ComboFix 09-09-02.02 - Alain 03/09/2009 17:26.1.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1955 [GMT 2:00] Gestart vanuit: c:\users\Alain\Desktop\ComboFix.exe AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4} FW: Windows Live OneCare - Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-411121997-4282801894-1991765937-500 c:\program files\Common Files\alg.exe c:\windows\clofghls.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))) . 2009-09-03 15:33 . 2009-09-03 15:33 -------- d-----w- c:\users\Alain\AppData\Local\temp 2009-09-03 15:33 . 2009-09-03 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-03 14:04 . 2009-09-03 14:04 -------- d-----w- c:\users\Alain\AppData\Local\Mozilla 2009-09-02 22:24 . 2009-09-02 22:24 -------- d-----w- c:\users\Alain\AppData\Roaming\Malwarebytes 2009-09-02 22:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 22:24 . 2009-09-02 22:24 -------- d-----w- c:\programdata\Malwarebytes 2009-09-02 22:24 . 2009-09-02 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 22:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 12:07 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-02 12:07 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 13:22 . 2003-03-19 09:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll 2009-08-27 13:22 . 2006-09-16 17:44 314368 ----a-w- c:\windows\system32\avisynth.dll 2009-08-27 13:22 . 2004-05-26 19:37 719872 ----a-w- c:\windows\system32\devil.dll 2009-08-27 13:22 . 2009-08-27 23:14 -------- d-----w- c:\program files\Magic Video Converter 2009-08-26 18:10 . 2009-08-26 18:10 -------- d-----w- c:\users\Alain\AppData\Roaming\AVS4YOU 2009-08-26 18:10 . 2009-08-26 18:10 -------- d-----w- c:\programdata\AVS4YOU 2009-08-26 18:06 . 2009-08-26 18:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-08-26 18:06 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-08-26 18:06 . 2009-08-26 18:07 -------- d-----w- c:\program files\AVS4YOU 2009-08-26 16:22 . 2009-08-26 16:22 -------- d-----w- c:\users\Alain\AppData\Roaming\CyberLink 2009-08-26 16:22 . 2009-08-26 16:22 -------- d-----w- c:\users\Public\CyberLink 2009-08-26 16:21 . 2009-08-26 16:29 -------- d-----w- c:\programdata\CyberLink 2009-08-26 16:21 . 2009-08-26 16:21 -------- d-----w- c:\users\Alain\AppData\Local\Cyberlink 2009-08-26 16:20 . 2009-08-26 16:21 -------- d-----w- c:\program files\CyberLink 2009-08-26 00:03 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-23 10:14 . 2009-08-23 10:14 -------- d-----w- c:\windows\system32\Adobe 2009-08-17 21:16 . 2009-08-17 21:16 -------- d-----w- c:\program files\Symantec 2009-08-17 20:41 . 2009-08-17 21:00 -------- d-----w- C:\kevin hdd ff 2009-08-15 19:54 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-15 19:54 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-15 19:54 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-15 19:54 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-15 19:54 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-15 19:54 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-15 19:54 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-15 19:54 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-13 14:52 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-13 14:52 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-13 14:52 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-13 14:52 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-13 14:52 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-13 14:52 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-13 14:52 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-13 14:52 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-10 20:39 . 2009-08-10 20:40 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-08-09 07:19 . 2009-08-09 07:19 -------- d-----w- c:\users\Alain\AppData\Local\Deployment 2009-08-05 23:12 . 2009-08-05 23:18 -------- d-----w- c:\users\Alain\AppData\Local\PokerStars 2009-08-05 23:12 . 2009-08-05 23:59 -------- d-----w- c:\program files\PokerStars . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 15:29 . 2008-05-09 16:28 676772 ----a-w- c:\windows\system32\perfh013.dat 2009-09-03 15:29 . 2008-05-09 16:28 131268 ----a-w- c:\windows\system32\perfc013.dat 2009-09-03 15:21 . 2009-07-14 08:15 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-03 06:55 . 2008-10-03 14:50 -------- d---a-w- c:\program files\Microsoft Windows OneCare Live 2009-08-29 10:44 . 2008-07-05 08:57 -------- d-----w- c:\users\Alain\AppData\Roaming\uTorrent 2009-08-26 16:21 . 2008-05-09 07:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 10:14 . 2008-05-09 07:33 -------- d-----w- c:\program files\Google 2009-08-20 13:24 . 2008-05-09 07:20 -------- d-----w- c:\programdata\NVIDIA 2009-08-13 20:40 . 2008-09-02 14:40 -------- d-----w- c:\programdata\Microsoft Help 2009-08-13 20:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-28 21:54 . 2009-07-28 21:54 -------- d-----w- c:\program files\Bethesda Softworks 2009-07-28 21:49 . 2009-07-28 21:31 -------- d-----w- c:\program files\Empire Total War 2009-07-23 10:53 . 2009-07-23 10:52 -------- d-----w- c:\program files\VirtualDJ 2009-07-22 21:25 . 2008-06-26 16:05 -------- d-----w- c:\programdata\Messenger Plus! 2009-07-21 21:52 . 2009-07-28 17:24 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-28 17:24 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-28 17:24 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-28 17:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-19 14:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-14 15:45 . 