Ga naar inhoud

paint shop pro XI

west

Door west
in Archief Andere software

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

De malware waar Stegisoft aan dacht, blijkt alvast niet uit dit logje. Maar doe nog even dit :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites
west Leerling

west

Geplaatst:
  • Auteur
Geplaatst:

hier is het log van combofix .

ComboFix 09-09-23.02 - steve 09/25/2009 11:06.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.102 [GMT 2:00]

Running from: c:\documents and settings\steve\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx

c:\windows\Installer\a7e09.msi

.

((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))

.

2009-09-24 06:50 . 2009-09-24 06:50 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\MiTAC_International_Corpo

2009-09-24 06:42 . 2009-09-24 06:42 -------- d-----w- c:\program files\Mio Technology

2009-09-24 06:40 . 2009-09-24 06:40 -------- d-----w- c:\documents and settings\steve\Application Data\InstallShield

2009-09-22 18:33 . 2009-09-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData

2009-09-22 15:52 . 2009-09-22 15:52 -------- d-----w- c:\documents and settings\steve\Application Data\Bandoo

2009-09-22 15:51 . 2009-09-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo

2009-09-22 15:50 . 2009-09-22 15:51 -------- d-----w- c:\program files\Bandoo

2009-09-22 13:46 . 2009-09-22 13:46 108544 ------w- c:\windows\system32\pxcpyi64.exe

2009-09-22 13:46 . 2009-09-22 13:46 109568 ------w- c:\windows\system32\pxinsi64.exe

2009-09-22 11:34 . 2009-09-22 11:34 -------- d-----w- c:\program files\Corel

2009-09-12 05:52 . 2009-09-12 05:52 -------- d-----w- c:\documents and settings\steve\Application Data\Ahead

2009-09-12 05:51 . 2009-09-12 05:51 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Ahead

2009-09-12 05:42 . 2004-10-13 12:28 2277376 ------w- c:\windows\UNNMP.exe

2009-09-12 05:40 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys

2009-09-12 05:40 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys

2009-09-12 05:39 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2009-09-12 05:33 . 2004-10-22 15:12 2293760 ------w- c:\windows\UNNeroVision.exe

2009-09-12 05:33 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll

2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead

2009-09-12 05:32 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll

2009-09-12 05:32 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll

2009-09-12 05:32 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll

2009-09-12 05:32 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll

2009-09-12 05:32 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll

2009-09-12 05:32 . 2001-06-26 05:15 38912 ------w- c:\windows\system32\picn20.dll

2009-09-12 05:32 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2009-09-12 05:32 . 2009-09-12 05:38 -------- d-----w- c:\program files\Common Files\Ahead

2009-09-12 05:32 . 2009-09-12 05:41 -------- d-----w- c:\program files\Ahead

2009-09-09 11:36 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-08-27 17:25 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-24 06:42 . 2009-07-19 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-22 22:01 . 2009-07-19 10:22 -------- d-----w- c:\documents and settings\steve\Application Data\Skype

2009-09-22 22:01 . 2009-07-19 10:27 -------- d-----w- c:\documents and settings\steve\Application Data\skypePM

2009-09-22 17:09 . 2009-07-19 16:30 -------- d-----w- c:\documents and settings\steve\Application Data\vlc

2009-09-22 15:53 . 2009-07-18 20:14 72000 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-22 13:54 . 2009-07-19 12:24 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-10 15:15 . 2009-07-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-23 11:07 . 2009-08-23 11:07 -------- d-----w- c:\program files\Alwil Software

2009-08-23 10:42 . 2009-07-19 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-17 16:10 . 2009-08-23 11:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2009-08-23 11:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2009-08-23 11:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2009-08-23 11:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-08-23 11:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2009-08-23 11:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-08-23 11:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2009-08-23 11:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2009-08-23 11:07 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-14 18:58 . 2009-07-21 19:14 -------- d-----w- c:\documents and settings\steve\Application Data\dvdcss

2009-08-13 08:53 . 2009-08-13 08:53 -------- d-----w- c:\program files\Microsoft Works

2009-08-13 08:53 . 2009-07-18 19:39 -------- d-----w- c:\program files\MSBuild

2009-08-13 08:52 . 2009-08-13 08:52 -------- d-----w- c:\program files\Microsoft.NET

2009-08-13 08:49 . 2009-08-13 08:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\steve\Application Data\Uniblue

2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

2009-08-09 16:04 . 2009-07-19 10:42 -------- d-----w- c:\program files\Uniblue

2009-08-06 15:36 . 2009-08-06 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth

2009-08-06 15:31 . 2009-08-06 15:31 -------- d-----w- c:\program files\IVT Corporation

2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-02 09:35 . 2009-08-02 09:35 -------- d-----w- c:\program files\GPLGS

2009-08-02 09:27 . 2009-08-02 09:27 -------- d-----w- c:\program files\Acro Software

2009-08-02 08:13 . 2009-08-02 08:13 -------- d-----w- c:\program files\microsoft frontpage

