Mededeling

Collapse
No announcement yet.

hacking

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hacking

    ik had deze post verkeerd geplaatst in de sectie spyware dit moest ik 'doorverwijzen'

    hoi


    ik heb rede om aan te nemen dat er iemand heeft ingebroken in mijn smartphone en ben bang dat mijn router/modem laptop en andere gsms en tablets die we hier in huis hebben niet meer veilig zijn.

    nu ben ikzelf niet goed met pc's enzo maar wil graag weten of mijn bovengenoemde systemen wel veilig zijn
    hopelijk ben ik hier op de goede plaats.

    ik wil u vragen wat ik moet doen om te controleren of alles gewoon veilig is of wat ik moet doen om het weer veilig te maken

    ik stuur dit bericht vanaf mijn laptop met windows 7 maar weet niet waar te beginnen of met welk apparaat
    mijn acer z502 telefoon heb ik wel gereset gisteren en diverse beveiligings apps op geplaatst .

    mijn laptop heb ik daarstraks in veilige modus gescand met avg ik zal hier een log van toevoegen maar weet bij god niet of ik hier goed aan doe. hoopelijk is iemand bereid om samen met mij te kijken of er echt iets aan de hand is... alvast bedankt

    hieronder het mbmlog

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 5-4-2016
    Scantijd: 16:53
    Logboekbestand: mbmlg.txt
    Beheerder: Ja

    Versie: 2.2.1.1043
    Malware-database: v2016.04.05.04
    Rootkit-database: v2016.04.03.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Randy Hübner

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 529145
    Verstreken tijd: 2 u., 19 min, 2 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)


    ik post de volgende logs apart

  • #2
    adw log

    # AdwCleaner v5.109 - Logbestand aangemaakt 05/04/2016 op 19:30:44
    # Laatste update 04/04/2016 door Xplode
    # Database : 2016-04-05.1 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : Randy Hübner - RANDYHÜBNER-PC
    # Gestart vanuit : C:\Users\Randy Hübner\Downloads\adwcleaner_5.109.exe
    # Optie : Verwijderen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service verwijderd : hola_svc
    [-] Service verwijderd : hola_updater

    ***** [ Mappen ] *****

    [-] Map verwijderd : C:\Program Files\Hola
    [-] Map verwijderd : C:\ProgramData\Avg_Update_0316avz
    [#] Map verwijderd : C:\ProgramData\Application Data\Avg_Update_0316avz
    [-] Map verwijderd : C:\Users\Randy Hübner\AppData\Local\Hola
    [-] Map verwijderd : C:\Users\Randy Hübner\AppData\Local\PackageAware
    [-] Map verwijderd : C:\Users\Randy Hübner\AppData\Roaming\Hola

    ***** [ Bestanden ] *****

    [-] Bestand verwijderd : C:\Users\Randy Hübner\AppData\Roaming\Mozilla\Firefox\Profiles\y2lmviqj.default\invalidprefs.js

    ***** [ DLLs ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Geplande taken ] *****


    ***** [ Register ] *****

    [-] Sleutel verwijderd : HKCU\Software\Hola
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Hola
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
    [-] Sleutel verwijderd : HKU\.DEFAULT\Software\Hola
    [-] Waarde verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A3889D8A-9C74-4EE0-B1E9-0F49D3540419}]
    [-] Waarde verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D41A3DE0-22CA-4577-BD6B-EE7016268983}]
    [-] Waarde verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hola]

    ***** [ Internetbrowsers ] *****

    [-] [C:\Users\Randy Hübner\AppData\Roaming\Mozilla\Firefox\Profiles\y2lmviqj.default\prefs.js] [Preference] verwijderd : user_pref("datareporting.sessions.previous.1163", "{\"s\":1459234571204,\"a\":22,\"t\":192,\"c\":true,\"m\":112,\"fp\":1854,\"sr\":2025}");

    *************************

    :: "Tracing" sleutels verwijderd
    :: Winsock instellingen gereset

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2262 bytes] - [05/04/2016 19:30:44]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2351 bytes] - [05/04/2016 19:29:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2408 bytes] ##########

