            als ik dan opnieuw opstart dan is het weer goed voor een poosje.

                            heb je nog suggesties?

                            Comment


                            • #15
                              Download AdwCleaner by Xplode naar je bureaublad.

                              Sluit alle openstaande programma's.
                              Rechtsklik op AdwCleaner en klik op 'Als administrator uitvoeren...'.

                              Klik op Scannen.
                              Na het scannen, klik op Verwijderen.
                              In het venster '- AdwCleaner – Programma's sluiten -' klik op OK.

                              Tijdens de opruim-actie zullen de snelkoppelingen verdwijnen, dit is normaal.
                              Na het verwijderen verschijnen 2 meldingen:
                              In het venster '- AdwCleaner – Informatie -' klik op OK.
                              In het venster '- AdwCleaner – Herstart benodigd -' klik op OK.

                              Nadat de computer herstart is, opent een logbestand.
                              Sluit het logbestand.
                              Post het bestand C:\AdwCleaner\AdwCleaner[C1].txt als bijlage in je volgend bericht.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X