ComboFix 09-09-05.03 - patty 06-09-2009 18:20.3.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.1790.885 [GMT 2:00] Gestart vanuit: c:\users\patty\Downloads\ComboFix999.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\users\patty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Tools AntiVirus.lnk . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))) . 2009-09-06 03:27 . 2009-09-06 03:27 70104 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-06 03:26 . 2009-09-06 03:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\PC Tools 2009-09-03 17:01 . 2009-09-03 17:01 -------- d-----w- c:\users\patty\AppData\Roaming\PC Tools 2009-09-03 17:00 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-03 17:00 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-03 16:59 . 2009-09-03 17:00 -------- d-----w- c:\program files\Common Files\PC Tools 2009-09-03 16:59 . 2009-02-10 08:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys 2009-09-03 16:59 . 2009-02-10 08:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys 2009-09-03 16:59 . 2009-02-10 08:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys 2009-09-03 16:59 . 2009-09-06 05:21 -------- d-----w- c:\program files\PC Tools AntiVirus 2009-09-03 16:59 . 2009-09-03 17:00 -------- d-----w- c:\programdata\PC Tools 2009-09-03 15:49 . 2009-09-03 15:49 0 ----a-w- c:\windows\mozver.dat 2009-09-03 13:57 . 2009-09-03 13:57 -------- d-----w- c:\programdata\Zylom 2009-09-03 13:57 . 2009-09-06 04:37 -------- d-----w- c:\program files\Zylom Games 2009-09-03 09:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-03 09:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-01 21:40 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\users\patty\AppData\Roaming\Malwarebytes 2009-09-01 16:05 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\programdata\Malwarebytes 2009-09-01 16:05 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-01 15:49 . 2009-09-01 15:49 -------- d-----w- C:\inetpub 2009-09-01 10:42 . 2009-09-01 10:39 356352 ----a-w- c:\windows\system32\nvusmu.exe 2009-09-01 10:41 . 2009-09-01 10:39 356352 ----a-w- c:\windows\system32\nvusmb.exe 2009-09-01 10:40 . 2009-09-01 10:40 -------- d-----w- c:\users\patty\AppData\Roaming\InstallShield 2009-08-31 16:36 . 2009-08-31 16:36 -------- d-----w- c:\program files\Lavalys 2009-08-31 13:40 . 2009-08-31 13:41 -------- d-----w- c:\users\patty\AppData\Roaming\GetRightToGo 2009-08-31 13:14 . 2009-08-31 13:14 -------- d-----w- C:\cabs 2009-08-31 08:33 . 2009-08-31 08:33 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-31 08:26 . 2009-09-01 10:02 -------- d-----w- c:\users\patty\{d642b0b5-b99a-4baf-80f7-e160a8c1ce6a} 2009-08-31 08:25 . 2009-02-04 03:45 453152 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-31 00:00 . 2009-08-31 00:00 -------- d-----w- c:\program files\GamesBar 2009-08-31 00:00 . 2009-08-31 00:00 -------- d-----w- c:\program files\Common Files\Oberon Media 2009-08-30 23:58 . 2009-08-30 23:58 -------- d-----w- c:\users\patty\AppData\Local\Apple Computer 2009-08-30 23:12 . 2009-08-30 23:12 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2009-08-30 11:30 . 2009-08-31 11:06 -------- d-----w- C:\NVIDIA 2009-08-30 11:11 . 2009-08-30 19:29 -------- d-----w- c:\programdata\DriverScanner 2009-08-30 11:11 . 2009-08-30 19:29 -------- d-----w- c:\program files\Uniblue 2009-08-30 10:44 . 2009-08-30 10:44 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2009-08-30 10:44 . 2009-08-30 10:44 -------- d-----w- c:\programdata\Hitman Pro 2009-08-30 10:33 . 2009-08-30 10:33 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-08-30 10:28 . 2009-08-30 10:28 -------- d-----w- c:\users\patty\AppData\Roaming\Blitware 2009-08-28 11:56 . 2009-09-01 11:06 -------- d-----w- c:\users\patty\AppData\Roaming\Farm Mania 2009-08-27 20:37 . 2009-08-27 20:38 -------- d-----w- c:\users\patty\AppData\Roaming\TMInc 2009-08-25 21:18 . 2009-08-25 21:23 -------- d-----w- c:\programdata\VirtualFarm 2009-08-25 09:07 . 2009-08-25 09:07 -------- d-----w- c:\programdata\Arcade Lab 2009-08-24 21:42 . 2009-08-24 22:04 -------- d-----w- c:\users\patty\AppData\Roaming\Coyotes Tale 2009-08-21 11:50 . 2009-08-31 11:54 -------- d-----w- c:\programdata\FreshGames 2009-08-18 21:39 . 2009-08-18 21:39 -------- d-----w- c:\programdata\SugarGames 2009-08-17 21:41 . 2009-08-17 21:41 -------- d-----w- c:\programdata\PlayPond 2009-08-13 23:01 . 