ComboFix 09-01-21.04 - fret en co 2009-01-23 13:50:42.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1016.502 [GMT 1:00] Running from: c:\documents and settings\fret en co\Bureaublad\ComboFix.exe Command switches used :: c:\documents and settings\fret en co\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: ZoneAlarm Anti-Spyware Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.WINDOWS\Application Data\SweetIM c:\documents and settings\All Users.WINDOWS\Application Data\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp c:\documents and settings\All Users.WINDOWS\Application Data\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml c:\program files\SweetIM c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt . ((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-23 13:47 . 2009-01-23 13:47 399,872 --a------ c:\windows\system32\CF11953.exe 2009-01-21 19:03 . 2009-01-21 19:03 d-------- c:\program files\MyFantasyMaker 2009-01-18 12:55 . 2009-01-18 12:55 d-------- c:\program files\CAVS 2009-01-17 23:02 . 2009-01-17 23:09 d-------- c:\documents and settings\fret en co\Application Data\COWON 2009-01-17 22:36 . 2009-01-17 22:36 d-------- c:\program files\FlashPlayer 2009-01-17 17:53 . 2009-01-17 19:39 d-------- c:\documents and settings\fret en co\Application Data\Doblon 2009-01-17 17:27 . 2009-01-21 22:07 d-------- c:\program files\Doblon 2009-01-17 17:27 . 2009-01-22 08:57 d-------- c:\program files\Conduit 2009-01-11 15:31 . 2009-01-11 15:31 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Super X Studios 2009-01-11 15:29 . 2009-01-11 15:29 d-------- c:\program files\Xplosiv 2009-01-10 18:49 . 2009-01-10 18:49 d-------- c:\program files\7-Zip 2009-01-10 14:57 . 2009-01-10 14:57 d-------- c:\documents and settings\fret en co\Application Data\Media Player Classic 2009-01-07 13:19 . 2003-01-10 10:56 30,921 --a------ c:\windows\system32\drivers\SQCaptur.sys 2009-01-07 13:19 . 2003-01-10 09:30 25,449 --a------ c:\windows\system32\drivers\SQCamD.sys 2009-01-05 20:41 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-01-05 20:41 . 2008-04-14 00:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-01-05 20:33 . 2009-01-05 20:33 d-------- c:\documents and settings\fret en co\Application Data\BT 2009-01-05 20:33 . 2009-01-05 20:33 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BT 2009-01-05 20:32 . 2009-01-21 22:04 d-------- c:\program files\BT Softphone 2 2008-12-31 16:03 . 2008-12-31 16:15 d-------- c:\program files\Microsoft IntelliPoint 2008-12-31 15:21 . 2009-01-03 21:33 d-------- c:\program files\SpacialAudio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 19:04 6,724,690 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-01-22 07:57 --------- d-----w c:\program files\OXXOGames 2009-01-21 20:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-18 13:45 --------- d-----w c:\documents and settings\fret en co\Application Data\uTorrent 2009-01-18 11:55 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 20:27 --------- d-----w c:\documents and settings\fret en co\Application Data\OpenOffice.org2 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-10 16:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink 2009-01-10 16:16 --------- d-----w c:\documents and settings\fret en co\Application Data\Vso 2009-01-10 16:11 --------- d-----w c:\documents and settings\fret en co\Application Data\dvdcss 2008-12-31 15:17 --------- d-----w c:\program files\Microsoft IntelliType Pro 2008-12-22 20:03 --------- d-----w c:\program files\LSoft Technologies Inc 2008-12-19 22:00 --------- d-----w c:\program files\Java 2008-12-19 21:56 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-19 09:29 --------- d-----w c:\program files\UnderCoverXP 2008-12-18 20:11 --------- d-----w c:\program files\Firebird 2008-12-15 16:18 58,115 ----a-w c:\documents and settings\fret en co\Application Data\mdb.bin 2008-12-15 16:17 --------- d-----w c:\program files\Blokker Fotoservice 2008-11-13 22:13 2,739,200 ----a-w c:\windows\Internet Logs\xDB1.tmp 2008-11-13 22:13 2,135,040 ----a-w c:\windows\Internet Logs\xDB2.tmp 2007-09-28 20:28 47,360 ----a-w c:\documents and settings\fret en co\Application Data\pcouffin.sys 2007-02-06 19:09 87,608 ----a-w c:\documents and settings\Eigenaar\Application Data\ezpinst.exe 2007-02-06 19:09 47,360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2006-11-13 21:18 49 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb41.dat 2006-11-13 21:17 337 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb1942.dat 2006-11-12 20:09 20,480 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb4827.dat 2006-11-12 20:08 9,216 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb8467.dat 2006-11-12 20:08 0 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb6334.dat 2006-11-12 20:08 0 ----a-w c:\documents and settings\Eigenaar\Application Data\internaldb5436.dat 2007-05-22 17:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-22 17:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-22_20.11.29.96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-26 09:36:16 58,732 ----a-w c:\windows\system32\perfc009.dat + 2009-01-22 19:09:29 58,732 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 09:36:16 76,816 ----a-w c:\windows\system32\perfc013.dat + 2009-01-22 19:09:29 76,816 ----a-w c:\windows\system32\perfc013.dat - 2008-10-26 09:36:16 392,432 ----a-w c:\windows\system32\perfh009.dat + 2009-01-22 19:09:29 392,432 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 09:36:16 455,928 ----a-w c:\windows\system32\perfh013.dat + 2009-01-22 19:09:29 455,928 ----a-w c:\windows\system32\perfh013.dat + 2009-01-23 08:07:13 16,384 ----atw c:\windows\temp\Perflib_Perfdata_484.