Archief - Long Time No Check

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

brecko

Legacy Member
Logfile of HijackThis v1.99.1
Scan saved at 17:52:48, on 5/11/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
H:\Windows\system32\csrss.exe
H:\Windows\system32\wininit.exe
H:\Windows\system32\csrss.exe
H:\Windows\system32\services.exe
H:\Windows\system32\lsass.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\winlogon.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\SLsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\rundll32.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\spoolsv.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
h:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
H:\Windows\system32\PnkBstrA.exe
H:\Windows\system32\PnkBstrB.exe
H:\Windows\system32\svchost.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\WUDFHost.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Windows\System32\mobsync.exe
H:\Windows\system32\taskeng.exe
H:\Program Files\Windows Media Player\wmpnscfg.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Program Files\Windows Media Player\wmpnetwk.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Windows\ehome\ehmsas.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\system32\wbem\wmiprvse.exe
H:\Windows\system32\conime.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Last.fm\LastFM.exe
H:\Windows\system32\wuauclt.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Windows\system32\taskeng.exe
M:\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A8B.tmp] H:\Windows\temp\A8B.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: h:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C5A629-ECE0-4E9D-9328-FF8198358692}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - h:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Windows Tribute Service - Unknown owner - H:\Windows\system32\kdwez.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Juisterr

Legacy Member
Dat is te zien, U gebruikt een oude versie van HJT :puke:

Gebruik aub de nieuwste :bow:

* Download Trend Micro Hijack This™
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.

brecko

Legacy Member
Excuse me je.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:56, on 5/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
H:\Windows\system32\csrss.exe
H:\Windows\system32\wininit.exe
H:\Windows\system32\csrss.exe
H:\Windows\system32\services.exe
H:\Windows\system32\lsass.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\winlogon.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\SLsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\rundll32.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\spoolsv.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
h:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
H:\Windows\system32\PnkBstrA.exe
H:\Windows\system32\PnkBstrB.exe
H:\Windows\system32\svchost.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\WUDFHost.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Windows\system32\taskeng.exe
H:\Program Files\Windows Media Player\wmpnscfg.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Program Files\Windows Media Player\wmpnetwk.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Windows\ehome\ehmsas.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\system32\wbem\wmiprvse.exe
H:\Windows\system32\conime.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Last.fm\LastFM.exe
H:\Windows\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [A8B.tmp] H:\Windows\temp\A8B.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C5A629-ECE0-4E9D-9328-FF8198358692}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe
O23 - Service: Windows Tribute Service - Unknown owner - H:\Windows\system32\kdwez.exe

--
End of file - 10605 bytes

Juisterr

Legacy Member
U heeft een roque scanner en een wareout infectie zo te zien.

Ik bied U 2 tooltjes aan, aub beide runnen en de uitslagen plaatsen.


Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.


Doe ook deze tool aub.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.


succes

brecko

Legacy Member
MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.30
Database versie: 1373
Windows 6.0.6000

8/11/2008 13:42:52
mbam-log-2008-11-08 (13-42-52).txt

Scan type: Snelle Scan
Objecten gescand: 53948
Verstreken tijd: 3 minute(s), 39 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 2

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Pornovid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41c5a629-ece0-4e9d-9328-ff8198358692}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41c5a629-ece0-4e9d-9328-ff8198358692}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Delete on reboot.

Mappen geïnfecteerd:
H:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
H:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
H:\Windows\Temp\A8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

brecko

Legacy Member
COMBOFIX LOG

ComboFix 08-11-07.01 - Mister Jack 2008-11-08 13:58:00.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1043.18.1227 [GMT 1:00]
Gestart vanuit: h:\users\Mister Jack\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\users\Mister Jack\AppData\Roaming\inst.exe
.
---- Previous Run -------
.
H:\Autorun.inf
h:\windows\system32\uninstall.exe
L:\Autorun.inf
M:\Autorun.inf
N:\Autorun.inf
Q:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))
.