2009-08-13 23:01 -------- d-----w- C:\Programs 2009-08-13 22:29 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-13 22:29 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-13 22:29 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-13 22:29 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-13 22:29 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-13 22:29 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-13 22:29 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-13 22:29 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-13 09:21 . 2009-08-13 09:21 -------- d-----w- c:\users\patty\AppData\Roaming\GameInvest 2009-08-12 07:36 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 07:36 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 07:36 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-12 07:36 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 07:36 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 07:36 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 07:36 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 07:36 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-09 13:23 . 2009-08-09 13:26 -------- d-----w- c:\users\patty\AppData\Roaming\Shopping Blocks . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-06 14:07 . 2008-07-11 20:32 -------- d-----w- c:\programdata\Google Updater 2009-09-06 05:18 . 2008-05-14 11:17 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-01 21:52 . 2008-12-01 05:58 -------- d-----w- c:\users\patty\AppData\Roaming\Zylom 2009-09-01 21:00 . 2006-11-02 16:11 701796 ----a-w- c:\windows\system32\perfh013.dat 2009-09-01 21:00 . 2006-11-02 16:11 142582 ----a-w- c:\windows\system32\perfc013.dat 2009-09-01 14:48 . 2008-06-06 09:52 -------- d-----w- c:\program files\Java 2009-09-01 10:39 . 2007-05-17 07:05 12032 ----a-w- c:\windows\system32\drivers\nvsmu.sys 2009-09-01 10:38 . 2007-07-27 21:08 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin 2009-09-01 10:38 . 2007-05-17 07:04 1059112 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys 2009-09-01 10:38 . 2007-05-17 07:03 201728 ----a-w- c:\windows\system32\fdco1.dll 2009-09-01 10:23 . 2009-04-30 22:21 -------- d-----w- c:\programdata\NVIDIA 2009-09-01 09:38 . 2009-09-01 09:30 27839 ----a-w- c:\programdata\nvModes.dat 2009-08-31 00:01 . 2008-12-14 23:04 -------- d-----w- c:\program files\RealArcade 2009-08-31 00:01 . 2007-07-27 22:39 -------- d-----w- c:\program files\Acer GameZone 2009-08-30 19:29 . 2009-05-27 06:53 -------- d-----w- c:\users\patty\AppData\Roaming\Uniblue 2009-08-30 17:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-08-30 10:33 . 2008-04-23 13:04 70104 ----a-w- c:\users\patty\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-30 10:21 . 2007-07-27 22:29 -------- d-----w- c:\programdata\Microsoft Help 2009-08-30 10:18 . 2007-07-27 22:31 -------- d-----w- c:\program files\Microsoft Works 2009-08-28 09:58 . 2009-07-28 08:26 -------- d-----w- c:\users\patty\AppData\Roaming\Zylom DressUpRush 2009-08-27 21:12 . 2008-12-07 22:11 -------- d-----w- c:\programdata\GoBit Games 2009-08-21 11:09 . 2009-04-05 22:18 -------- d-----w- c:\users\patty\AppData\Roaming\PlayFirst 2009-08-21 11:09 . 2009-04-05 22:18 -------- d-----w- c:\programdata\PlayFirst 2009-08-20 07:02 . 2009-06-04 22:48 -------- d-----w- c:\programdata\Gogii 2009-08-14 04:58 . 2009-09-03 17:00 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-12 22:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-08 10:09 . 2009-08-06 19:51 -------- d-----w- c:\program files\Awem studio 2009-08-06 19:51 . 2009-08-06 19:51 -------- d-----w- c:\programdata\eSellerate 2009-08-06 19:51 . 2009-08-06 19:51 -------- d-----w- c:\program files\Common Files\eSellerate 2009-08-05 09:32 . 2009-08-05 09:32 -------- d-----w- c:\users\patty\AppData\Roaming\FUJIFILM 2009-08-05 09:08 . 2009-08-05 09:08 -------- d-----w- c:\program files\Common Files\SWF Studio 2009-08-05 09:08 . 2007-07-27 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-04 21:37 . 2009-08-04 21:37 -------- d-----w- c:\users\patty\AppData\Roaming\World-LooM 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-08-01 09:33 . 2008-08-09 09:02 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 13:23 . 2009-01-02 00:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-31 09:25 . 2009-07-31 09:25 -------- d-----w- c:\programdata\HoverBee Studios 2009-07-30 18:46 . 2009-07-30 18:46 -------- d-----w- c:\users\patty\AppData\Roaming\Gamelab 2009-07-28 08:05 . 2009-07-28 08:05 -------- d-----w- c:\users\patty\AppData\Roaming\Boolat Games 2009-07-24 13:45 . 