2009-07-14 15:45 -------- d-----w- c:\users\Alain\AppData\Roaming\Samsung 2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll 2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-07-14 08:32 . 2009-07-14 08:28 -------- d-----w- c:\program files\Mobiola Web Camera for Windows Mobile 2009-07-14 08:18 . 2009-07-14 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2009-07-09 14:40 . 2009-07-09 14:40 -------- d-----w- c:\program files\Ask Search Assistant 2009-07-09 14:40 . 2008-06-26 12:47 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-07 17:55 . 2009-07-07 17:55 -------- d-----w- c:\program files\Common Files\Logitech 2009-06-29 19:44 . 2009-06-29 19:44 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2009-06-24 18:30 . 2008-08-07 16:21 1356 ----a-w- c:\users\Alain\AppData\Local\d3d9caps.dat 2009-06-15 14:53 . 2009-07-15 07:44 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 14:52 . 2009-07-15 07:44 23552 ----a-w- c:\windows\system32\lpk.dll 2009-06-15 14:52 . 2009-07-15 07:44 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 14:51 . 2009-07-15 07:44 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:42 . 2009-07-15 07:44 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-05-09 17:01 . 2008-05-09 16:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2009-03-22 1728456] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-23 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "MDS_Menu"="c:\program files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-7 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):53,d0,30,08,7c,08,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{11610F1C-D686-4359-A21E-D6DD20EAB6AF}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties "{7FCDAB17-C718-49E5-961B-C595C55F0074}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties "{3288F668-346A-4E1B-A385-03521081BCAE}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs "{3246BF40-B1A5-421F-B580-8030ECE4A4AA}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs "{91EBD3D8-CF4B-468F-B286-B77861BC102A}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{984F08CB-2CE9-4CA2-96F8-D236792073EB}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{8BC281AF-B37A-4B3D-A860-E4AEA93AC15F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{10F65ED5-AD2B-4AB1-AE84-AC71CFAF4DD3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{716A8FA4-47AE-43F1-807D-F74DC802127B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{EBA3D021-DA5F-470E-AB2B-BC0C27CC5694}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{48BA69B4-1C13-44A1-9895-F848A9DFB0EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C3AECDE9-CBD2-4BE7-A2D9-9A6BDE0F7021}"= UDP:c:\program files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault "{D6662EA1-C41E-47E4-9667-118139095CF8}"= TCP:c:\program files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault "{03C88631-0F93-4247-9C3A-67A6CE34FE41}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{3D4C0C10-FD71-4583-BA3C-73723F7C1C76}"= UDP:63331:Windows Live OneCare "{340FBE1E-BC0F-488B-8688-4D46092D002A}"= UDP:63331:Windows Live OneCare "{874A512C-A9D7-40F8-9DD9-E409C1A2654D}"= UDP:63331:Windows Live OneCare "{3970DAEC-E821-4696-B3B6-0DC9EDC2D2FC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{F496E58D-9078-4BBB-B056-31390A79D219}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5E80C0A4-9812-4599-A92E-664AC23E5926}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{D05FA733-E19D-4ADF-8E58-860AF3D25934}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{087EA5C5-E781-44CB-8DED-242C4A3004E9}"= UDP:50000:Windows Live OneCare "{008B1077-5A54-40D2-BD39-22A1B4A9D06D}"= UDP:50000:Windows Live OneCare "{580AE70F-F830-4BC2-A9EA-C1AB660150BC}"= UDP:50000:Windows Live OneCare [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [9/07/2009 12:15 26104] R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\System32\drivers\LSIPNDS.sys [24/06/2008 18:32 96256] S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [14/07/2009 10:15 219264] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/03/2009 15:00 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 19:08 533360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-09-03 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-09 16:38] 2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{7D22474D-7C16-4EAD-A7ED-52C0CBBC0EE0}.job - c:\windows\system32\msfeedssync.exe [2009-07-28 20:13] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-Application Layer Gateway - c:\program files\Common Files\alg.exe . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {FCB85180-E682-4712-BC36-54CA9576C4EF} - hxxp://img.lnm.eu/gaylog/client/MessengerInstaller.cab FF - ProfilePath - c:\users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x1zbmo5k.default\ FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-03 17:33 