2099-04-03 19:06 . 2099-04-03 19:06 <DIR> d-------- h:\program files\Activision
2099-04-03 17:19 . 2099-04-03 17:19 <DIR> d-------- h:\program files\BSPlayer
2099-04-03 17:12 . 2099-04-03 17:12 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Grisoft
2099-04-03 17:12 . 2007-05-30 13:10 10,872 --a------ h:\windows\System32\drivers\AvgAsCln.sys
2099-04-03 17:11 . 2099-04-03 17:12 <DIR> d-------- h:\users\All Users\Grisoft
2099-04-03 17:11 . 2099-04-03 17:12 <DIR> d-------- h:\programdata\Grisoft
2099-04-03 16:35 . 2008-04-24 13:48 <DIR> d-------- h:\program files\Windows Live
2099-04-03 16:34 . 2008-10-06 19:48 <DIR> d-------- h:\program files\iTunes
2099-04-03 16:33 . 2008-04-24 13:44 <DIR> d-------- h:\users\All Users\WLInstaller
2099-04-03 16:33 . 2008-10-21 13:38 <DIR> d-------- h:\users\All Users\Apple Computer
2099-04-03 16:33 . 2008-04-24 13:44 <DIR> d-------- h:\programdata\WLInstaller
2099-04-03 16:33 . 2008-10-21 13:38 <DIR> d-------- h:\programdata\Apple Computer
2099-04-03 16:33 . 2008-09-10 16:44 <DIR> d-------- h:\program files\QuickTime
2099-04-03 16:33 . 2008-09-10 16:44 <DIR> d-------- h:\program files\Bonjour
2099-04-03 16:32 . 2099-04-03 16:32 <DIR> d-------- h:\users\All Users\Apple
2099-04-03 16:32 . 2099-04-03 16:32 <DIR> d-------- h:\programdata\Apple
2099-04-03 16:32 . 2008-09-10 16:44 <DIR> d-------- h:\program files\Common Files\Apple
2099-04-03 15:18 . 2008-07-22 22:56 <DIR> d-------- h:\program files\BitLord
2099-04-03 15:11 . 2099-04-03 15:11 <DIR> d-------- h:\program files\DAEMON Tools Lite
2099-04-03 15:10 . 2099-04-03 15:10 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\DAEMON Tools
2099-04-03 15:10 . 2099-04-03 15:10 717,296 --a------ h:\windows\System32\drivers\sptd.sys
2099-04-03 15:05 . 2008-04-04 13:27 <DIR> d-------- h:\windows\System32\Macromed
2099-04-03 14:56 . 2099-04-03 14:04 <DIR> d-------- h:\windows\Panther
2099-04-03 14:56 . 2008-10-30 23:29 <DIR> d-------- h:\users\All Users\NVIDIA
2099-04-03 14:56 . 2008-10-30 23:29 <DIR> d-------- h:\programdata\NVIDIA
2099-04-03 14:54 . 2099-04-03 14:54 <DIR> d-------- h:\program files\My Company Name
2099-04-03 14:53 . 2008-01-03 15:26 1,079,840 --a------ h:\windows\System32\nvcpluir.dll
2099-04-03 14:53 . 2008-10-07 13:33 797,216 --a------ h:\windows\System32\nvcplui.exe
2099-04-03 14:53 . 2008-10-07 13:33 420,384 --a------ h:\windows\System32\nvcpl.cpl
2099-04-03 14:53 . 2008-01-03 15:26 313,888 --a------ h:\windows\System32\nvexpbar.dll
2099-04-03 14:52 . 2099-04-03 14:52 <DIR> d-------- H:\Windows.old
2099-04-03 14:51 . 2099-04-03 14:51 <DIR> d-------- h:\program files\Google
2099-04-03 14:51 . 2008-10-02 10:07 453,152 --a------ h:\windows\System32\NVUNINST.EXE
2099-04-03 14:48 . 2008-11-05 23:55 <DIR> d--hs---- h:\windows\Installer
2099-04-03 14:25 . 2008-06-14 18:06 30,008 --a------ h:\windows\System32\drivers\ET5Drv.sys
2099-04-03 14:22 . 2099-04-03 14:22 <DIR> d-------- h:\windows\RaidTool
2099-04-03 14:22 . 2099-04-03 14:22 <DIR> d-------- H:\RaidTool
2099-04-03 14:22 . 2007-08-29 09:55 1,966,080 -ra------ h:\windows\System32\xRaidSetup.exe
2099-04-03 14:22 . 2006-08-30 05:33 319,984 -ra------ h:\windows\System32\DifxApi.dll
2099-04-03 14:22 . 2007-08-20 06:31 151,552 -ra------ h:\windows\System32\xRaidAPI.dll
2099-04-03 14:22 . 2007-09-29 06:30 65,024 --a------ h:\windows\System32\drivers\jraid.sys
2099-04-03 14:21 . 2099-04-03 14:21 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\InstallShield
2099-04-03 14:19 . 2099-04-03 14:19 <DIR> d-------- h:\windows\System32\RTCOM
2099-04-03 14:17 . 2099-04-03 14:22 <DIR> d-------- h:\program files\Realtek
2099-04-03 14:17 . 2007-09-19 07:50 4,702,208 --a------ h:\windows\RtHDVCpl.exe
2099-04-03 14:17 . 2007-08-31 08:36 2,087,936 --a------ h:\windows\System32\RtkAPO.dll
2099-04-03 14:17 . 2007-09-19 10:11 1,959,832 --a------ h:\windows\System32\drivers\RTKVHDA.sys
2099-04-03 14:17 . 2007-08-22 12:37 564,736 --a------ h:\windows\System32\RtkPgExt.dll
2099-04-03 14:17 . 2007-07-06 04:04 532,480 --a------ h:\windows\System32\RTSndMgr.cpl
2099-04-03 14:17 . 2006-12-13 03:30 339,968 --a------ h:\windows\System32\SRSTSXT.dll
2099-04-03 14:17 . 2007-03-23 08:34 266,240 --a------ h:\windows\System32\RtkApoApi.dll
2099-04-03 14:17 . 2007-05-17 04:26 185,776 --a------ h:\windows\System32\SRSTSHD.dll
2099-04-03 14:17 . 2007-04-16 10:09 167,936 --a------ h:\windows\System32\SRSHP360.dll
2099-04-03 14:17 . 2007-07-25 02:33 135,168 --a------ h:\windows\System32\SRSWOW.dll
2099-04-03 14:17 . 2007-07-30 11:26 126,976 --a------ h:\windows\System32\maxxaudioapo.dll
2099-04-03 14:17 . 2007-09-12 06:29 23,040 --a------ h:\windows\System32\RtkCoInst.dll
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- h:\program files\Intel
2099-04-03 14:14 . 2008-10-30 14:15 <DIR> d--h----- h:\program files\InstallShield Installation Information
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- h:\program files\GIGABYTE
2099-04-03 14:14 . 2008-06-14 17:58 <DIR> d-------- h:\program files\Common Files\InstallShield
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- H:\Intel
2099-04-03 14:14 . 2007-07-26 15:15 53,248 --a------ h:\windows\System32\CSVer.dll
2099-04-03 14:09 . 2006-11-02 13:35 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Media Center Programs
2099-04-03 14:07 . 2099-04-03 14:07 <DIR> dr------- h:\windows\System32\config\systemprofile\Contacts
2099-04-03 14:04 . 2099-04-03 14:56 337 -rahs---- H:\Boot.ini.saved
2099-04-03 13:59 . 2008-11-08 13:50 <DIR> d-------- h:\windows\System32\catroot2
2099-04-03 13:58 . 2099-04-03 14:08 <DIR> d-------- h:\windows\Debug
2099-04-03 13:48 . 2099-04-03 14:56 <DIR> d--hs---- H:\Boot
2099-04-03 13:48 . 2006-11-02 10:53 438,840 -rahs---- H:\bootmgr
2099-04-03 13:48 . 2099-04-03 14:56 8,192 -ra-s---- H:\BOOTSECT.BAK
2009-05-04 17:47 . 2008-06-02 18:43 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\TextPad
2008-11-08 13:57 . 2008-11-08 13:57 <DIR> d-------- H:\32788R22FWJFW
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\users\All Users\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\programdata\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2008-11-08 13:38 . 2008-10-22 16:10 38,496 --a------ h:\windows\System32\drivers\mbamswissarmy.sys
2008-11-08 13:38 . 2008-10-22 16:10 15,504 --a------ h:\windows\System32\drivers\mbam.sys
2008-11-05 23:52 . 2008-11-05 23:52 <DIR> d-------- h:\users\All Users\KONAMI
2008-11-05 23:52 . 2008-11-05 23:52 <DIR> d-------- h:\programdata\KONAMI
2008-11-05 19:39 . 2008-11-05 19:39 <DIR> d-------- h:\program files\Trend Micro
2008-10-30 15:32 . 2008-10-30 15:32 <DIR> d-------- h:\program files\VirtualDJ
2008-10-30 14:18 . 2008-10-30 14:18 <DIR> d-------- H:\NVIDIA
2008-10-30 13:53 . 2008-10-30 13:53 <DIR> dr------- h:\windows\System32\config\systemprofile\Music
2008-10-29 13:24 . 2007-07-19 18:14 3,727,720 --a------ h:\windows\System32\d3dx9_35.dll
2008-10-27 00:30 . 2008-11-08 13:56 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Dropbox
2008-10-27 00:30 . 2008-10-27 00:30 <DIR> d-------- h:\program files\Dropbox
2008-10-14 23:10 . 2008-10-14 23:10 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Disney Interactive Studios
2008-10-14 22:54 . 2008-10-14 22:54 <DIR> d-------- h:\program files\Disney Interactive Studios
2008-10-14 22:54 . 2008-07-12 07:18 3,851,784 --a------ h:\windows\System32\D3DX9_39.dll
2008-10-14 22:54 . 2008-07-12 07:18 1,493,528 --a------ h:\windows\System32\D3DCompiler_39.dll
2008-10-14 22:54 . 2008-07-31 09:40 509,448 --a------ h:\windows\System32\XAudio2_2.dll
2008-10-14 22:54 . 2008-07-12 07:18 467,984 --a------ h:\windows\System32\d3dx10_39.dll
2008-10-14 22:54 . 2008-07-31 09:41 238,088 --a------ h:\windows\System32\xactengine3_2.dll
2008-10-14 22:54 . 2008-07-31 09:41 68,616 --a------ h:\windows\System32\XAPOFX1_1.dll
2008-10-14 22:52 . 2008-10-14 23:07 995 --a------ h:\windows\disney.ini
2008-10-13 19:07 . 2008-11-05 20:11 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\uTorrent
2008-10-13 13:34 . 2008-10-13 13:34 <DIR> d-------- h:\program files\NewTek
2008-10-13 13:34 . 2008-10-13 13:34 1,251,768 --a------ h:\windows\LightWave 3D 9.3 Uninstaller.exe
2008-10-09 22:12 . 2008-10-09 22:13 <DIR> d-------- h:\program files\Adobe Photoshop
2008-10-09 18:22 . 2008-10-09 18:22 <DIR> d-------- h:\program files\Common Files\Control Panels
2008-10-09 17:52 . 2008-06-19 16:24 28,544 --a------ h:\windows\System32\drivers\pavboot.sys
2008-10-09 17:51 . 2008-10-09 17:51 <DIR> d-------- h:\program files\Panda Security