2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-21 16:33 . 2009-07-21 16:33 164 ----a-w- c:\windows\install.dat

2009-07-21 15:46 . 2009-07-21 15:33 104676 ----a-w- c:\windows\hpoins04.dat

2009-07-19 10:39 . 2009-07-19 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-19 10:29 . 2009-07-19 10:29 128 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\fusioncache.dat

2009-07-19 10:27 . 2009-07-19 10:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-07-19 07:49 . 2009-07-19 07:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys

2009-07-19 07:37 . 2009-07-19 07:38 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-18 20:21 . 2009-07-18 20:21 0 ----a-w- c:\windows\nsreg.dat

2009-07-18 20:20 . 2009-07-18 20:20 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-07-18 19:45 . 2009-09-22 11:10 71680 ----a-w- c:\documents and settings\Administrator\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 20:12 71680 ----a-w- c:\documents and settings\steve\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 20:07 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 19:45 71680 ----a-w- c:\documents and settings\Default User\GLB2ABB.tmp

2009-07-18 19:24 . 2009-07-18 19:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2008-07-30 19:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:23 . 2008-07-30 19:29 828928 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:23 . 2008-07-30 19:29 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:23 . 2008-07-30 19:28 17408 ----a-w- c:\windows\system32\corpol.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1277440]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\steve\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\steve\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-7-18 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/23/2009 1:07 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2009 1:07 PM 20560]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/21/2009 6:36 PM 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{747EFB34-D356-4DC9-BF68-5700ED1A0A45}.job

- c:\windows\system32\msfeedssync.exe [2009-07-18 16:36]

2009-09-20 c:\windows\Tasks\wrSpySweeper_L61CD07705F6244FDA5B685D41125D4D1.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-21 13:40]

2009-09-20 c:\windows\Tasks\wrSpySweeper_L61CD07705F6244FDA5B685D41125D4D1.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-21 13:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\jizk43nh.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Resource Hacker 3.4.0 - c:\windows\Resource Hacker 3.4.0\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-25 11:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-09-25 11:13

ComboFix-quarantined-files.txt 2009-09-25 09:13

Pre-Run: 167,689,723,904 bytes free

Post-Run: 167,668,944,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

213 --- E O F --- 2009-09-25 05:47

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\pxcpyi64.exe

c:\windows\system32\pxinsi64.exe

Registry::

[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
west Leerling

west

Geplaatst:
  • Auteur
Geplaatst:

combifix =

ComboFix 09-09-23.02 - steve 09/25/2009 12:34.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.174 [GMT 2:00]

Running from: c:\documents and settings\steve\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\steve\Desktop\CFScript.txt..txt

AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\system32\pxcpyi64.exe"

"c:\windows\system32\pxinsi64.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\pxcpyi64.exe

c:\windows\system32\pxinsi64.exe

K:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))

.

2009-09-24 06:50 . 2009-09-24 06:50 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\MiTAC_International_Corpo

2009-09-24 06:42 . 2009-09-24 06:42 -------- d-----w- c:\program files\Mio Technology

2009-09-24 06:40 . 2009-09-24 06:40 -------- d-----w- c:\documents and settings\steve\Application Data\InstallShield

2009-09-22 18:33 . 2009-09-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData

2009-09-22 15:52 . 2009-09-22 15:52 -------- d-----w- c:\documents and settings\steve\Application Data\Bandoo

2009-09-22 15:51 . 2009-09-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo

2009-09-22 15:50 . 2009-09-22 15:51 -------- d-----w- c:\program files\Bandoo

2009-09-22 11:34 . 2009-09-22 11:34 -------- d-----w- c:\program files\Corel

2009-09-12 05:52 . 2009-09-12 05:52 -------- d-----w- c:\documents and settings\steve\Application Data\Ahead

2009-09-12 05:51 . 2009-09-12 05:51 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Ahead

2009-09-12 05:42 . 2004-10-13 12:28 2277376 ------w- c:\windows\UNNMP.exe

2009-09-12 05:40 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys

2009-09-12 05:40 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys

2009-09-12 05:39 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2009-09-12 05:33 . 2004-10-22 15:12 2293760 ------w- c:\windows\UNNeroVision.exe

2009-09-12 05:33 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll

2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead

2009-09-12 05:32 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll

2009-09-12 05:32 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll

2009-09-12 05:32 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll

2009-09-12 05:32 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll

2009-09-12 05:32 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll

2009-09-12 05:32 . 2001-06-26 05:15 38912 ------w- c:\windows\system32\picn20.dll

2009-09-12 05:32 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2009-09-12 05:32 . 2009-09-12 05:38 -------- d-----w- c:\program files\Common Files\Ahead

2009-09-12 05:32 . 2009-09-12 05:41 -------- d-----w- c:\program files\Ahead

2009-09-09 11:36 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-08-27 17:25 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-24 06:42 . 2009-07-19 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-22 22:01 . 2009-07-19 10:22 -------- d-----w- c:\documents and settings\steve\Application Data\Skype

2009-09-22 22:01 . 2009-07-19 10:27 -------- d-----w- c:\documents and settings\steve\Application Data\skypePM

2009-09-22 17:09 . 2009-07-19 16:30 -------- d-----w- c:\documents and settings\steve\Application Data\vlc

2009-09-22 15:53 . 2009-07-18 20:14 72000 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-22 13:54 . 2009-07-19 12:24 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-10 15:15 . 2009-07-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-23 11:07 . 2009-08-23 11:07 -------- d-----w- c:\program files\Alwil Software

2009-08-23 10:42 . 2009-07-19 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-17 16:10 . 2009-08-23 11:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2009-08-23 11:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2009-08-23 11:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2009-08-23 11:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-08-23 11:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2009-08-23 11:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-08-23 11:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2009-08-23 11:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2009-08-23 11:07 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-14 18:58 . 2009-07-21 19:14 -------- d-----w- c:\documents and settings\steve\Application Data\dvdcss

2009-08-13 08:53 . 2009-08-13 08:53 -------- d-----w- c:\program files\Microsoft Works

2009-08-13 08:53 . 2009-07-18 19:39 -------- d-----w- c:\program files\MSBuild

2009-08-13 08:52 . 2009-08-13 08:52 -------- d-----w- c:\program files\Microsoft.NET

2009-08-13 08:49 . 2009-08-13 08:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\steve\Application Data\Uniblue

2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

2009-08-09 16:04 . 2009-07-19 10:42 -------- d-----w- c:\program files\Uniblue

2009-08-06 15:36 . 2009-08-06 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth

2009-08-06 15:31 . 2009-08-06 15:31 -------- d-----w- c:\program files\IVT Corporation

2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-02 09:35 . 2009-08-02 09:35 -------- d-----w- c:\program files\GPLGS

2009-08-02 09:27 . 2009-08-02 09:27 -------- d-----w- c:\program files\Acro Software

2009-08-02 08:13 . 2009-08-02 08:13 -------- d-----w- c:\program files\microsoft frontpage

2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-21 16:33 . 2009-07-21 16:33 164 ----a-w- c:\windows\install.dat

2009-07-21 15:46 . 2009-07-21 15:33 104676 ----a-w- c:\windows\hpoins04.dat

2009-07-19 10:39 . 2009-07-19 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-19 10:29 . 2009-07-19 10:29 128 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\fusioncache.dat

2009-07-19 10:27 . 2009-07-19 10:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-07-19 07:49 . 2009-07-19 07:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys

2009-07-19 07:37 . 2009-07-19 07:38 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-18 20:21 . 2009-07-18 20:21 0 ----a-w- c:\windows\nsreg.dat

2009-07-18 20:20 . 2009-07-18 20:20 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-07-18 19:45 . 2009-09-22 11:10 71680 ----a-w- c:\documents and settings\Administrator\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 20:12 71680 ----a-w- c:\documents and settings\steve\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 20:07 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB2ABB.tmp

2009-07-18 19:45 . 2009-07-18 19:45 71680 ----a-w- c:\documents and settings\Default User\GLB2ABB.tmp

2009-07-18 19:24 . 2009-07-18 19:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2008-07-30 19:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:23 . 2008-07-30 19:29 828928 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:23 . 2008-07-30 19:29 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:23 . 2008-07-30 19:28 17408 ----a-w- c:\windows\system32\corpol.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1277440]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\steve\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\steve\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-7-18 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/23/2009 1:07 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2009 1:07 PM 20560]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/21/2009 6:36 PM 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{747EFB34-D356-4DC9-BF68-5700ED1A0A45}.job

- c:\windows\system32\msfeedssync.exe [2009-07-18 16:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\jizk43nh.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-25 12:39

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-09-25 12:40

ComboFix-quarantined-files.txt 2009-09-25 10:40

ComboFix2.txt 2009-09-25 09:13

Pre-Run: 167,946,702,848 bytes free

Post-Run: 167,943,512,064 bytes free

199 --- E O F --- 2009-09-25 05:47

Hijackthis =

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:51:13 PM, on 9/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21073)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Styler\Styler.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Bandoo\Bandoo.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [incrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\PROGRA~1\Bandoo\BndHook.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--

End of file - 7445 bytes

Link naar reactie
Delen op andere sites
stegisoft Grootmeester

stegisoft

Geplaatst:
Geplaatst:

Ik heb overal gezocht naar uw probleem maar blijkbaar ben je een van de weinige die een probleem heeft.

Bij Corel heb ik ook gekeken en daar was wel iets in die zin te vinden maar of dat ook is kan ik niet weten.

Wat je kan doen is dit:

Verwijdert de videokaartdriver en download de nieuwe versie.

Ik vind het wel vreemd maar het zou mogelijk zijn.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Naast de suggestie van Stegisoft, mag je ook nog dit doen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Qoobox (indien nog aanwezig).

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.