Angel-KP

Ik zet deze op "opgelost" Super bedankt!!!

Dank je! Ik kijk het nog ff aan vandaag. Alles is uit de kast gehaald om de pc zo snel mogelijk te krijgen he? Nogmaals thnks

Zeker niet trager en ook Google Chrome, VCL playr, Realplayer starten ietsje sneller op

uitgeschakeld. Ik ga ff kijken of ik de komend uurtje verschil merk.

Die staat aan.

Het is volgens mij een tikkeltje sneller. Is dit het maximum of kan er nog iets worden gedaan waardoor het sneller wordt.

Bizar. Ik heb ComboFix net nog eens gedraaid en het log gekopieerd. ComboFix 12-10-18.03 - Eigenaar 19-10-2012 14:09:49.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1359 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))) . . 2012-10-16 18:36 . 2012-10-18 18:38 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-10-16 12:00 . 2012-10-16 12:00 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-10-16 11:58 . 2012-10-16 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-16 11:58 . 2012-10-16 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-16 11:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 14:35 . 2012-10-16 18:36 -------- d-----w- c:\program files\CCleaner 2012-10-15 14:25 . 2012-10-15 14:27 -------- d-----w- c:\program files\LibreOffice 3.6 2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----w- c:\program files\Common Files\Skype 2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----r- c:\program files\Skype 2012-10-13 16:44 . 2012-10-14 19:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Skype 2012-10-13 16:44 . 2012-10-14 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-10-04 15:34 . 2012-10-04 15:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings 2012-09-27 16:29 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2012-09-27 16:29 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax 2012-09-27 16:29 . 2010-01-01 15:41 304640 ----a-w- c:\windows\system32\xvidcore.dll 2012-09-27 16:29 . 2012-09-27 16:29 -------- d-----w- c:\program files\Cassiopeiasoft 2012-09-27 16:22 . 2012-09-27 16:22 -------- d-----w- C:\FlashAudio 2012-09-27 16:21 . 2012-09-27 16:21 -------- d-----w- c:\program files\FLV to MP3 Free Converter 2012-09-26 01:38 . 2012-09-26 01:38 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-09-26 01:38 . 2012-09-26 01:38 421200 ----a-w- c:\windows\system32\msvcp100.dll 2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DownTango 2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\program files\Red Sky 2012-09-23 18:20 . 2012-10-18 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc 2012-09-23 17:33 . 2012-09-23 17:33 -------- d-----w- c:\program files\VideoLAN . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 14:57 . 2012-08-12 19:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 14:57 . 2012-08-12 19:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 16:53 . 2012-09-07 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-07 16:53 . 2012-09-07 16:53 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-07 16:53 . 2012-06-18 11:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-07 16:53 . 2012-06-18 11:31 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 09:13 . 2012-06-11 11:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2012-06-11 11:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-06-11 11:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2012-06-11 11:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-21 09:13 . 2012-06-11 11:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-08-21 09:13 . 2012-06-11 11:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-08-21 09:13 . 2012-06-11 11:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:13 . 2012-06-11 11:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-08-21 09:12 . 2012-06-09 20:24 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2012-06-11 11:28 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-05 11:52 . 2012-08-05 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-08-05 11:52 . 2012-08-05 11:52 348160 ----a-w- c:\windows\system32\msvcr71.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-18 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584] "PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-05 296096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11-6-2012 13:28 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11-6-2012 13:28 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11-6-2012 13:28 21256] R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [11-10-2012 12:49 2309656] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16-10-2012 13:58 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-10-2012 13:58 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-10-2012 13:58 22856] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-8-2012 21:23 250288] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9-6-2012 23:32 1691480] . Inhoud van de 'Gedeelde Taken' map . 2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 15:53] . 2012-10-19 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-30 09:12] . 2012-10-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-18 10:02] . 2012-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-18 10:02] . 2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-09 19:45] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-09 19:45] . 2012-10-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27] . 2012-10-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27] . 2012-10-19 c:\windows\Tasks\User_Feed_Synchronization-{4531271B-4E32-4289-96FD-95188D9EB3CA}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: gob.es\agenciatributaria TCP: DhcpNameServer = 80.58.61.250 80.58.61.254 DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-19 14:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(512) c:\documents and settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-10-19 14:15:07 ComboFix-quarantined-files.txt 2012-10-19 12:15 ComboFix2.txt 2012-10-18 19:09 . Pre-Run: 40.085.147.648 bytes beschikbaar Post-Run: 40.075.169.792 bytes beschikbaar . - - End Of File - - C7505B46058854F4CF85CC0F507E8745