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-04-03 13:08 --------- d-sh--w h:\programdata\Sjablonen
2099-04-03 13:08 --------- d-sh--w h:\programdata\Menu Start
2099-04-03 13:08 --------- d-sh--w h:\programdata\Favorieten
2099-04-03 13:08 --------- d-sh--w h:\programdata\Documenten
2099-04-03 13:08 --------- d-sh--w h:\programdata\Bureaublad
2009-04-27 14:47 --------- d-----w h:\programdata\Microsoft Help
2009-04-27 14:46 --------- d-----w h:\program files\Microsoft Visual Studio 8
2009-04-27 12:07 --------- d-----w h:\program files\Microsoft Visual Studio 9.0
2009-04-27 12:06 --------- d-----w h:\program files\MSBuild
2008-11-05 22:43 --------- d-----w h:\program files\KONAMI
2008-10-30 13:15 16,608 ----a-w h:\windows\gdrv.sys
2008-10-29 12:25 107,888 ----a-w h:\windows\System32\CmdLineExt.dll
2008-10-29 12:23 22,328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2008-10-29 12:23 22,328 ----a-w h:\users\Mister Jack\AppData\Roaming\PnkBstrK.sys
2008-10-29 12:23 107,832 ----a-w h:\windows\System32\PnkBstrB.exe
2008-10-29 12:22 2,250,024 ----a-w h:\windows\System32\pbsvc.exe
2008-10-29 12:16 --------- d-----w h:\program files\Ubisoft
2008-10-25 14:41 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Apple Computer
2008-10-09 17:51 --------- d-----w h:\programdata\FLEXnet
2008-10-06 18:48 --------- d-----w h:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 18:48 --------- d-----w h:\program files\iPod
2008-10-04 17:16 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Vso
2008-10-04 13:42 --------- d-----w h:\programdata\vsosdk
2008-10-04 13:15 47,360 ----a-w h:\windows\system32\drivers\pcouffin.sys
2008-10-04 13:15 47,360 ----a-w h:\users\Mister Jack\AppData\Roaming\pcouffin.sys
2008-10-04 13:15 --------- d-----w h:\program files\VSO
2008-10-01 11:01 32,000 ----a-w h:\windows\system32\drivers\usbaapl.sys
2008-09-27 11:07 --------- d-----w h:\program files\ImageConverter Plus
2008-09-19 12:19 --------- d-----w h:\program files\Common Files\PX Storage Engine
2008-09-12 09:43 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Hamachi
2008-09-11 16:59 15,440 ----a-w h:\windows\system32\drivers\hamachi.sys
2008-09-11 16:59 --------- d-----w h:\program files\Hamachi
2008-09-10 15:43 --------- d-----w h:\program files\Apple Software Update
2008-09-05 20:16 1,900,544 ----a-w h:\windows\System32\usbaaplrc.dll
2008-08-29 08:18 87,336 ----a-w h:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w h:\windows\System32\dnssd.dll
2008-05-28 19:09 56 ---ha-w h:\users\All Users\ezsidmv.dat
2008-05-28 19:09 56 ---ha-w h:\programdata\ezsidmv.dat
2006-11-02 12:49 174 --sha-w h:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="h:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="h:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"!AVG Anti-Spyware"="h:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="h:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"SSBkgdUpdate"="h:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

brecko

Legacy Member
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"Malwarebytes Anti-Malware (reboot)"="h:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 h:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 h:\windows\SkyTel.exe]

h:\users\Mister Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Dropbox.lnk - h:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]

