Ga naar inhoud

Traaaaage PC en frozen screens


Aanbevolen berichten

De desktop is super traag en hier en daar frozen screens. Let's hope the PC can get back to speedy speed and no frozen screens

Voordat ik dit bericht heb geplaatst heb ik de volgende dingen gedaan:

- overbodige software verwijderd

- minimale progs auto start

- back up bestanden

- schijfopruimen + CCleaner

- vaste schijf controle

- controle Avast Free

- defragmenteren

- MBAM

- GMER

- DDS

MBAM LOG

Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400

Malwarebytes : Free anti-malware download

Databaseversie: v2012.10.16.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Eigenaar :: VIVA-LA-VIDA [administrator]

Realtime bescherming: Ingeschakeld

16-10-2012 14:02:16

mbam-log-2012-10-16 (14-02-16).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 205361

Verstreken tijd: 3 minuut/minuten, 29 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

GMER LOG

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-16 14:33:26

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD501LJ rev.CR100-13

Running: gmer.exe; Driver: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\kwrdrpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB4432708]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB45057C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB443311C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4474401]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB443DF28]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB443DF74]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB443E0F6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB4473DB5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB443DE96]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB443DFB8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB443DEDE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB4433310]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB443E0B0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB4433A9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4432756]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4474AC7]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB4474D7D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB44370E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4474932]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB447479D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB45058AC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB44323BE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB44327A4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB4437456]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB4434464]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB443DF52]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB443DF96]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB443E11A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4474111]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB443DEBC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB4436C5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB443E03A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB443DF06]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB4436E8C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB443E0D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB4505A2C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4474618]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4434330]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB447446A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB4433EDA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB451130E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4473428]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB44327F2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB4432840]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB443391C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB4432448]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB44325F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4474BCE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB443259E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB4433BFE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB4433D5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB4432668]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB4433632]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB4433794]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB443288E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB4433160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB451D966]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [F2, 27, 43, B4, 40, 28, 43, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [FE, 3B, 43, B4, 5A, 3D, 43, ...]

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B4434AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B451A806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B451C320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B451D96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70FF3C0, 0x95AECA, 0xE8000020]

.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B4438A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B443895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B4438918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP B4437FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP B44376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP B4438BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP B4438DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP B443881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP B44375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B443808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B4437B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B4437E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP B4437592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP B44389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP B4437C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP B4437DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP B44380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP B4438B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP B4438D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP B4437FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP B4437756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP B4437866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP B443793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP B4437A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP B443748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP B4437FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP B4437682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP B4437812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP B4437F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP B4438C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!WriteFile 7C7E0E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\SearchIndexer.exe[244] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\System32\smss.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[796] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\LEXBCES.EXE[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\LEXBCES.EXE[1552] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\LEXPPS.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\LEXPPS.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\LEXPPS.EXE[1588] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\spoolsv.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1592] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1724] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[1976] user32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8

.text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01484540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003D1014

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003D0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003D0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003D0C0C

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003D0E10

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003D01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003D03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003D0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 012E4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC

.text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[2584] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00290804

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00290A08

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00290600

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002901F8

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002903FC

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002A1014

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002A0804

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002A0A08

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002A0C0C

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002A0E10

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002A01F8

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002A03FC

.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002A0600

.text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\RTHDCPL.EXE[3104] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00381014

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00380804

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00380A08

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00380C0C

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00380E10

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003801F8

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003803FC

.text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00380600

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8

.text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8

.text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002E03FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC

.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[3520] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00AE1014

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00AE0804

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00AE0A08

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00AE0C0C

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00AE0E10

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 00AE01F8

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00AE03FC

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00AE0600

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00AB0804

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00AB0A08

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00AB0600

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00AB01F8

.text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00AB03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 011B4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Eigenaar at 14:33:47 on 2012-10-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1499 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\Pixart\PAC7302\PACTray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=114352&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=e0e64d6100000000000000c0ca4aa355

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\eigenaar\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "c:\documents and settings\eigenaar\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [PACTray] c:\windows\pixart\pac7302\PACTray.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1339268007800