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\users\Alain\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.032" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.abr" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ani" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.arw" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bay" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bmp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bw" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cr2" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.crw" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cs1" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cur" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dcr" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dcx" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dib" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.djv" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.djvu" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dng" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.emf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.eps" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.erf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.fff" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.fpx" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.gif" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.hdr" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.icl" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.icn" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.iff" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ilbm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.int" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.inta" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.iw4" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.j2c" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.j2k" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jbr" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jfif" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jif" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jp2" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpc" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpe" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpeg" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2243320960-2956093062-1178048343-1002) "Progid"="ACDSee Pro 2.5.jpg" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpk" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpx" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.kdc" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.lbm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mef" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mos" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mrw" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.nef" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.orf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pbm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pbr" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pcd" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pct" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pcx" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pef" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pgm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pic" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pict" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pix" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.png" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ppm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.psd" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.psp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pspbrush" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pspimage" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.raf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ras" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.raw" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rgb" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rgba" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rle" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rsb" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sgi" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sr2" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.srf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tga" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.thm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tif" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tiff" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ttc" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ttf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20po" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20pp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20ppf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25po" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25pp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25ppf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wbm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wbmp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wmf" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xbm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xif" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xmp" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xpm" [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:df,0a,7a,7c,7c,0b,3e,64,ab,60,96,0e,4e,90,84,4a,3d,ef,2d,96,a9,9d,c4, 7c,b3,52,a4,7d,b5,3b,5f,14,59,52,8d,be,00,a6,4c,71,a3,77,73,4f,9b,ad,49,cd,\ "??"=hex:f5,4d,4c,ac,22,ed,39,ba,bd,12,27,1d,4c,7e,db,58 [HKEY_USERS\S-1-5-21-2243320960-2956093062-1178048343-1002\Software\SecuROM\License information*] "datasecu"=hex:17,ee,35,a9,5c,c5,74,1e,6b,dc,60,21,35,15,8f,48,59,f3,39,8a,5c, a0,09,83,97,cc,af,27,33,d4,e7,0a,98,41,a6,85,b0,ff,60,ec,97,11,0a,6c,55,8a,\ "rkeysecu"=hex:82,59,02,2c,2e,d9,32,c4,2a,d5,ab,58,b5,a4,34,21 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-09-03 17:34 ComboFix-quarantined-files.txt 2009-09-03 15:34 Pre-Run: 261.305.176.064 bytes beschikbaar Post-Run: 261.588.733.952 bytes beschikbaar 549 --- E O F --- 2009-09-02 12:08