h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - h:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-05-24 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2F3C7318-7EB0-4403-9375-16D652B61727}i:\\games\\cod4\\iw3mp.exe"= UDP:i:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{D6087E29-F758-412F-B52C-CEAB9A6AE16C}i:\\games\\cod4\\iw3mp.exe"= TCP:i:\games\cod4\iw3mp.exe:iw3mp
"TCP Query User{72BE48E6-E6A5-44CC-A143-9F638587F252}h:\\program files\\bitlord\\bitlord.exe"= UDP:h:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4A034299-19AF-44F2-8292-013E8709FD1E}h:\\program files\\bitlord\\bitlord.exe"= TCP:h:\program files\bitlord\bitlord.exe:BitLord
"{703B02E3-A2EA-48CC-ACEC-98C7B94BF0E8}"= UDP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7CE29DB9-9A1E-416C-9EF5-A5B978A0D338}"= TCP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{115371C0-9F98-4717-9CCF-55066C72E152}"= UDP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{15EE8286-486F-4D2F-BB64-82C905F8BD46}"= TCP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{248AB76C-F3C5-417B-8441-6CD5BE538169}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0CBDDE56-0CD1-455B-9F3B-D06C85016B2B}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A08AC129-B8F1-4390-A3BB-1ABD2F4B708A}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C22BABCA-BF07-436F-B301-0A781861DF59}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6A2C9427-DE0C-45C3-ADCA-8B38798C0E94}"= TCP:6004|h:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{846E0A27-371E-4A17-A81F-1D52A31FB1C6}"= UDP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{684E87F7-2A70-41B1-8FA6-0456DB2DCCAD}"= TCP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EB73333-FC27-4C13-98CE-A8DBD5CFEAB8}"= UDP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{087A6F83-F292-4076-BE6F-23D67BBF80A2}"= TCP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E828B60B-45E4-4A1D-986B-D7269B1BB3BF}"= UDP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"{54B88D6D-B619-4C66-A6E9-B0F5F6AF4807}"= TCP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B41E46D8-A57B-4882-838C-266EBAF67E7C}h:\\program files\\gigabyte\\gest\\run.exe"= UDP:h:\program files\gigabyte\gest\run.exe:update
"UDP Query User{3794F18C-8646-45B8-B8C0-D47CFD97211B}h:\\program files\\gigabyte\\gest\\run.exe"= TCP:h:\program files\gigabyte\gest\run.exe:update
"TCP Query User{C9087AA0-0F88-42F1-BF70-CB691B2126D9}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F0E0910A-F771-4BB5-AC85-F41619181E89}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"{4616D9A0-F849-4E5C-B283-6161AFD9CD5B}"= UDP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{4B728A94-B8F2-41C9-915E-69B4D97047E4}"= TCP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{CAEF8D91-F66C-4A43-92D5-8BD066ED0E34}"= UDP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{9AF81978-A19A-46DB-8428-5731EB621A23}"= TCP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{DA27D010-232B-47AD-AD9B-E71D05C9DD66}"= h:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7C38E2FD-1285-4A65-9322-823F7713E53F}h:\\program files\\mozilla firefox\\firefox.exe"= UDP:h:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19852FB5-2F28-4052-A948-E953005C8064}h:\\program files\\mozilla firefox\\firefox.exe"= TCP:h:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0264916-D501-4C52-8D74-37EC3C08E15D}h:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B3DD38AD-A77C-4F78-940B-0FDC57D991CE}h:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{A62355AC-C244-4107-BBA2-B169E8AAC9C9}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{0FD20DE9-534D-4A6B-83A6-E2DA3294A99E}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"{F495EF0E-131D-47F1-A139-3EFDA922C1B2}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{F94D906B-FCC5-47A7-963D-9A652294341A}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B4DA0BF1-6424-4C48-BC7B-C0CD8F3E9B5F}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{9BF12A3E-5322-4B63-AA86-4F437C3C82DF}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{030F13BA-6D84-4289-9DCC-578097ACD2C4}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CC1902E8-C38E-420B-8975-F303F88AF2DB}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{725246E5-8A1C-4C27-8A9A-E37FC4602A3C}l:\\program files\\soulseek\\slsk.exe"= UDP:l:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{CC295CDE-D773-4171-9495-B29D9C0CE1C9}l:\\program files\\soulseek\\slsk.exe"= TCP:l:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{AC99DA82-B50A-4CC7-AF61-31C34C64C68A}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D8DD8E3-0827-47A0-BA6A-FA3873781419}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5DFCDBFD-3E8B-4373-A9E6-66F2E41689DA}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{1C9B813B-E98E-40DA-B29E-891C3A0D2D9F}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{99B3871C-2BBC-4E92-BBF5-6755B89430CC}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= UDP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"UDP Query User{A46F85B8-97CF-46E2-A26D-5610A5292CD4}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= TCP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"TCP Query User{1DCAF861-0E69-4C30-8B60-5EB5A89565D8}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{88857FA2-BDE8-4982-A290-0C4B837E0CFA}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"TCP Query User{7F8288BD-ECCB-464E-9A0A-DBD7EAEE799B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{A3A7F4F4-5E76-4D53-AA92-242C2990259B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"{4361F15F-DB2B-4879-A8EF-C45BFDABA229}"= UDP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B01B4575-12BE-4FDC-91B0-C2DC2269DFB4}"= TCP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1F129AD4-9B93-4086-96D3-0CE36090FBD8}"= UDP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{15F80740-FD42-45AC-BF26-F4F26D829DF5}"= TCP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E109DD35-C231-4397-8F15-A16CFC266E87}"= UDP:h:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{06DD22D4-9447-4F47-802C-283499836E6B}"= TCP:h:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{E4BD0039-DF64-4C3C-8FE9-013AAE1627EC}"= UDP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B484D927-E677-417E-83EF-ACA33E8BD968}"= TCP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{36E7BB45-8FA4-4A2C-BB9C-046AFD28B446}"= UDP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D78C388-3320-4760-B5FD-452F8D74AF97}"= TCP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F57A389B-7498-4C2E-97AE-005CDA1FFF3F}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{831FFDE4-612D-4FA9-986B-707F7E2B2B6B}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{54B14E92-F661-40C0-94BB-66FFD12218F5}h:\\program files\\hamachi\\hamachi.exe"= UDP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3E4A569C-2C69-4611-B7DC-C0834388D85A}h:\\program files\\hamachi\\hamachi.exe"= TCP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{C089C9F5-50DA-4ACA-B9FD-ECA7214D6D45}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{05D4DD74-8032-47BD-83E8-C8626916C947}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{38DD6668-3FB5-4119-9831-10055ADC26F3}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F1D982BE-6C0C-40A8-9CB8-B9FE2FC539CE}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{38AB18AB-7090-4A1D-88B0-7929BAEC4F38}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{E7346ACC-6762-45BF-A63E-EC22DD410738}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{7753DA29-CA9D-4884-B9DB-3C2C458F25C3}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= UDP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{56787688-F8A4-4865-B909-146DA29F5289}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= TCP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{49CA2EFB-13FC-4677-8FEE-562BBBB3958A}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes
"{CDB53DDA-9808-45C1-B169-D7BDD205AA40}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{0C51FDCC-C327-4021-A518-85A845DC1495}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"UDP Query User{637AEE17-ED9B-4095-9107-ABB8B6EDDE4B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"TCP Query User{C3765651-54BB-4563-A954-3786048233FA}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"UDP Query User{D70C8E06-23AB-41A7-B105-9A85347F1D6B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"TCP Query User{FEDC7680-D624-4166-AE8B-7DED401DD8E2}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"UDP Query User{E97F53C1-B8F6-451F-9282-22C534B1AFC5}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"TCP Query User{F08F9E12-953D-4ACC-849A-FED0A7192696}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{8B13990C-BA4F-4BDB-92AA-7CA46597FCED}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"{D5059189-1813-4876-950E-A6197283F1FE}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{C2FCA8AC-49E8-44D6-A5FE-573C1D4A36E6}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{C409BCB5-DB30-4A02-817E-09DACF6A0A06}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{8C2C0E20-219D-4B73-9111-346FD4013CA3}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{67EBE434-B23B-4390-BBEA-D9A28900831C}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{D5ED64D5-41A6-4F4F-A2CC-C10308494C48}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;h:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 Windows Tribute Service;Windows Tribute Service;h:\windows\system32\kdwez.exe [2006-11-02 70144]
S3 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\GEST\GSvr.exe [2008-06-14 55816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL q:\resycled\boot.com q:
\shell\Open\command - q:\resycled\boot.com q:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16134ca7-073d-1243-bd85-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b247d84-7204-11dd-a25b-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com k:
\shell\Open\command - k:\resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde26-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde8d-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL q:\resycled\boot.com q:
\shell\Open\command - q:\resycled\boot.com q:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f7-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f9-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - O:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7fb-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - P:\AUTORUN.EXE
.
.
------- Bijkomende Scan -------
.
FireFox -: Profile - h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - Google
FF -: plugin - h:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - h:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF -: plugin - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 14:02:26
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll??

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-11-08 14:03:45
ComboFix-quarantined-files.txt 2008-11-08 13:03:27

Pre-Run: 210,435,371,008 bytes beschikbaar
Post-Run: 212,041,588,736 bytes beschikbaar

358

brecko

Legacy Member
HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 8/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
H:\Windows\system32\csrss.exe
H:\Windows\system32\wininit.exe
H:\Windows\system32\csrss.exe
H:\Windows\system32\services.exe
H:\Windows\system32\lsass.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\winlogon.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\SLsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\spoolsv.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Windows\ehome\ehtray.exe
H:\Windows\ehome\ehmsas.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
h:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
H:\Windows\system32\PnkBstrA.exe
H:\Windows\system32\PnkBstrB.exe
H:\Windows\system32\svchost.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\WUDFHost.exe
H:\Windows\system32\taskeng.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Windows\System32\mobsync.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\system32\conime.exe
H:\Windows\system32\notepad.exe
H:\Windows\Explorer.exe
H:\Windows\system32\wuauclt.exe
H:\Windows\system32\wbem\wmiprvse.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Windows\system32\DllHost.exe
H:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C5A629-ECE0-4E9D-9328-FF8198358692}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe
O23 - Service: Windows Tribute Service - Unknown owner - H:\Windows\system32\kdwez.exe

--
End of file - 10139 bytes

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
H:\Windows\system32\kdwez.exe
Driver::
"Windows Tribute Service"




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif


Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.