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340309810562

DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab

DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 80.58.61.250 80.58.61.254

TCP: Interfaces\{D55D2320-82BC-4694-8442-62FA7C1FBAE6} : DHCPNameServer = 80.58.61.250 80.58.61.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-11 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-11 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-11 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-11 44808]

R2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2309656]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 399432]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-6-9 917760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-16 676936]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-12 250288]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-6-9 1691480]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-16 22856]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-10-09 14:57:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:57:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-07 16:53:32 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-07 16:53:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-07 16:53:30 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-07 16:53:30 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-28 15:17:28 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17:20 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17:19 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:32 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53:52 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27:33 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27:32 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr

2012-08-05 11:52:07 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-05 11:52:07 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

============= FINISH: 14:34:03,48 ===============

Link naar reactie
Delen op andere sites


Download HijackThis

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER

Link naar reactie
Delen op andere sites

Logje met Hijack This:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:54:19, on 18-10-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\Pixart\PAC7302\PACTray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

D:\Cargado y Descargado\Internet\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\Pixart\PAC7302\PACTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} (CtlTGVI Class) - https://www5.aeat.es/es13/h/tgvicab.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340309810562

O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} (OAdedinet Class) - https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\applic~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 8532 bytes

Link naar reactie
Delen op andere sites


Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop "Browser Manager" en druk op Enter.

Tik in: sc delete "Browser Manager" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\applic~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-10-18.03 - Eigenaar 18-10-2012 21:01:16.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1376 [GMT 2:00]

Gestart vanuit: d:\cargado y descargado\Internet\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Eigenaar\WINDOWS

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\FlashPlayerInstaller.exe

c:\windows\system32\msstdfmt.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))

.

.

2012-10-16 18:36 . 2012-10-18 18:38 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-10-16 12:00 . 2012-10-16 12:00 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2012-10-16 11:58 . 2012-10-16 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-16 11:58 . 2012-10-16 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-16 11:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 14:35 . 2012-10-16 18:36 -------- d-----w- c:\program files\CCleaner

2012-10-15 14:25 . 2012-10-15 14:27 -------- d-----w- c:\program files\LibreOffice 3.6

2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----w- c:\program files\Common Files\Skype

2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----r- c:\program files\Skype

2012-10-13 16:44 . 2012-10-14 19:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Skype

2012-10-13 16:44 . 2012-10-14 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-10-04 15:34 . 2012-10-04 15:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings

2012-09-27 16:29 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2012-09-27 16:29 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax

2012-09-27 16:29 . 2010-01-01 15:41 304640 ----a-w- c:\windows\system32\xvidcore.dll

2012-09-27 16:29 . 2012-09-27 16:29 -------- d-----w- c:\program files\Cassiopeiasoft

2012-09-27 16:22 . 2012-09-27 16:22 -------- d-----w- C:\FlashAudio

2012-09-27 16:21 . 2012-09-27 16:21 -------- d-----w- c:\program files\FLV to MP3 Free Converter

2012-09-26 01:38 . 2012-09-26 01:38 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-09-26 01:38 . 2012-09-26 01:38 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DownTango

2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\program files\Red Sky

2012-09-23 18:20 . 2012-10-18 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc

2012-09-23 17:33 . 2012-09-23 17:33 -------- d-----w- c:\program files\VideoLAN

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 14:57 . 2012-08-12 19:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:57 . 2012-08-12 19:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-07 16:53 . 2012-09-07 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-07 16:53 . 2012-09-07 16:53 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-07 16:53 . 2012-06-18 11:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-07 16:53 . 2012-06-18 11:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-21 09:13 . 2012-06-11 11:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2012-06-11 11:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-06-11 11:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2012-06-11 11:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-08-21 09:13 . 2012-06-11 11:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-08-21 09:13 . 2012-06-11 11:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-08-21 09:13 . 2012-06-11 11:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:13 . 2012-06-11 11:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-08-21 09:12 . 2012-06-09 20:24 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2012-06-11 11:28 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-05 11:52 . 2012-08-05 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-05 11:52 . 2012-08-05 11:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

Link naar reactie
Delen op andere sites


Bizar. Ik heb ComboFix net nog eens gedraaid en het log gekopieerd.

