ComboFix 10-09-04.06 - User01 07/09/2010 21:53:21.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3038.2167 [GMT 2:00] Gestart vanuit: q:\users\User01\Desktop\ComboFix.exe gebruikte Opdracht switches :: q:\users\User01\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt FILE :: "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\components\coolirisstub.dll" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\libs\cooliris190.dll" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\libs\cooliris192.dll" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\libs\LaunchCooliris.exe" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\libs\PicLensHelper.exe" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\libs\pixomatic.dll" "c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliri s.com\plugins\npcoolirisplugin.dll" . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))) . 2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\Gast\AppData\Local\temp 2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-07 19:58 . 2010-09-07 19:58 -------- d-----w- c:\users\User02\AppData\Local\temp 2010-09-06 17:06 . 2010-09-07 19:58 -------- d-----w- c:\users\User01\AppData\Local\temp 2010-09-06 16:34 . 2010-09-06 16:34 -------- d-----w- c:\users\User01\AppData\Roaming\AVG9 2010-08-26 20:12 . 2010-08-26 20:12 -------- d-----w- c:\users\User01\AppData\Roaming\Malwarebytes 2010-08-26 20:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-26 20:12 . 2010-08-26 20:12 -------- d-----w- c:\programdata\Malwarebytes 2010-08-26 20:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-26 20:11 . 2010-08-26 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-26 19:32 . 2010-09-02 22:02 -------- d-----w- c:\users\User01\AppData\Local\Windows 2010-08-12 19:55 . 2010-08-12 19:55 -------- d-----w- c:\users\TEMP\AppData\Roaming\Sony Corporation 2010-08-12 19:54 . 2010-08-12 20:43 -------- d-----w- c:\users\TEMP 2010-08-12 01:05 . 2010-08-12 01:08 -------- d-----w- C:\ea88b92b8300dd57a0f678 2010-08-11 15:08 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-11 15:08 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll 2010-08-11 15:08 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-11 15:08 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-11 15:08 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-11 15:08 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-11 15:07 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:07 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:07 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:07 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:07 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:07 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-07 15:50 . 2008-11-12 21:26 -------- d-----w- c:\programdata\Google Updater 2010-09-06 20:35 . 2008-08-13 09:34 12 ----a-w- c:\windows\bthservsdp.dat 2010-09-02 17:53 . 2008-11-07 19:15 2032 ----a-w- c:\users\User01\AppData\Local\d3d9caps.dat 2010-08-17 21:34 . 2009-12-24 11:42 -------- d-----w- c:\users\User01\AppData\Roaming\vlc 2010-08-12 01:09 . 2008-11-07 17:11 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-12 01:01 . 2008-11-13 18:42 2032 ----a-w- c:\users\User02\AppData\Local\d3d9caps.dat 2010-08-04 15:59 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-04 15:59 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-01 19:59 . 2009-02-06 17:57 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-01 19:59 . 2010-08-01 19:59 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-01 19:59 . 2009-01-27 20:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-14 10:08 . 2010-07-04 08:31 545280 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2010-06-14 10:08 . 2010-07-04 08:31 4687360 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\libs\cooliris192.dll 2010-06-14 10:08 . 2010-07-04 08:31 425984 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-06-14 10:08 . 2010-07-04 08:31 152064 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-06-14 10:08 . 2010-07-04 08:31 103424 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-06-14 10:08 . 2010-07-04 08:31 4687872 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\libs\cooliris190.dll 2010-06-14 10:08 . 2010-07-04 08:31 57856 ----a-w- c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-06-27 19:38 . 2009-11-23 20:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-06_17.03.48 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2010-09-07 15:49 55778 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-01-21 01:58 . 2010-09-06 16:49 55778 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-07 20:08 . 2010-09-07 15:49 12256 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2627844625-3308249456-3297439575-1000_UserData.bin + 2008-11-07 18:11 . 2010-09-07 15:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-11-07 18:11 . 2010-09-06 06:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-07 18:11 . 2010-09-07 15:51 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-07 18:11 . 2010-09-06 06:11 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-07 18:11 . 2010-09-07 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-11-07 18:11 . 2010-09-06 06:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-27 19:11 . 2010-09-06 16:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-11-27 19:11 . 2010-09-04 07:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-11-27 19:11 . 2010-09-04 07:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-27 19:11 . 2010-09-06 16:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-27 19:11 . 2010-09-06 16:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-11-27 19:11 . 2010-09-04 07:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-06 16:47 . 2010-09-06 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-09-07 15:47 . 2010-09-07 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-09-07 15:47 . 2010-09-07 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-09-06 16:47 . 2010-09-06 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-11 12:51 . 2010-09-07 17:43 456248 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-11-07 20:47 . 2010-09-07 18:41 353482 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 13:05 . 2010-09-07 15:49 100932 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6295552] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-27 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-11-07 24576] "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440] "Skytel"="Skytel.exe" [2008-07-18 1826816] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-01 2065760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):6a,79,e2,e6,76,60,ca,01 R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 135664] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-12 717296] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-08-01 216400] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-08-01 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-01 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-01 308136] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-09-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-07 20:31] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:52] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:52] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ig?hl=nl uInternet Settings,ProxyOverride = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {83581B17-7BF5-4650-BF23-853A8A0C271A} - hxxps://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab FF - ProfilePath - c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ig?hl=nl FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\users\User01\AppData\Roaming\Mozilla\Firefox\Profiles\8ngcvjt3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-07 21:58 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(4736) c:\windows\system32\btmmhook.dll . Voltooingstijd: 2010-09-07 22:00:23 ComboFix-quarantined-files.txt 2010-09-07 20:00 ComboFix2.txt 2010-09-07 16:08 ComboFix3.txt 2010-09-06 17:06 Pre-Run: 65.149.673.472 bytes beschikbaar Post-Run: 65.644.519.424 bytes beschikbaar - - End Of File - - 659B6746B4F6C19B7A44AFDC2A9D651B