Plaats ook een nieuw HJT logje.

brecko

Legacy Member
ComboFix 08-11-07.01 - Mister Jack 2008-11-08 15:41:27.3 - NTFSx86
Microsoft® Windows Vista&#8482; Ultimate 6.0.6000.0.1252.1.1043.18.557 [GMT 1:00]
Gestart vanuit: h:\users\Mister Jack\Desktop\ComboFix.exe
gebruikte Opdracht switches :: h:\users\Mister Jack\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
h:\windows\system32\kdwez.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service


(((((((((((((((((((( Bestanden Gemaakt van 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))
.

2099-04-03 19:06 . 2099-04-03 19:06 <DIR> d-------- h:\program files\Activision
2099-04-03 17:19 . 2099-04-03 17:19 <DIR> d-------- h:\program files\BSPlayer
2099-04-03 17:12 . 2099-04-03 17:12 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Grisoft
2099-04-03 17:12 . 2007-05-30 13:10 10,872 --a------ h:\windows\System32\drivers\AvgAsCln.sys
2099-04-03 17:11 . 2099-04-03 17:12 <DIR> d-------- h:\users\All Users\Grisoft
2099-04-03 17:11 . 2099-04-03 17:12 <DIR> d-------- h:\programdata\Grisoft
2099-04-03 16:35 . 2008-04-24 13:48 <DIR> d-------- h:\program files\Windows Live
2099-04-03 16:34 . 2008-10-06 19:48 <DIR> d-------- h:\program files\iTunes
2099-04-03 16:33 . 2008-04-24 13:44 <DIR> d-------- h:\users\All Users\WLInstaller
2099-04-03 16:33 . 2008-10-21 13:38 <DIR> d-------- h:\users\All Users\Apple Computer
2099-04-03 16:33 . 2008-04-24 13:44 <DIR> d-------- h:\programdata\WLInstaller
2099-04-03 16:33 . 2008-10-21 13:38 <DIR> d-------- h:\programdata\Apple Computer
2099-04-03 16:33 . 2008-09-10 16:44 <DIR> d-------- h:\program files\QuickTime
2099-04-03 16:33 . 2008-09-10 16:44 <DIR> d-------- h:\program files\Bonjour
2099-04-03 16:32 . 2099-04-03 16:32 <DIR> d-------- h:\users\All Users\Apple
2099-04-03 16:32 . 2099-04-03 16:32 <DIR> d-------- h:\programdata\Apple
2099-04-03 16:32 . 2008-09-10 16:44 <DIR> d-------- h:\program files\Common Files\Apple
2099-04-03 15:18 . 2008-07-22 22:56 <DIR> d-------- h:\program files\BitLord
2099-04-03 15:11 . 2099-04-03 15:11 <DIR> d-------- h:\program files\DAEMON Tools Lite
2099-04-03 15:10 . 2099-04-03 15:10 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\DAEMON Tools
2099-04-03 15:10 . 2099-04-03 15:10 717,296 --a------ h:\windows\System32\drivers\sptd.sys
2099-04-03 15:05 . 2008-04-04 13:27 <DIR> d-------- h:\windows\System32\Macromed
2099-04-03 14:56 . 2099-04-03 14:04 <DIR> d-------- h:\windows\Panther
2099-04-03 14:56 . 2008-10-30 23:29 <DIR> d-------- h:\users\All Users\NVIDIA
2099-04-03 14:56 . 2008-10-30 23:29 <DIR> d-------- h:\programdata\NVIDIA
2099-04-03 14:54 . 2099-04-03 14:54 <DIR> d-------- h:\program files\My Company Name
2099-04-03 14:53 . 2008-01-03 15:26 1,079,840 --a------ h:\windows\System32\nvcpluir.dll
2099-04-03 14:53 . 2008-10-07 13:33 797,216 --a------ h:\windows\System32\nvcplui.exe
2099-04-03 14:53 . 2008-10-07 13:33 420,384 --a------ h:\windows\System32\nvcpl.cpl
2099-04-03 14:53 . 2008-01-03 15:26 313,888 --a------ h:\windows\System32\nvexpbar.dll
2099-04-03 14:52 . 2099-04-03 14:52 <DIR> d-------- H:\Windows.old
2099-04-03 14:51 . 2099-04-03 14:51 <DIR> d-------- h:\program files\Google
2099-04-03 14:51 . 2008-10-02 10:07 453,152 --a------ h:\windows\System32\NVUNINST.EXE
2099-04-03 14:48 . 2008-11-05 23:55 <DIR> d--hs---- h:\windows\Installer
2099-04-03 14:25 . 2008-06-14 18:06 30,008 --a------ h:\windows\System32\drivers\ET5Drv.sys
2099-04-03 14:22 . 2099-04-03 14:22 <DIR> d-------- h:\windows\RaidTool
2099-04-03 14:22 . 2099-04-03 14:22 <DIR> d-------- H:\RaidTool
2099-04-03 14:22 . 2007-08-29 09:55 1,966,080 -ra------ h:\windows\System32\xRaidSetup.exe
2099-04-03 14:22 . 2006-08-30 05:33 319,984 -ra------ h:\windows\System32\DifxApi.dll
2099-04-03 14:22 . 2007-08-20 06:31 151,552 -ra------ h:\windows\System32\xRaidAPI.dll
2099-04-03 14:22 . 2007-09-29 06:30 65,024 --a------ h:\windows\System32\drivers\jraid.sys
2099-04-03 14:21 . 2099-04-03 14:21 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\InstallShield
2099-04-03 14:19 . 2099-04-03 14:19 <DIR> d-------- h:\windows\System32\RTCOM
2099-04-03 14:17 . 2099-04-03 14:22 <DIR> d-------- h:\program files\Realtek
2099-04-03 14:17 . 2007-09-19 07:50 4,702,208 --a------ h:\windows\RtHDVCpl.exe
2099-04-03 14:17 . 2007-08-31 08:36 2,087,936 --a------ h:\windows\System32\RtkAPO.dll
2099-04-03 14:17 . 2007-09-19 10:11 1,959,832 --a------ h:\windows\System32\drivers\RTKVHDA.sys
2099-04-03 14:17 . 2007-08-22 12:37 564,736 --a------ h:\windows\System32\RtkPgExt.dll