    Comment


    • #3
      het dds log

      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 11.60.2
      Run by Randy Hübner at 19:40:51 on 2016-04-05
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.1524 [GMT 2:00]
      .
      AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
      .
      ============== Running Processes ===============
      .
      c:\PROGRA~2\AVG\Av\avgrsa.exe
      C:\Program Files (x86)\AVG\Av\avgcsrva.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\AVG\Av\avgidsagent.exe
      C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
      C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
      C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
      C:\Windows\System32\svchost.exe -k utcsvc
      C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
      C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
      C:\Program Files (x86)\AVG\Av\avgnsa.exe
      C:\Program Files (x86)\AVG\Av\avgemca.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\system32\GWX\GWX.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe
      C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files (x86)\AVG\Av\avgui.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
      C:\Program Files (x86)\Popcorn Time\Updater.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Windows\System32\alg.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\System32\WUDFHost.exe
      C:\Windows\SysWOW64\ctfmon.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Randy Hübner\Downloads\dds.com
      C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
      uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
      mWinlogon: Userinit = userinit.exe,
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
      uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN5773347H05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
      uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
      mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableLUA = dword:0
      mPolicies-System: EnableUIADesktopToggle = dword:0
      mPolicies-System: PromptOnSecureDesktop = dword:0
      IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      Trusted Zone: hola.org
      TCP: NameServer = 192.168.1.1
      TCP: Interfaces\{55012DD6-5CDD-4EB2-BCD4-CA7BFF10AB88} : NameServer = 8.8.8.8
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14} : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14}\65746573531393243493633393 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14}\865796A75602865726E65627 : DHCPNameServer = 192.168.255.249
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14}\A5967676F62354532493 : DHCPNameServer = 89.101.251.229 89.101.251.228
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14}\A597F507279667164756F5D40514344545 : DHCPNameServer = 192.168.1.254 213.75.63.75 213.75.63.76
      TCP: Interfaces\{6EE6A236-2CC7-4E15-9243-A12259409B14}\B405E40264F6E6 : DHCPNameServer = 194.151.228.2 194.151.228.18
      SSODL: WebCheck - <orphaned>
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
      x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      Hosts: 127.0.0.3 www.anchorfree.net
      Hosts: 127.0.0.2 www.mefeedia.com
      Hosts: 127.0.0.3 anchorfree.net
      Hosts: 127.0.0.3 techbrowsing.com/away.php
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Randy Hübner\AppData\Roaming\Mozilla\Firefox\Profiles\y2lmviqj.default\
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2016-1-26 272304]
      R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2016-2-16 360736]
      R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2016-3-7 246560]
      R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-12-4 42416]
      R0 Avguniva;AVG Universal Driver;C:\Windows\System32\drivers\avguniva.sys [2016-3-8 71456]
      R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2016-2-16 162592]
      R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2016-3-8 306976]
      R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-10-21 284080]
      R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-10-8 302000]
      R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2015-8-28 283064]
      R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2016-3-19 44648]
      R1 ndiskhaz;Azzouzi HotSpot LightWeight Filter;C:\Windows\System32\drivers\ndiskhaz.sys [2016-2-28 30536]
      R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-3-22 3993088]
      R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-2-18 1045928]
      R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-3-22 593880]
      R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-8-19 146040]
      R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-8-19 413304]
      R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-8-19 839288]
      R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
      R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2016-2-17 2442368]