ComboFix 12-10-18.03 - Eigenaar 18-10-2012 21:01:16.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1376 [GMT 2:00] Gestart vanuit: d:\cargado y descargado\Internet\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Eigenaar\WINDOWS c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\FlashPlayerInstaller.exe c:\windows\system32\msstdfmt.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))) . . 2012-10-16 18:36 . 2012-10-18 18:38 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-10-16 12:00 . 2012-10-16 12:00 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-10-16 11:58 . 2012-10-16 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-16 11:58 . 2012-10-16 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-16 11:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 14:35 . 2012-10-16 18:36 -------- d-----w- c:\program files\CCleaner 2012-10-15 14:25 . 2012-10-15 14:27 -------- d-----w- c:\program files\LibreOffice 3.6 2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----w- c:\program files\Common Files\Skype 2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----r- c:\program files\Skype 2012-10-13 16:44 . 2012-10-14 19:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Skype 2012-10-13 16:44 . 2012-10-14 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-10-04 15:34 . 2012-10-04 15:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings 2012-09-27 16:29 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2012-09-27 16:29 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax 2012-09-27 16:29 . 2010-01-01 15:41 304640 ----a-w- c:\windows\system32\xvidcore.dll 2012-09-27 16:29 . 2012-09-27 16:29 -------- d-----w- c:\program files\Cassiopeiasoft 2012-09-27 16:22 . 2012-09-27 16:22 -------- d-----w- C:\FlashAudio 2012-09-27 16:21 . 2012-09-27 16:21 -------- d-----w- c:\program files\FLV to MP3 Free Converter 2012-09-26 01:38 . 2012-09-26 01:38 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-09-26 01:38 . 2012-09-26 01:38 421200 ----a-w- c:\windows\system32\msvcp100.dll 2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DownTango 2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\program files\Red Sky 2012-09-23 18:20 . 2012-10-18 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc 2012-09-23 17:33 . 2012-09-23 17:33 -------- d-----w- c:\program files\VideoLAN . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 14:57 . 2012-08-12 19:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 14:57 . 2012-08-12 19:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 16:53 . 2012-09-07 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-07 16:53 . 2012-09-07 16:53 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-07 16:53 . 2012-06-18 11:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-07 16:53 . 2012-06-18 11:31 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 09:13 . 2012-06-11 11:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2012-06-11 11:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-06-11 11:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2012-06-11 11:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-21 09:13 . 2012-06-11 11:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-08-21 09:13 . 2012-06-11 11:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-08-21 09:13 . 2012-06-11 11:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:13 . 2012-06-11 11:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-08-21 09:12 . 2012-06-09 20:24 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2012-06-11 11:28 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-05 11:52 . 2012-08-05 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-08-05 11:52 . 2012-08-05 11:52 348160 ----a-w- c:\windows\system32\msvcr71.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}"

Logje met Hijack This: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:54:19, on 18-10-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\WINDOWS\Pixart\PAC7302\PACTray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Cargado y Descargado\Internet\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\Pixart\PAC7302\PACTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} (CtlTGVI Class) - https://www5.aeat.es/es13/h/tgvicab.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340309810562 O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} (OAdedinet Class) - https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\applic~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 8532 bytes

De desktop is super traag en hier en daar frozen screens. Let's hope the PC can get back to speedy speed and no frozen screens Voordat ik dit bericht heb geplaatst heb ik de volgende dingen gedaan: - overbodige software verwijderd - minimale progs auto start - back up bestanden - schijfopruimen + CCleaner - vaste schijf controle - controle Avast Free - defragmenteren - MBAM - GMER - DDS Bijlage: 1) MBAM LOG 2) GMER LOG 3) DDS dds.txt mbam-log-2012-10-16 (14-02-16).txt GMER 20121016.log

De desktop is super traag en hier en daar frozen screens. Let's hope the PC can get back to speedy speed and no frozen screens Voordat ik dit bericht heb geplaatst heb ik de volgende dingen gedaan: - overbodige software verwijderd - minimale progs auto start - back up bestanden - schijfopruimen + CCleaner - vaste schijf controle - controle Avast Free - defragmenteren - MBAM - GMER - DDS MBAM LOG Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.10.16.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Eigenaar :: VIVA-LA-VIDA [administrator] Realtime bescherming: Ingeschakeld 16-10-2012 14:02:16 mbam-log-2012-10-16 (14-02-16).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 205361 Verstreken tijd: 3 minuut/minuten, 29 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) GMER LOG GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2012-10-16 14:33:26 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD501LJ rev.CR100-13 Running: gmer.exe; Driver: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\kwrdrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB4432708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB45057C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB443311C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4474401] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB443DF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB443DF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB443E0F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB4473DB5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB443DE96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB443DFB8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB443DEDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB4433310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB443E0B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB4433A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4432756] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4474AC7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB4474D7D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB44370E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4474932] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB447479D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB45058AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB44323BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB44327A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB4437456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB4434464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB443DF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB443DF96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB443E11A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4474111] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB443DEBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB4436C5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB443E03A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB443DF06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB4436E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB443E0D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB4505A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4474618] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4434330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB447446A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB4433EDA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB451130E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4473428] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB44327F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB4432840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB443391C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB4432448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB44325F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4474BCE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB443259E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB4433BFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB4433D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB4432668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB4433632] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB4433794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB443288E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB4433160] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB451D966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [F2, 27, 43, B4, 40, 28, 43, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [FE, 3B, 43, B4, 5A, 3D, 43, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B4434AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B451A806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B451C320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B451D96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70FF3C0, 0x95AECA, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B4438A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B443895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B4438918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP B4437FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP B44376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP B4438BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP B4438DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP B443881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP B44375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B443808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B4437B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B4437E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP B4437592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP B44389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP B4437C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP B4437DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP B44380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP B4438B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP B4438D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP B4437FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP B4437756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP B4437866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP B443793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP B4437A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP B443748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP B4437FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP B4437682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP B4437812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP B4437F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP B4438C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!WriteFile 7C7E0E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[244] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\System32\smss.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[796] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXBCES.EXE[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\LEXBCES.EXE[1552] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\spoolsv.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1592] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1724] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] user32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01484540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003D1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003D0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003D0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003D0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003D0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003D01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003D03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003D0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 012E4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2584] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00290804 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00290A08 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00290600 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002901F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002903FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002A1014 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002A0804 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002A0A08 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002A0C0C .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002A0E10 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002A01F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002A03FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002A0600 .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[3104] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00381014 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00380804 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00380A08 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00380C0C .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00380E10 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003801F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003803FC .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00380600 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002E0804 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002E0A08 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002E0600 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002E01F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00AE1014 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00AE0804 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00AE0A08 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00AE0C0C .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00AE0E10 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 00AE01F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00AE03FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00AE0600 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00AB0804 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00AB0A08 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00AB0600 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00AB01F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00AB03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 011B4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- EOF - GMER 1.0.15 ---- DDS DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2 Run by Eigenaar at 14:33:47 on 2012-10-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1499 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\WINDOWS\Pixart\PAC7302\PACTray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=114352&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=e0e64d6100000000000000c0ca4aa355 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\eigenaar\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Facebook Update] "c:\documents and settings\eigenaar\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [RTHDCPL] RTHDCPL.EXE mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [PACTray] c:\windows\pixart\pac7302\PACTray.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1339268007800 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340309810562 DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 80.58.61.250 80.58.61.254 TCP: Interfaces\{D55D2320-82BC-4694-8442-62FA7C1FBAE6} : DHCPNameServer = 80.58.61.250 80.58.61.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-11 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-11 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-11 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-11 44808] R2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2309656] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 399432] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-6-9 917760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-16 676936] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-12 250288] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-6-9 1691480] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-16 22856] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-10-09 14:57:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 14:57:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 16:53:32 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-07 16:53:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-07 16:53:30 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-07 16:53:30 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:17:28 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17:20 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:32 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53:52 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27:33 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27:32 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr 2012-08-05 11:52:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-08-05 11:52:07 348160 ----a-w- c:\windows\system32\msvcr71.dll . ============= FINISH: 14:34:03,48 ===============

yeps die ook test print gemaakt en ook wat "officiële" documenten

yeps

Btje later dan gepland, maar ja... ondertussen ook weer thuis werken en de nodige updates installeren. Dat laatste blijft altijd weer een sport op zich qua uithoudingsvermogen en geduld. Waar het namelijk niet dat voor het functioneren van de printer er toch een gehele schone OS geinstalleerd mocht worden. Gezien ik een back up had van mn bestanden én ook nog altijd op een andere partitie... alles gebleven zoals het was. Thanks voor alles!!

de wonderen zijn de wereld nog niet uit, maar ik heb de cd in het NL geleend en... er is hoop

ik ga nogmaals checken of ik overal een back up van heb en dan maar een clean installatie maken. Weet ni hou t bij jou zit, maar ik begin er toch nu wel iets van genoeg van te krijgen ... thanks iig voor al je hulp, geduld en creativiteit! Mocht ook de clean one een foutmelding geven (sta nu nergens meer van te kijken) ... zal ik deze site weer bezoeken

Met mn goede gedrag bezig gegaan, maar ... binnen no time: Setup cannot find the End User Licensing Agreement EULA Betekent dit nu daadwerkelijk dat alleen nog een clean installatie een optie is? Of...

Dank je! Ik heb de CD gebrand. Aankomende vrijdagavond zal ik het toepassen. Dit gezien ik nog met deze pc de komende dagen vanuit huis mag werken en straks het niet werkt en wellicht dingen kwijt ga zijn. Wilde wel laten weten dat ik er mee bezig ben

Hmmm helaas niet.

Op deze site staat een link, ook naar SP 2 en 3 How to obtain Windows XP Setup disks for a floppy boot installation

Super! Kan ik Windows XP cd maken door het .exe bestand (XP Home Edition) van Microsoft pagina te downloaden en vervolgens te branden?

Hier wordt wellicht naar de serial gevraagd van XP. Nu heb ik deze niet meer. Kan ik het d an alsnog afbreken of ben ik dan per definitie al mn gegevens enzo kwijt? Licht het aan mij of is het gewoon weg het makkelijkst een nieuw besturingssysteem aan te schaffen? Back Up maken van m'n files en vervolgens nieuwe installeren.

Ik heb dit getracht te doen. Echter blijft het bij de vraag welke OS ik wil gebruiken, waarna ik spaak loop. Als ik met '1' aangeef dat ik gebruik wil maken van mijn Home Edition, dan krijg ik c:/windows en that's it....

Keuze voor opstarten in veilige modus, of met netwerkmogelijkheden, of met opdrachtprompt. Andere mogelijkheid is o.a. opstarten via Microsoft Windows Recovery Console maar dat staat niet bij veilige modus.

Is er ergens een manier om alsnog het probleem te verhelpen? Ik krijg het idee dat er toch meer met mn systeem aan de hand is. Er volgen meer momenten dat de OS er mee staakt en ik de pc opnieuw mag opstarten.