2099-04-03 14:17 . 2007-07-06 04:04 532,480 --a------ h:\windows\System32\RTSndMgr.cpl
2099-04-03 14:17 . 2006-12-13 03:30 339,968 --a------ h:\windows\System32\SRSTSXT.dll
2099-04-03 14:17 . 2007-03-23 08:34 266,240 --a------ h:\windows\System32\RtkApoApi.dll
2099-04-03 14:17 . 2007-05-17 04:26 185,776 --a------ h:\windows\System32\SRSTSHD.dll
2099-04-03 14:17 . 2007-04-16 10:09 167,936 --a------ h:\windows\System32\SRSHP360.dll
2099-04-03 14:17 . 2007-07-25 02:33 135,168 --a------ h:\windows\System32\SRSWOW.dll
2099-04-03 14:17 . 2007-07-30 11:26 126,976 --a------ h:\windows\System32\maxxaudioapo.dll
2099-04-03 14:17 . 2007-09-12 06:29 23,040 --a------ h:\windows\System32\RtkCoInst.dll
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- h:\program files\Intel
2099-04-03 14:14 . 2008-10-30 14:15 <DIR> d--h----- h:\program files\InstallShield Installation Information
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- h:\program files\GIGABYTE
2099-04-03 14:14 . 2008-06-14 17:58 <DIR> d-------- h:\program files\Common Files\InstallShield
2099-04-03 14:14 . 2099-04-03 14:14 <DIR> d-------- H:\Intel
2099-04-03 14:14 . 2007-07-26 15:15 53,248 --a------ h:\windows\System32\CSVer.dll
2099-04-03 14:09 . 2006-11-02 13:35 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Media Center Programs
2099-04-03 14:07 . 2099-04-03 14:07 <DIR> dr------- h:\windows\System32\config\systemprofile\Contacts
2099-04-03 14:04 . 2099-04-03 14:56 337 -rahs---- H:\Boot.ini.saved
2099-04-03 13:59 . 2008-11-08 13:50 <DIR> d-------- h:\windows\System32\catroot2
2099-04-03 13:58 . 2099-04-03 14:08 <DIR> d-------- h:\windows\Debug
2099-04-03 13:48 . 2099-04-03 14:56 <DIR> d--hs---- H:\Boot
2099-04-03 13:48 . 2006-11-02 10:53 438,840 -rahs---- H:\bootmgr
2099-04-03 13:48 . 2099-04-03 14:56 8,192 -ra-s---- H:\BOOTSECT.BAK
2009-05-04 17:47 . 2008-06-02 18:43 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\TextPad
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\users\All Users\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\programdata\Malwarebytes
2008-11-08 13:38 . 2008-11-08 13:38 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2008-11-08 13:38 . 2008-10-22 16:10 38,496 --a------ h:\windows\System32\drivers\mbamswissarmy.sys
2008-11-08 13:38 . 2008-10-22 16:10 15,504 --a------ h:\windows\System32\drivers\mbam.sys
2008-11-05 23:52 . 2008-11-05 23:52 <DIR> d-------- h:\users\All Users\KONAMI
2008-11-05 23:52 . 2008-11-05 23:52 <DIR> d-------- h:\programdata\KONAMI
2008-11-05 19:39 . 2008-11-05 19:39 <DIR> d-------- h:\program files\Trend Micro
2008-10-30 15:32 . 2008-10-30 15:32 <DIR> d-------- h:\program files\VirtualDJ
2008-10-30 14:18 . 2008-10-30 14:18 <DIR> d-------- H:\NVIDIA
2008-10-30 13:53 . 2008-10-30 13:53 <DIR> dr------- h:\windows\System32\config\systemprofile\Music
2008-10-29 13:24 . 2007-07-19 18:14 3,727,720 --a------ h:\windows\System32\d3dx9_35.dll
2008-10-27 00:30 . 2008-11-08 13:56 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Dropbox
2008-10-27 00:30 . 2008-10-27 00:30 <DIR> d-------- h:\program files\Dropbox
2008-10-14 23:10 . 2008-10-14 23:10 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\Disney Interactive Studios
2008-10-14 22:54 . 2008-10-14 22:54 <DIR> d-------- h:\program files\Disney Interactive Studios
2008-10-14 22:54 . 2008-07-12 07:18 3,851,784 --a------ h:\windows\System32\D3DX9_39.dll
2008-10-14 22:54 . 2008-07-12 07:18 1,493,528 --a------ h:\windows\System32\D3DCompiler_39.dll
2008-10-14 22:54 . 2008-07-31 09:40 509,448 --a------ h:\windows\System32\XAudio2_2.dll
2008-10-14 22:54 . 2008-07-12 07:18 467,984 --a------ h:\windows\System32\d3dx10_39.dll
2008-10-14 22:54 . 2008-07-31 09:41 238,088 --a------ h:\windows\System32\xactengine3_2.dll
2008-10-14 22:54 . 2008-07-31 09:41 68,616 --a------ h:\windows\System32\XAPOFX1_1.dll
2008-10-14 22:52 . 2008-10-14 23:07 995 --a------ h:\windows\disney.ini
2008-10-13 19:07 . 2008-11-05 20:11 <DIR> d-------- h:\users\Mister Jack\AppData\Roaming\uTorrent
2008-10-13 13:34 . 2008-10-13 13:34 <DIR> d-------- h:\program files\NewTek
2008-10-13 13:34 . 2008-10-13 13:34 1,251,768 --a------ h:\windows\LightWave 3D 9.3 Uninstaller.exe
2008-10-09 22:12 . 2008-10-09 22:13 <DIR> d-------- h:\program files\Adobe Photoshop
2008-10-09 18:22 . 2008-10-09 18:22 <DIR> d-------- h:\program files\Common Files\Control Panels
2008-10-09 17:52 . 2008-06-19 16:24 28,544 --a------ h:\windows\System32\drivers\pavboot.sys
2008-10-09 17:51 . 2008-10-09 17:51 <DIR> d-------- h:\program files\Panda Security