      R2 MyPublicWiFiService;MyPublicWiFi Service;C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [2016-2-28 756224]
      R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2015-9-13 339968]
      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
      R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
      R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2015-8-28 1098784]
      R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2015-9-18 42088]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
      S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-3-22 638456]
      S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-8-19 437880]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688]
      S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-3-12 192216]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-8-29 59392]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-8-30 1255736]
      .
      =============== Created Last 30 ================
      .
      2016-04-05 17:40:52 -------- d-----w- C:\Users\Randy H³bner\AppData\Local\Microsoft
      2016-04-05 17:28:01 -------- d-----w- C:\AdwCleaner
      2016-04-05 10:35:16 -------- d-----w- C:\Users\Randy Hübner\AppData\Roaming\AVG
      2016-03-24 19:40:59 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield
      2016-03-23 19:26:25 5306560 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
      2016-03-19 14:49:37 44648 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
      2016-03-19 14:49:37 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
      2016-03-19 14:49:26 -------- d-----w- C:\ProgramData\Hotspot Shield
      2016-03-19 14:49:25 -------- d-----w- C:\Users\Randy Hübner\AppData\Roaming\Hotspot Shield
      2016-03-12 12:32:33 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2016-03-12 12:32:18 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2016-03-12 12:32:18 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2016-03-12 12:32:18 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2016-03-12 12:32:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2016-03-12 12:14:43 -------- d-----w- C:\Program Files\CCleaner
      2016-03-09 13:45:59 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2016-03-09 13:44:22 381440 ----a-w- C:\Windows\System32\mfds.dll
      2016-03-08 14:12:26 71456 ----a-w- C:\Windows\System32\drivers\avguniva.sys
      2016-03-08 14:12:06 306976 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
      2016-03-07 11:39:02 246560 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
      .
      ==================== Find3M ====================
      .
      2016-03-23 19:26:36 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2016-03-23 19:26:36 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2016-02-19 19:02:43 38336 ----a-w- C:\Windows\System32\CompatTelRunner.exe
      2016-02-19 18:54:11 1168896 ----a-w- C:\Windows\System32\aeinv.dll
      2016-02-19 14:07:35 1373184 ----a-w- C:\Windows\System32\appraiser.dll
      2016-02-16 13:07:34 162592 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
      2016-02-16 13:05:56 360736 ----a-w- C:\Windows\System32\drivers\avgloga.sys
      2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll
      2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll
      2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll
      2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
      2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
      2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
      2016-02-12 18:18:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
      2016-02-12 18:05:17 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
      2016-02-12 18:05:13 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
      2016-02-11 18:56:28 5572032 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2016-02-11 18:56:26 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2016-02-11 18:56:26 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2016-02-11 18:52:52 1733592 ----a-w- C:\Windows\System32\ntdll.dll
      2016-02-11 18:49:42 362496 ----a-w- C:\Windows\System32\wow64win.dll
      2016-02-11 18:49:42 243712 ----a-w- C:\Windows\System32\wow64.dll
      2016-02-11 18:49:42 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
      2016-02-11 18:49:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
      2016-02-11 18:49:19 210432 ----a-w- C:\Windows\System32\wdigest.dll
      2016-02-11 18:49:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2016-02-11 18:49:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
      2016-02-11 18:49:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
      2016-02-11 18:48:58 503808 ----a-w- C:\Windows\System32\srcore.dll
      2016-02-11 18:48:58 50176 ----a-w- C:\Windows\System32\srclient.dll
      2016-02-11 18:48:16 28160 ----a-w- C:\Windows\System32\secur32.dll
      2016-02-11 18:48:14 344064 ----a-w- C:\Windows\System32\schannel.dll
      2016-02-11 18:48:12 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
      2016-02-11 18:47:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
      2016-02-11 18:45:59 312320 ----a-w- C:\Windows\System32\ncrypt.dll
      2016-02-11 18:45:56 315392 ----a-w- C:\Windows\System32\msv1_0.dll
      2016-02-11 18:45:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
      2016-02-11 18:45:35 146432 ----a-w- C:\Windows\System32\msaudite.dll
      2016-02-11 18:44:45 3994560 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
      2016-02-11 18:44:45 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
      2016-02-11 18:44:42 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
      2016-02-11 18:44:34 730112 ----a-w- C:\Windows\System32\kerberos.dll
      2016-02-11 18:44:34 422400 ----a-w- C:\Windows\System32\KernelBase.dll
      2016-02-11 18:42:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll
      2016-02-11 18:42:24 43520 ----a-w- C:\Windows\System32\cryptbase.dll
      2016-02-11 18:42:24 22016 ----a-w- C:\Windows\System32\credssp.dll
      2016-02-11 18:38:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2016-02-11 18:38:24 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2016-02-11 18:38:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
      2016-02-11 18:38:23 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
      2016-02-11 18:38:07 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2016-02-11 18:38:00 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2016-02-11 18:37:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
      2016-02-11 18:37:11 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2016-02-11 18:37:09 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
      2016-02-11 18:35:14 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2016-02-11 18:35:09 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2016-02-11 18:35:06 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
      2016-02-11 18:34:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
      2016-02-11 18:33:30 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2016-02-11 18:31:25 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2016-02-11 17:48:11 64000 ----a-w- C:\Windows\System32\auditpol.exe
      2016-02-11 17:43:48 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
      2016-02-11 17:41:42 338432 ----a-w- C:\Windows\System32\conhost.exe
      2016-02-11 17:40:09 296960 ----a-w- C:\Windows\System32\rstrui.exe
      2016-02-11 17:34:45 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
      2016-02-11 17:34:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
      2016-02-11 17:33:54 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
      2016-02-11 17:32:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
      2016-02-11 17:32:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
      2016-02-11 17:32:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
      2016-02-11 17:32:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
      2016-02-11 17:32:25 30720 ----a-w- C:\Windows\System32\lsass.exe
      2016-02-11 17:32:18 112640 ----a-w- C:\Windows\System32\smss.exe
      2016-02-11 17:31:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
      2016-02-11 17:30:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
      2016-02-11 17:30:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
      2016-02-11 17:30:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
      2016-02-11 17:30:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
      2016-02-11 14:07:46 689152 ----a-w- C:\Windows\System32\generaltel.dll
      2016-02-09 09:57:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
      2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\msdxm.ocx
      2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\dxmasf.dll
      2016-02-09 09:55:34 30720 ----a-w- C:\Windows\System32\seclogon.dll
      2016-02-09 09:54:38 9728 ----a-w- C:\Windows\System32\spwmp.dll
      2016-02-09 09:51:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
      2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
      2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
      2016-02-09 09:13:10 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
      2016-02-08 20:39:06 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2016-02-08 20:39:06 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2016-02-08 20:38:29 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2016-02-08 20:38:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
      2016-02-08 20:37:31 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2016-02-08 20:28:52 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2016-02-08 20:28:32 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2016-02-08 20:16:21 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2016-02-08 20:10:37 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2016-02-08 20:01:48 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2016-02-08 20:01:43 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      .
      ============= FINISH: 19:42:41,64 ===============

      Comment


      • #4
        het gmer log is te lang volgens de site dus moet deze in 2 delen posten omdat het ook niet lukt als bijlage pff

        GMER 2.2.19882 - http://www.gmer.net
        Rootkit scan 2016-04-05 19:59:33
        Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM641JI rev.2AJ10001 596,17GB
        Running: e46et0wg.exe; Driver: C:\Users\RANDYH~1\AppData\Local\Temp\uwxiyaoc.sys


        ---- User code sections - GMER 2.2 ----

        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Windows\System32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
        .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[2408] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Program Files (x86)\AVG\Av\avgemca.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Windows\System32\igfxtray.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Windows\System32\igfxpers.exe[2968] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
        .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[148] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
        .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0

        Comment


        • #5
          hieronder de rest

          .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe[3028] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Program Files\CCleaner\CCleaner64.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\NOTEPAD.EXE[3168] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757e1401 2 bytes JMP 7545b233 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757e1419 2 bytes JMP 7545b35e C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757e1431 2 bytes JMP 754d9011 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757e144a 2 bytes CALL 754348ad C:\Windows\syswow64\kernel32.dll
          .text ... * 9
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757e14dd 2 bytes JMP 754d890a C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757e14f5 2 bytes JMP 754d8ae0 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757e150d 2 bytes JMP 754d8800 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757e1525 2 bytes JMP 754d8bca C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757e153d 2 bytes JMP 7544fcc0 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757e1555 2 bytes JMP 75456907 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757e156d 2 bytes JMP 754d90c9 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757e1585 2 bytes JMP 754d8c2a C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757e159d 2 bytes JMP 754d87c4 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757e15b5 2 bytes JMP 7544fd59 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757e15cd 2 bytes JMP 7545b2f4 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757e16b2 2 bytes JMP 754d8f8c C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\AVG\Av\avgui.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757e16bd 2 bytes JMP 754d8759 C:\Windows\syswow64\kernel32.dll
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3256] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3280] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\svchost.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3480] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\Popcorn Time\Updater.exe[3588] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\SearchIndexer.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\SearchProtocolHost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739d630 5 bytes JMP 00000000000200a0
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007739d750 5 bytes JMP 0000000000020018
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007739d7b0 5 bytes JMP 00000000000203d0
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007739d830 5 bytes JMP 00000000000201b0
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007739d8d0 5 bytes JMP 0000000000020128
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007739dd80 5 bytes JMP 0000000000020238
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007739de10 5 bytes JMP 00000000000202c0
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007739de80 5 bytes JMP 0000000000020348
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007739e340 5 bytes JMP 0000000000020458
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007739e390 5 bytes JMP 00000000000204e0
          .text C:\Windows\system32\svchost.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000773f4240 5 bytes JMP 0000000000020568
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Windows\SysWOW64\ctfmon.exe[4512] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4424] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fcf0 5 bytes JMP 000000006f1b25c0
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754feb4 5 bytes JMP 000000006f1b2420
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007754ff48 5 bytes JMP 000000006f1b2880
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077550014 5 bytes JMP 000000006f1b2860
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077550108 5 bytes JMP 000000006f1b2780
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007755083c 5 bytes JMP 000000006f1b28a0
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077550914 5 bytes JMP 000000006f1b28e0
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775509bc 5 bytes JMP 000000006f1b2920
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077551118 5 bytes JMP 000000006f1b28c0
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077551190 5 bytes JMP 000000006f1b2900
          .text C:\Users\Randy Hübner\Downloads\e46et0wg.exe[4660] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000775f0e9d 5 bytes JMP 000000006f1b29b0

          ---- Threads - GMER 2.2 ----

          Thread C:\Windows\System32\svchost.exe [1308:4988] 000007feef8720c0
          Thread C:\Windows\System32\svchost.exe [1308:4992] 000007feef8726a8
          Thread C:\Windows\System32\svchost.exe [1308:5000] 000007fef13414a0
          Thread C:\Windows\System32\svchost.exe [1308:5004] 000007feef8729dc
          Thread C:\Windows\System32\svchost.exe [1308:5044] 000007fef27b44d0
          Thread C:\Windows\System32\svchost.exe [1308:4288] 000007feefbba2b0
          Thread C:\Windows\System32\svchost.exe [1308:5052] 000007fef29489b8
          Thread C:\Windows\System32\spoolsv.exe [1732:2616] 000007fef68610c8
          Thread C:\Windows\System32\spoolsv.exe [1732:2620] 000007fef6826144
          Thread C:\Windows\System32\spoolsv.exe [1732:2624] 000007fef6615fd0
          Thread C:\Windows\System32\spoolsv.exe [1732:2628] 000007fef6603438
          Thread C:\Windows\System32\spoolsv.exe [1732:2632] 000007fef66163ec
          Thread C:\Windows\System32\spoolsv.exe [1732:2640] 000007fef6b75e5c
          Thread C:\Windows\System32\spoolsv.exe [1732:2664] 000007fef70a5074
          Thread C:\Windows\System32\svchost.exe [2364:2764] 000007fef7910360
          Thread C:\Windows\System32\svchost.exe [2364:2776] 000007fef78ee460
          Thread C:\Windows\System32\svchost.exe [2364:2848] 000007fef78ee450
          Thread C:\Windows\System32\svchost.exe [2364:2852] 000007fef78b5570
          Thread C:\Windows\System32\svchost.exe [2364:2856] 000007fef78ea130
          Thread C:\Windows\System32\svchost.exe [2364:2860] 000007fef78b5560
          Thread C:\Windows\System32\svchost.exe [2364:2864] 000007fef79382a0

          ---- Registry - GMER 2.2 ----

          Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4F2BFA49-9702-4F8B-B328-8352592AEA86}\[email protected] isatap.{72F270EE-C26D-478A-ABBB-D9460F58C570}
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{12590B2B-70FF-4C1A-A3B2-1B883B60C6CE}?\Device\{5AE3E327-9256-46C7-93F2-AE03D5863758}?\Device\{4F2BFA49-9702-4F8B-B328-8352592AEA86}?\Device\{0DA24C28-B229-4863-A2DE-4DAF64803A1D}?\Device\{3917C0E9-1476-4CBC-A799-8647E0641FAB}?\Device\{0A3449DC-F5D1-4912-B74C-74FCC0DB82F1}?
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{12590B2B-70FF-4C1A-A3B2-1B883B60C6CE}"?"{5AE3E327-9256-46C7-93F2-AE03D5863758}"?"{4F2BFA49-9702-4F8B-B328-8352592AEA86}"?"{0DA24C28-B229-4863-A2DE-4DAF64803A1D}"?"{3917C0E9-1476-4CBC-A799-8647E0641FAB}"?"{0A3449DC-F5D1-4912-B74C-74FCC0DB82F1}"?
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{12590B2B-70FF-4C1A-A3B2-1B883B60C6CE}?\Device\TCPIP6TUNNEL_{5AE3E327-9256-46C7-93F2-AE03D5863758}?\Device\TCPIP6TUNNEL_{4F2BFA49-9702-4F8B-B328-8352592AEA86}?\Device\TCPIP6TUNNEL_{0DA24C28-B229-4863-A2DE-4DAF64803A1D}?\Device\TCPIP6TUNNEL_{3917C0E9-1476-4CBC-A799-8647E0641FAB}?\Device\TCPIP6TUNNEL_{0A3449DC-F5D1-4912-B74C-74FCC0DB82F1}?
          Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158330ffea
          Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x81 0x2E 0x78 0x17 ...
          Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F2BFA49-9702-4F8B-B328-8352592AEA86}@InterfaceName isatap.{72F270EE-C26D-478A-ABBB-D9460F58C570}
          Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F2BFA49-9702-4F8B-B328-8352592AEA86}@ReusableType 0
          Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158330ffea (not active ControlSet)
          Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x81 0x2E 0x78 0x17 ...

          ---- EOF - GMER 2.2 ----

          Comment


          • #6
            Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
            Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
            (hier en hier) kan je lezen hoe je dat doet.

            en download Zoek.exe naar het bureaublad.
            klik hier voor meer informatie over hoe zoek.exe te gebruiken)
            • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
            • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
            • Kopieer nu onderstaande code en plak die in het grote invulvenster:
            • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
              Code:
              emptyfolderscheck;delete
              firefoxlook; 
              Chromelook;  
              C:\Program Files\Hola;fs
              C:\Users\Randy Hübner\AppData\Local\Hola;fs
              C:\Users\Randy Hübner\AppData\Roaming\Hola;fs
              autoclean; 
              iedefaults;
            • Klik nu op de knop "Run script".
            • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
            • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
            • Post het geopende logje in het volgende bericht als bijlage.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              zoek-results.txt

              Comment


              • #8
                Prima gedaan, vertel even hoe het nu gaat aub.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  hoi laptop loopt prima
                  had reden om aan te nemen dat iemand toegang heeft maar hoop dat u kunt bevestigen dat het niet zo is

                  hartelijk bedankt voor het helpen

                  rest mij nog een vraag is er ook een manier om mijn smartphone te scannen of dergelijke want ik denk dat men hier op heeft ingebroken
                  zelf heb ik hem gereset en mbam erop gezet en 360

                  graag hoor ik van u

                  Comment


                  • #10
                    Ik zou het niet weten, ben niet zo thuis in de android beveiliging.

                    Hier staat wel een leuk artikel http://computertotaal.nl/smartphone/...veiligen-61970
                    Last edited by Juisterr; 06-04-16, 14:19.

                    Windows 10 opstarten in Veilige Modus

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X