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2008-09-04 2023424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WUSB54GPv4"="c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-12-05 8523776] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-12-05 81920] "BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 114688] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-16 163840] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ LocalCooling.lnk - c:\program files\Uniblue\LocalCooling\localcooling2.exe [2008-02-29 5054464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 11:32 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.dvsd"= pdvcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^fret en co^Menu Start^Programma's^Opstarten^Registration Brothers In Arms.LNK] backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] --a------ 2008-09-04 12:22 2023424 c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series] --a------ 2003-09-11 04:00 99840 c:\windows\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2007-04-17 13:03 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC] --a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 14:40 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "usnjsvc"=3 (0x3) "Messenger"=2 (0x2) "LogMeIn"=2 (0x2) "LMIMaint"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "mnmsrvc"=3 (0x3) "Avg7UpdSvc"=2 (0x2) "AASW2_Service"=2 (0x2) "WLSetupSvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Outlook Express"=c:\program files\Outlook Express\msimn.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\downloads programma's\\utorrent.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-01 97928] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704] R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-01 76040] R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-04 12856] R4 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-11-25 8864] R4 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-11-25 8864] R4 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-11-25 8864] R4 WUSB54GPv4SVC;WUSB54GPv4SVC;c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe [2006-09-08 41025] S0 bnftnqm;bnftnqm;c:\windows\system32\drivers\xwqip.sys --> c:\windows\system32\drivers\xwqip.sys [?] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2008-10-11 33536] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-06-05 13352] S3 kaspersky1;kaspersky1;\??\c:\jaja\kaspersky\kaspersky.sys --> c:\jaja\kaspersky\kaspersky.sys [?] S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2008-05-16 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2008-05-16 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2008-05-16 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2008-05-16 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2008-05-16 83344] S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768] S4 eyu342u3aku;Print Spooler Service; [x] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-23 46112] . Contents of the 'Scheduled Tasks' folder 2009-01-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [] 2009-01-23 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-09-28 19:12] 2009-01-15 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-09-28 19:12] 2007-11-02 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2007-04-26 14:39] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.zdnet.be uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\fret en co\Application Data\Mozilla\Firefox\Profiles\50wctp42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.zdnet.be/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\fret en co\Application Data\Mozilla\Firefox\Profiles\50wctp42.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 14:01:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D766FC64-717E-CBB9-82CC-26972586CB79}*] "halcignejkkhnblk"=hex:6b,61,6d,70,67,6b,63,68,6d,65,6b,6c,67,6e,67,6b,6d,62, 6e,6d,6b,70,00,00 "ianaodcnafmihaljdd"=hex:63,61,63,70,6d,68,00,7c "iabcoajcljblojkleo"=hex:6b,61,6d,70,67,6b,63,68,6d,65,6b,6c,67,6e,67,6b,6d,62, 6e,6d,6b,70,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\LMIinit.dll . Completion time: 2009-01-23 14:02:39 ComboFix-quarantined-files.txt 2009-01-23 13:01:39 ComboFix2.txt 2009-01-22 19:13:49 Pre-Run: 18.858.770.432 bytes beschikbaar Post-Run: 18,821,275,648 bytes beschikbaar 298 --- E O F --- 2008-07-11 18:23:30