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-04-03 13:08 --------- d-sh--w h:\programdata\Sjablonen
2099-04-03 13:08 --------- d-sh--w h:\programdata\Menu Start
2099-04-03 13:08 --------- d-sh--w h:\programdata\Favorieten
2099-04-03 13:08 --------- d-sh--w h:\programdata\Documenten
2099-04-03 13:08 --------- d-sh--w h:\programdata\Bureaublad
2009-04-27 14:47 --------- d-----w h:\programdata\Microsoft Help
2009-04-27 14:46 --------- d-----w h:\program files\Microsoft Visual Studio 8
2009-04-27 12:07 --------- d-----w h:\program files\Microsoft Visual Studio 9.0
2009-04-27 12:06 --------- d-----w h:\program files\MSBuild
2008-11-08 14:42 70,144 ----a-w h:\windows\System32\kdwez.exe
2008-11-05 22:43 --------- d-----w h:\program files\KONAMI
2008-10-30 13:15 16,608 ----a-w h:\windows\gdrv.sys
2008-10-29 12:25 107,888 ----a-w h:\windows\System32\CmdLineExt.dll
2008-10-29 12:23 22,328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2008-10-29 12:23 22,328 ----a-w h:\users\Mister Jack\AppData\Roaming\PnkBstrK.sys
2008-10-29 12:23 107,832 ----a-w h:\windows\System32\PnkBstrB.exe
2008-10-29 12:22 2,250,024 ----a-w h:\windows\System32\pbsvc.exe
2008-10-29 12:16 --------- d-----w h:\program files\Ubisoft
2008-10-25 14:41 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Apple Computer
2008-10-09 17:51 --------- d-----w h:\programdata\FLEXnet
2008-10-06 18:48 --------- d-----w h:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 18:48 --------- d-----w h:\program files\iPod
2008-10-04 17:16 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Vso
2008-10-04 13:42 --------- d-----w h:\programdata\vsosdk
2008-10-04 13:15 47,360 ----a-w h:\windows\system32\drivers\pcouffin.sys
2008-10-04 13:15 47,360 ----a-w h:\users\Mister Jack\AppData\Roaming\pcouffin.sys
2008-10-04 13:15 --------- d-----w h:\program files\VSO
2008-10-01 11:01 32,000 ----a-w h:\windows\system32\drivers\usbaapl.sys
2008-09-27 11:07 --------- d-----w h:\program files\ImageConverter Plus
2008-09-19 12:19 --------- d-----w h:\program files\Common Files\PX Storage Engine
2008-09-12 09:43 --------- d-----w h:\users\Mister Jack\AppData\Roaming\Hamachi
2008-09-11 16:59 15,440 ----a-w h:\windows\system32\drivers\hamachi.sys
2008-09-11 16:59 --------- d-----w h:\program files\Hamachi
2008-09-10 15:43 --------- d-----w h:\program files\Apple Software Update
2008-09-05 20:16 1,900,544 ----a-w h:\windows\System32\usbaaplrc.dll
2008-08-29 08:18 87,336 ----a-w h:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w h:\windows\System32\dnssd.dll
2008-05-28 19:09 56 ---ha-w h:\users\All Users\ezsidmv.dat
2008-05-28 19:09 56 ---ha-w h:\programdata\ezsidmv.dat
2006-11-02 12:49 174 --sha-w h:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_14.02.51.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w h:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-08 12:55:54 2,048 --sha-w h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-08 14:46:58 2,048 --sha-w h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-08 12:55:54 2,048 --sha-w h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-08 14:46:58 2,048 --sha-w h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-08 12:57:30 262,144 --sha-w h:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-08 14:49:29 262,144 --sha-w h:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-08 14:49:29 262,144 ---ha-w h:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-08 12:57:36 262,144 --sha-w h:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-08 14:49:29 262,144 --sha-w h:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-08 14:49:29 262,144 ---ha-w h:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20 143360 --a------ h:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="h:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="h:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"!AVG Anti-Spyware"="h:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="h:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"SSBkgdUpdate"="h:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"Malwarebytes Anti-Malware (reboot)"="h:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 h:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 h:\windows\SkyTel.exe]