2009-07-24 13:45 -------- d-----w- c:\users\patty\AppData\Roaming\Jane s Hotel Family Hero 2009-07-24 13:32 . 2009-07-24 13:31 -------- d-----w- c:\users\patty\AppData\Roaming\BeachPartyCraze 2009-07-23 20:52 . 2007-07-27 22:36 -------- d-----w- c:\programdata\CyberLink 2009-07-23 08:22 . 2009-07-23 08:22 -------- d-----w- c:\users\patty\AppData\Roaming\Jane s Hotel 2009-07-21 21:52 . 2009-07-29 04:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 04:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 04:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 04:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-21 13:30 . 2009-07-21 13:30 -------- d-----w- c:\programdata\Fugazo 2009-07-21 13:25 . 2009-07-21 13:06 -------- d-----w- c:\users\patty\AppData\Roaming\Ashtons Family Resort 2009-07-21 13:06 . 2009-07-21 13:06 -------- d-----w- c:\programdata\Ashtons Family Resort 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\users\patty\AppData\Roaming\Gogii Games 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\programdata\Gogii Games 2009-07-19 08:47 . 2009-07-19 08:47 -------- d-----w- c:\users\patty\AppData\Roaming\Janes_Realty 2009-07-18 21:30 . 2009-07-18 21:30 -------- d-----w- c:\users\patty\AppData\Roaming\Merscom 2009-07-18 21:30 . 2009-07-18 21:30 -------- d-----w- c:\programdata\Merscom 2009-07-11 08:54 . 2009-06-15 22:21 -------- d-----w- c:\programdata\NOS 2009-06-15 15:24 . 2009-07-15 10:12 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 10:12 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 10:12 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 10:12 289792 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-17 845360] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F553EEA1-3AEB-4AEE-9AF7-CB476B11DCED}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{51F089C7-C7C6-4685-A97A-B70308A94146}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C67A14D1-73CC-40B6-B119-DB3E19BF938F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{42F4982D-D4B6-4A9E-9F51-D74DC9465B58}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{0DC47E39-EB25-4BB2-B0F2-6A6DE5510BE0}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{026C3BB4-0F17-4021-AD8D-51FFAFA2CE84}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{2C50F552-0969-4351-B600-044AA32088DA}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{3403759A-D544-4417-8E0F-747834AD69C3}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{DB955835-20AF-4B90-B37D-FBE1E385F31A}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{1F236D98-350A-4507-B6B9-E875C218FE3D}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{E7E6A8BA-91D7-4BB8-A7B4-E661296392FA}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{1B72E2C3-936C-4641-8C3B-F455CF3C3439}"= UDP:86:BroadCam Web Server "{DB56E9F1-0294-481B-88AB-3ED5B38C6635}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{69F8ADE6-B27C-4AC5-BBA4-7D0377F72C0E}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{73D9CAB7-3E09-45F7-A523-0B6B174BC06A}"= UDP:c:\program files\Zylom Games\Farm Mania Deluxe\farmmania.exe:Farm Mania Deluxe "{D4845CDB-470E-4446-A2E6-9FAB77F709D4}"= TCP:c:\program files\Zylom Games\Farm Mania Deluxe\farmmania.exe:Farm Mania Deluxe "{82543860-B264-47DB-A8A1-2133D4C134B9}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8EE5FC23-F4B6-4539-AE67-6C02BA138F1B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{6E7109CE-053F-423E-B85C-DA9C7F31D50C}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{CF3AB06A-CE31-4C53-9DAF-BC7A5257B839}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [3-9-2009 19:00 206256] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [23-4-2008 15:07 13560] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [28-7-2007 7:47 32256] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map 2009-09-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-11 20:54] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\patty\AppData\Roaming\Mozilla\Firefox\Profiles\k2dl5oad.default\ FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 18:30 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(860) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(772) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Voltooingstijd: 2009-09-06 18:34 ComboFix-quarantined-files.txt 2009-09-06 16:34 ComboFix2.txt 2009-05-27 06:41 Pre-Run: 43.090.780.160 bytes beschikbaar Post-Run: 41.478.610.944 bytes beschikbaar 287 --- E O F --- 2009-09-04 06:16