ComboFix 12-10-18.03 - Eigenaar 19-10-2012 14:09:49.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1359 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-19 to 2012-10-19 ))))))))))))))))))))))))))))))

.

.

2012-10-16 18:36 . 2012-10-18 18:38 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-10-16 12:00 . 2012-10-16 12:00 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2012-10-16 11:58 . 2012-10-16 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-16 11:58 . 2012-10-16 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-16 11:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 14:35 . 2012-10-16 18:36 -------- d-----w- c:\program files\CCleaner

2012-10-15 14:25 . 2012-10-15 14:27 -------- d-----w- c:\program files\LibreOffice 3.6

2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----w- c:\program files\Common Files\Skype

2012-10-14 15:35 . 2012-10-14 15:35 -------- d-----r- c:\program files\Skype

2012-10-13 16:44 . 2012-10-14 19:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Skype

2012-10-13 16:44 . 2012-10-14 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-10-04 15:34 . 2012-10-04 15:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings

2012-09-27 16:29 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2012-09-27 16:29 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax

2012-09-27 16:29 . 2010-01-01 15:41 304640 ----a-w- c:\windows\system32\xvidcore.dll

2012-09-27 16:29 . 2012-09-27 16:29 -------- d-----w- c:\program files\Cassiopeiasoft

2012-09-27 16:22 . 2012-09-27 16:22 -------- d-----w- C:\FlashAudio

2012-09-27 16:21 . 2012-09-27 16:21 -------- d-----w- c:\program files\FLV to MP3 Free Converter

2012-09-26 01:38 . 2012-09-26 01:38 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-09-26 01:38 . 2012-09-26 01:38 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DownTango

2012-09-24 15:59 . 2012-09-24 16:03 -------- d-----w- c:\program files\Red Sky

2012-09-23 18:20 . 2012-10-18 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc

2012-09-23 17:33 . 2012-09-23 17:33 -------- d-----w- c:\program files\VideoLAN

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 14:57 . 2012-08-12 19:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:57 . 2012-08-12 19:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-07 16:53 . 2012-09-07 16:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-07 16:53 . 2012-09-07 16:53 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-07 16:53 . 2012-06-18 11:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-07 16:53 . 2012-06-18 11:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-21 09:13 . 2012-06-11 11:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2012-06-11 11:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-06-11 11:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2012-06-11 11:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-08-21 09:13 . 2012-06-11 11:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-08-21 09:13 . 2012-06-11 11:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-08-21 09:13 . 2012-06-11 11:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:13 . 2012-06-11 11:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-08-21 09:12 . 2012-06-09 20:24 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2012-06-11 11:28 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-05 11:52 . 2012-08-05 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-05 11:52 . 2012-08-05 11:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-18 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]

"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-05 296096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11-6-2012 13:28 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11-6-2012 13:28 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11-6-2012 13:28 21256]

R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [11-10-2012 12:49 2309656]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16-10-2012 13:58 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-10-2012 13:58 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-10-2012 13:58 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-8-2012 21:23 250288]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9-6-2012 23:32 1691480]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 15:53]

.

2012-10-19 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-30 09:12]

.

2012-10-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-18 10:02]

.

2012-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-18 10:02]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-09 19:45]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-688789844-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-09 19:45]

.

2012-10-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]

.

2012-10-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]

.

2012-10-19 c:\windows\Tasks\User_Feed_Synchronization-{4531271B-4E32-4289-96FD-95188D9EB3CA}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: gob.es\agenciatributaria

TCP: DhcpNameServer = 80.58.61.250 80.58.61.254

DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab

DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab

DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-19 14:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(512)

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-10-19 14:15:07

ComboFix-quarantined-files.txt 2012-10-19 12:15

ComboFix2.txt 2012-10-18 19:09

.

Pre-Run: 40.085.147.648 bytes beschikbaar

Post-Run: 40.075.169.792 bytes beschikbaar

.

- - End Of File - - C7505B46058854F4CF85CC0F507E8745

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...