h:\users\Mister Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Dropbox.lnk - h:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]

h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - h:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-05-24 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2F3C7318-7EB0-4403-9375-16D652B61727}i:\\games\\cod4\\iw3mp.exe"= UDP:i:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{D6087E29-F758-412F-B52C-CEAB9A6AE16C}i:\\games\\cod4\\iw3mp.exe"= TCP:i:\games\cod4\iw3mp.exe:iw3mp
"TCP Query User{72BE48E6-E6A5-44CC-A143-9F638587F252}h:\\program files\\bitlord\\bitlord.exe"= UDP:h:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4A034299-19AF-44F2-8292-013E8709FD1E}h:\\program files\\bitlord\\bitlord.exe"= TCP:h:\program files\bitlord\bitlord.exe:BitLord
"{703B02E3-A2EA-48CC-ACEC-98C7B94BF0E8}"= UDP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7CE29DB9-9A1E-416C-9EF5-A5B978A0D338}"= TCP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{115371C0-9F98-4717-9CCF-55066C72E152}"= UDP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{15EE8286-486F-4D2F-BB64-82C905F8BD46}"= TCP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{248AB76C-F3C5-417B-8441-6CD5BE538169}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0CBDDE56-0CD1-455B-9F3B-D06C85016B2B}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

brecko

Legacy Member
"{A08AC129-B8F1-4390-A3BB-1ABD2F4B708A}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C22BABCA-BF07-436F-B301-0A781861DF59}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6A2C9427-DE0C-45C3-ADCA-8B38798C0E94}"= TCP:6004|h:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{846E0A27-371E-4A17-A81F-1D52A31FB1C6}"= UDP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{684E87F7-2A70-41B1-8FA6-0456DB2DCCAD}"= TCP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EB73333-FC27-4C13-98CE-A8DBD5CFEAB8}"= UDP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{087A6F83-F292-4076-BE6F-23D67BBF80A2}"= TCP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E828B60B-45E4-4A1D-986B-D7269B1BB3BF}"= UDP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"{54B88D6D-B619-4C66-A6E9-B0F5F6AF4807}"= TCP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B41E46D8-A57B-4882-838C-266EBAF67E7C}h:\\program files\\gigabyte\\gest\\run.exe"= UDP:h:\program files\gigabyte\gest\run.exe:update
"UDP Query User{3794F18C-8646-45B8-B8C0-D47CFD97211B}h:\\program files\\gigabyte\\gest\\run.exe"= TCP:h:\program files\gigabyte\gest\run.exe:update
"TCP Query User{C9087AA0-0F88-42F1-BF70-CB691B2126D9}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F0E0910A-F771-4BB5-AC85-F41619181E89}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"{4616D9A0-F849-4E5C-B283-6161AFD9CD5B}"= UDP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{4B728A94-B8F2-41C9-915E-69B4D97047E4}"= TCP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{CAEF8D91-F66C-4A43-92D5-8BD066ED0E34}"= UDP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{9AF81978-A19A-46DB-8428-5731EB621A23}"= TCP:h:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{DA27D010-232B-47AD-AD9B-E71D05C9DD66}"= h:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7C38E2FD-1285-4A65-9322-823F7713E53F}h:\\program files\\mozilla firefox\\firefox.exe"= UDP:h:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19852FB5-2F28-4052-A948-E953005C8064}h:\\program files\\mozilla firefox\\firefox.exe"= TCP:h:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0264916-D501-4C52-8D74-37EC3C08E15D}h:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B3DD38AD-A77C-4F78-940B-0FDC57D991CE}h:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{A62355AC-C244-4107-BBA2-B169E8AAC9C9}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{0FD20DE9-534D-4A6B-83A6-E2DA3294A99E}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"{F495EF0E-131D-47F1-A139-3EFDA922C1B2}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{F94D906B-FCC5-47A7-963D-9A652294341A}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B4DA0BF1-6424-4C48-BC7B-C0CD8F3E9B5F}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{9BF12A3E-5322-4B63-AA86-4F437C3C82DF}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{030F13BA-6D84-4289-9DCC-578097ACD2C4}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CC1902E8-C38E-420B-8975-F303F88AF2DB}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{725246E5-8A1C-4C27-8A9A-E37FC4602A3C}l:\\program files\\soulseek\\slsk.exe"= UDP:l:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{CC295CDE-D773-4171-9495-B29D9C0CE1C9}l:\\program files\\soulseek\\slsk.exe"= TCP:l:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{AC99DA82-B50A-4CC7-AF61-31C34C64C68A}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D8DD8E3-0827-47A0-BA6A-FA3873781419}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5DFCDBFD-3E8B-4373-A9E6-66F2E41689DA}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{1C9B813B-E98E-40DA-B29E-891C3A0D2D9F}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{99B3871C-2BBC-4E92-BBF5-6755B89430CC}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= UDP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"UDP Query User{A46F85B8-97CF-46E2-A26D-5610A5292CD4}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= TCP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"TCP Query User{1DCAF861-0E69-4C30-8B60-5EB5A89565D8}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{88857FA2-BDE8-4982-A290-0C4B837E0CFA}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"TCP Query User{7F8288BD-ECCB-464E-9A0A-DBD7EAEE799B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{A3A7F4F4-5E76-4D53-AA92-242C2990259B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"{4361F15F-DB2B-4879-A8EF-C45BFDABA229}"= UDP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B01B4575-12BE-4FDC-91B0-C2DC2269DFB4}"= TCP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1F129AD4-9B93-4086-96D3-0CE36090FBD8}"= UDP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{15F80740-FD42-45AC-BF26-F4F26D829DF5}"= TCP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E109DD35-C231-4397-8F15-A16CFC266E87}"= UDP:h:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{06DD22D4-9447-4F47-802C-283499836E6B}"= TCP:h:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{E4BD0039-DF64-4C3C-8FE9-013AAE1627EC}"= UDP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B484D927-E677-417E-83EF-ACA33E8BD968}"= TCP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{36E7BB45-8FA4-4A2C-BB9C-046AFD28B446}"= UDP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D78C388-3320-4760-B5FD-452F8D74AF97}"= TCP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F57A389B-7498-4C2E-97AE-005CDA1FFF3F}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{831FFDE4-612D-4FA9-986B-707F7E2B2B6B}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{54B14E92-F661-40C0-94BB-66FFD12218F5}h:\\program files\\hamachi\\hamachi.exe"= UDP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3E4A569C-2C69-4611-B7DC-C0834388D85A}h:\\program files\\hamachi\\hamachi.exe"= TCP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{C089C9F5-50DA-4ACA-B9FD-ECA7214D6D45}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{05D4DD74-8032-47BD-83E8-C8626916C947}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{38DD6668-3FB5-4119-9831-10055ADC26F3}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F1D982BE-6C0C-40A8-9CB8-B9FE2FC539CE}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{38AB18AB-7090-4A1D-88B0-7929BAEC4F38}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{E7346ACC-6762-45BF-A63E-EC22DD410738}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{7753DA29-CA9D-4884-B9DB-3C2C458F25C3}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= UDP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{56787688-F8A4-4865-B909-146DA29F5289}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= TCP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{49CA2EFB-13FC-4677-8FEE-562BBBB3958A}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes
"{CDB53DDA-9808-45C1-B169-D7BDD205AA40}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{0C51FDCC-C327-4021-A518-85A845DC1495}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"UDP Query User{637AEE17-ED9B-4095-9107-ABB8B6EDDE4B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"TCP Query User{C3765651-54BB-4563-A954-3786048233FA}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"UDP Query User{D70C8E06-23AB-41A7-B105-9A85347F1D6B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"TCP Query User{FEDC7680-D624-4166-AE8B-7DED401DD8E2}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"UDP Query User{E97F53C1-B8F6-451F-9282-22C534B1AFC5}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"TCP Query User{F08F9E12-953D-4ACC-849A-FED0A7192696}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{8B13990C-BA4F-4BDB-92AA-7CA46597FCED}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"{D5059189-1813-4876-950E-A6197283F1FE}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{C2FCA8AC-49E8-44D6-A5FE-573C1D4A36E6}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{C409BCB5-DB30-4A02-817E-09DACF6A0A06}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{8C2C0E20-219D-4B73-9111-346FD4013CA3}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{67EBE434-B23B-4390-BBEA-D9A28900831C}"= UDP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{D5ED64D5-41A6-4F4F-A2CC-C10308494C48}"= TCP:h:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;h:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\GEST\GSvr.exe [2008-06-14 55816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL q:\resycled\boot.com q:
\shell\Open\command - q:\resycled\boot.com q:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16134ca7-073d-1243-bd85-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b247d84-7204-11dd-a25b-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com k:
\shell\Open\command - k:\resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde26-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde8d-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL q:\resycled\boot.com q:
\shell\Open\command - q:\resycled\boot.com q:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f7-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f9-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - O:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7fb-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - P:\AUTORUN.EXE
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 15:49:37
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll??

scannen van verborgen bestanden ...


h:\windows\TEMP\TMP0000002EE91E3A66ED6384F2

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
h:\windows\System32\nvvsvc.exe
h:\windows\System32\audiodg.exe
h:\windows\System32\rundll32.exe
h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
h:\windows\System32\PnkBstrA.exe
h:\windows\System32\PnkBstrB.exe
h:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
h:\windows\System32\WUDFHost.exe
h:\windows\System32\conime.exe
h:\windows\System32\rundll32.exe
h:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
h:\windows\ehome\ehmsas.exe
h:\windows\System32\wbem\unsecapp.exe
h:\program files\iPod\bin\iPodService.exe
h:\windows\System32\dllhost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-11-08 15:54:31 - machine werd herstart
ComboFix-quarantined-files.txt 2008-11-08 14:54:28
ComboFix2.txt 2008-11-08 13:03:47

Pre-Run: 211.871.596.544 bytes beschikbaar
Post-Run: 212,741,070,848 bytes beschikbaar

378

brecko

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 8/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
H:\Windows\system32\csrss.exe
H:\Windows\system32\wininit.exe
H:\Windows\system32\csrss.exe
H:\Windows\system32\services.exe
H:\Windows\system32\lsass.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\winlogon.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\SLsvc.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\spoolsv.exe
H:\Windows\system32\svchost.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Windows\ehome\ehtray.exe
H:\Windows\ehome\ehmsas.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
h:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
H:\Windows\system32\PnkBstrA.exe
H:\Windows\system32\PnkBstrB.exe
H:\Windows\system32\svchost.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\Windows\system32\svchost.exe
H:\Windows\System32\svchost.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\WUDFHost.exe
H:\Windows\system32\taskeng.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Windows\System32\mobsync.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\system32\conime.exe
H:\Windows\system32\notepad.exe
H:\Windows\Explorer.exe
H:\Windows\system32\wuauclt.exe
H:\Windows\system32\wbem\wmiprvse.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Windows\system32\DllHost.exe
H:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C5A629-ECE0-4E9D-9328-FF8198358692}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe
O23 - Service: Windows Tribute Service - Unknown owner - H:\Windows\system32\kdwez.exe

--
End of file - 10139 bytes

Juisterr

Legacy Member
Je logje is dezelfde als hiervoor, mag ik een heel nieuw gemaakt HJT logje zien aub.

brecko

Legacy Member
Sorry, moest HJT als admin opstarten blijkbaar..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:16, on 10/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Windows\system32\conime.exe
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Windows\ehome\ehmsas.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\Explorer.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Last.fm\LastFM.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\wuauclt.exe
H:\Windows\System32\mobsync.exe
H:\Windows\explorer.exe
H:\Program Files\Adobe Photoshop\Adobe_Photoshop_CS3\Photoshop.exe
H:\Windows\system32\NOTEPAD.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe

--
End of file - 8639 bytes

brecko

Legacy Member
Nope, ik heb de indruk van niet. Internet werkt weer snel.
Ook een vreemde bug in een spel is zelfs verholpen..
Of het daar mee te maken heeft weet ik niet :)

Bedankt!
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan