Archief - Serieuze vertragingen op PC

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

brecko

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:40, on 3/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Windows\RtHDVCpl.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Rainlendar2\Rainlendar2.exe
H:\Program Files\Windows Media Player\wmpnscfg.exe
H:\Windows\ehome\ehmsas.exe
H:\Program Files\Dropbox\Dropbox.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Last.fm\LastFM.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
H:\Windows\system32\wuauclt.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rainlendar2] H:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = H:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - H:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - H:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - H:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - H:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9606 bytes

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

brecko

Legacy Member
ComboFix 09-05-03.1 - Mister Jack 03/05/2009 23:06.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.32.1043.18.2046.948 [GMT 2:00]
Gestart vanuit: h:\users\Mister Jack\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
h:\programdata\Microsoft\Network\Downloader\qmgr0.dat
h:\programdata\Microsoft\Network\Downloader\qmgr1.dat
M:\resycled
N:\resycled
Q:\resycled

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://designer.extrafilm.be
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-03 to 2009-05-03 ))))))))))))))))))))))))))))))
.

2099-06-01 11:29 . 2009-04-24 14:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Microsoft Games
2099-04-03 18:06 . 2008-11-26 23:13 -------- d-----w h:\program files\Activision
2099-04-03 16:19 . 2099-04-03 16:19 -------- d-----w h:\program files\BSPlayer
2099-04-03 16:12 . 2099-04-03 16:12 -------- d-----w h:\users\Mister Jack\AppData\Roaming\Grisoft
2099-04-03 16:12 . 2007-05-30 12:10 10872 ----a-w h:\windows\system32\drivers\AvgAsCln.sys
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\programdata\Grisoft
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\users\All Users\Grisoft
2099-04-03 15:35 . 2008-04-24 12:48 -------- d-----w h:\program files\Windows Live
2099-04-03 15:34 . 2008-12-01 19:48 -------- d-----w h:\program files\iTunes
2099-04-03 15:33 . 2008-09-10 15:44 -------- d-----w h:\program files\Bonjour
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\programdata\WLInstaller
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\users\All Users\WLInstaller
2099-04-03 15:33 . 2008-12-01 20:38 -------- d-----w h:\program files\QuickTime
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\programdata\Apple Computer
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\users\All Users\Apple Computer
2099-04-03 15:33 . 2099-04-03 15:33 -------- d-----w h:\users\Mister Jack\AppData\Local\Apple
2099-04-03 15:32 . 2008-12-01 19:47 -------- d-----w h:\program files\Common Files\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\programdata\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\users\All Users\Apple
2099-04-03 14:18 . 2008-07-22 21:56 -------- d-----w h:\program files\BitLord
2099-04-03 14:11 . 2099-04-03 14:11 -------- d-----w h:\program files\DAEMON Tools Lite
2099-04-03 14:10 . 2099-04-03 14:10 717296 ----a-w h:\windows\system32\drivers\sptd.sys
2099-04-03 14:10 . 2099-04-03 14:10 -------- d-----w h:\users\Mister Jack\AppData\Roaming\DAEMON Tools
2099-04-03 14:08 . 2008-11-23 16:19 -------- d-----w h:\users\Mister Jack\AppData\Local\PunkBuster
2099-04-03 14:05 . 2008-12-20 12:26 -------- d-----w h:\windows\system32\Macromed
2099-04-03 13:56 . 2099-04-03 13:04 -------- d-----w h:\windows\Panther
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\programdata\NVIDIA
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\users\All Users\NVIDIA
2099-04-03 13:54 . 2099-04-03 13:54 -------- d-----w h:\program files\My Company Name
2099-04-03 13:51 . 2099-04-03 13:51 -------- d-----w h:\program files\Google
2099-04-03 13:49 . 2099-04-03 13:49 -------- d-----w h:\users\Mister Jack\AppData\Local\Mozilla
2099-04-03 13:48 . 2009-05-02 11:55 -------- d-sh--w h:\windows\Installer
2099-04-03 13:25 . 2008-06-14 17:06 30008 ----a-w h:\windows\system32\drivers\ET5Drv.sys
2099-04-03 13:22 . 2007-08-20 05:31 151552 ----a-r h:\windows\system32\xRaidAPI.dll
2099-04-03 13:22 . 2007-08-29 08:55 1966080 ----a-r h:\windows\system32\xRaidSetup.exe
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w H:\RaidTool
2099-04-03 13:22 . 2007-09-29 05:30 65024 ----a-w h:\windows\system32\drivers\jraid.sys
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\users\Mister Jack\{a1bd05e3-43f1-442e-8aa4-fd06be53b582}
2099-04-03 13:22 . 2006-08-30 04:33 319984 ----a-r h:\windows\system32\DifxApi.dll
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\windows\RaidTool
2099-04-03 13:21 . 2099-04-03 13:21 -------- d-----w h:\users\Mister Jack\AppData\Roaming\InstallShield
2099-04-03 13:19 . 2099-04-03 13:19 -------- d-----w h:\windows\system32\RTCOM
2099-04-03 13:17 . 2007-07-25 01:33 135168 ----a-w h:\windows\system32\SRSWOW.dll
2099-04-03 13:17 . 2006-12-13 02:30 339968 ----a-w h:\windows\system32\SRSTSXT.dll
2099-04-03 13:17 . 2007-05-17 03:26 185776 ----a-w h:\windows\system32\SRSTSHD.dll
2099-04-03 13:17 . 2007-04-16 09:09 167936 ----a-w h:\windows\system32\SRSHP360.dll
2099-04-03 13:17 . 2007-09-12 05:29 23040 ----a-w h:\windows\system32\RtkCoInst.dll
2099-04-03 13:17 . 2007-08-22 11:37 564736 ----a-w h:\windows\system32\RtkPgExt.dll
2099-04-03 13:17 . 2007-03-23 07:34 266240 ----a-w h:\windows\system32\RtkApoApi.dll
2099-04-03 13:17 . 2007-08-31 07:36 2087936 ----a-w h:\windows\system32\RtkAPO.dll
2099-04-03 13:17 . 2007-09-19 06:50 4702208 ----a-w h:\windows\RtHDVCpl.exe
2099-04-03 13:17 . 2007-09-19 09:11 1959832 ----a-w h:\windows\system32\drivers\RTKVHDA.sys
2099-04-03 13:17 . 2007-07-30 10:26 126976 ----a-w h:\windows\system32\maxxaudioapo.dll
2099-04-03 13:17 . 2099-04-03 13:22 -------- d-----w h:\program files\Realtek
2099-04-03 13:14 . 2007-07-26 14:15 53248 ----a-w h:\windows\system32\CSVer.dll
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w H:\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\GIGABYTE
2099-04-03 13:14 . 2009-05-02 12:01 -------- d--h--w h:\program files\InstallShield Installation Information
2099-04-03 13:14 . 2008-06-14 16:58 -------- d-----w h:\program files\Common Files\InstallShield
2099-04-03 13:10 . 2009-02-15 15:47 127176 ----a-w h:\users\Mister Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2099-04-03 13:08 . 2099-04-03 13:08 -------- d-sh--w h:\programdata\Sjablonen
2099-04-03 13:07 . 2099-04-03 13:07 -------- d-----r h:\windows\system32\config\systemprofile\Contacts
2099-04-03 12:59 . 2009-04-09 20:15 -------- d-----w h:\windows\system32\catroot2
2099-04-03 12:58 . 2099-04-03 13:08 -------- d-----w h:\windows\Debug
2099-04-03 12:48 . 2099-04-03 13:56 -------- d-sh--w H:\Boot
2009-05-04 16:47 . 2008-06-02 17:43 -------- d-----w h:\users\Mister Jack\AppData\Roaming\TextPad
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\programdata\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\All Users\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\Mister Jack\AppData\Local\TVU Networks
2009-04-30 12:09 . 2009-04-30 12:09 -------- d-----w h:\users\Mister Jack\DoctorWeb
2009-04-17 13:23 . 2009-04-17 13:23 -------- d-----w h:\users\Mister Jack\AppData\Local\EA Games
2009-04-17 13:11 . 2009-04-17 13:11 7064 ----a-w h:\windows\system32\ealregsnapshot1.reg
2009-04-17 13:11 . 2009-04-17 13:11 -------- d-----w h:\users\Mister Jack\AppData\Local\Downloaded Installations
2009-04-17 12:36 . 2009-04-17 13:04 -------- d-----w h:\program files\The Godfather II
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\programdata\Electronic Arts
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\users\All Users\Electronic Arts
2009-04-17 12:14 . 2008-10-10 02:52 2036576 ----a-w h:\windows\system32\D3DCompiler_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 452440 ----a-w h:\windows\system32\d3dx10_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 4379984 ----a-w h:\windows\system32\D3DX9_40.dll
2009-04-12 17:30 . 2009-04-12 17:30 -------- d-----w h:\users\Mister Jack\AppData\Local\PC
2009-04-12 17:30 . 2009-04-12 17:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Wheelman
2009-04-12 12:14 . 2009-04-12 12:14 -------- d-----w h:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 11:20 . 2006-11-02 16:18 745746 ----a-w h:\windows\system32\perfh013.dat
2009-05-03 11:20 . 2006-11-02 16:18 144852 ----a-w h:\windows\system32\perfc013.dat
2009-05-03 11:18 . 2009-01-18 14:58 -------- d-----w h:\program files\Common Files\Steam
2009-05-03 11:17 . 2009-01-18 14:58 -------- d-----w h:\program files\Steam
2009-05-03 11:15 . 2006-11-02 13:00 6 ---ha-w h:\windows\Tasks\SA.DAT
2009-05-02 12:01 . 2008-04-05 14:08 -------- d-----w h:\program files\Electronic Arts
2009-04-27 14:46 . 2008-04-07 17:24 -------- d-----w h:\program files\Microsoft Visual Studio 8
2009-04-21 14:14 . 2008-11-08 12:38 -------- d-----w h:\program files\Malwarebytes' Anti-Malware
2009-04-17 12:14 . 2008-04-14 17:01 -------- d-----w h:\program files\EA GAMES
2009-04-06 13:32 . 2008-11-08 12:38 38496 ----a-w h:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-08 12:38 15504 ----a-w h:\windows\system32\drivers\mbam.sys
2009-03-30 12:01 . 2008-06-07 11:22 -------- d-----w h:\program files\Last.fm
2009-03-30 10:48 . 2099-04-03 13:09 1356 ----a-w h:\users\Mister Jack\AppData\Local\d3d9caps.dat
2009-03-11 22:34 . 2008-04-04 10:09 22328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2009-03-11 22:33 . 2008-04-04 10:09 107832 ----a-w h:\windows\system32\PnkBstrB.exe
2009-02-14 16:13 . 2009-02-14 16:13 97800 ----a-w h:\windows\system32\infocardapi.dll
2009-02-14 16:13 . 2009-02-14 16:13 622080 ----a-w h:\windows\system32\icardagt.exe
2009-02-14 16:13 . 2009-02-14 16:13 11264 ----a-w h:\windows\system32\icardres.dll
2009-02-14 16:13 . 2009-02-14 16:13 105016 ----a-w h:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 781344 ----a-w h:\windows\system32\PresentationNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 43544 ----a-w h:\windows\system32\PresentationHostProxy.dll
2009-02-14 16:13 . 2009-02-14 16:13 326160 ----a-w h:\windows\system32\PresentationHost.exe
2009-02-14 15:59 . 2009-02-14 15:59 96760 ----a-w h:\windows\system32\dfshim.dll
2009-02-14 15:59 . 2009-02-14 15:59 41984 ----a-w h:\windows\system32\netfxperf.dll
2009-02-14 15:59 . 2009-02-14 15:59 282112 ----a-w h:\windows\system32\mscoree.dll
2009-02-14 15:59 . 2009-02-14 15:59 83968 ----a-w h:\windows\system32\mscories.dll
2009-02-14 15:59 . 2009-02-14 15:59 158720 ----a-w h:\windows\system32\mscorier.dll
2006-11-02 12:49 . 2006-11-02 12:49 174 --sha-w h:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

brecko

Legacy Member
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="h:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Rainlendar2"="h:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Steam"="h:\program files\Steam\Steam.exe" [2009-01-18 1410296]
"WMPNSCFG"="h:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="h:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"!AVG Anti-Spyware"="h:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="h:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"SSBkgdUpdate"="h:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Malwarebytes Anti-Malware (reboot)"="h:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" - h:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - h:\windows\SkyTel.exe [2007-08-03 1826816]

h:\users\Mister Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - h:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - h:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-5-24 25214]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2F3C7318-7EB0-4403-9375-16D652B61727}i:\\games\\cod4\\iw3mp.exe"= UDP:i:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{D6087E29-F758-412F-B52C-CEAB9A6AE16C}i:\\games\\cod4\\iw3mp.exe"= TCP:i:\games\cod4\iw3mp.exe:iw3mp
"TCP Query User{72BE48E6-E6A5-44CC-A143-9F638587F252}h:\\program files\\bitlord\\bitlord.exe"= UDP:h:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4A034299-19AF-44F2-8292-013E8709FD1E}h:\\program files\\bitlord\\bitlord.exe"= TCP:h:\program files\bitlord\bitlord.exe:BitLord
"{703B02E3-A2EA-48CC-ACEC-98C7B94BF0E8}"= UDP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7CE29DB9-9A1E-416C-9EF5-A5B978A0D338}"= TCP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{115371C0-9F98-4717-9CCF-55066C72E152}"= UDP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{15EE8286-486F-4D2F-BB64-82C905F8BD46}"= TCP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{248AB76C-F3C5-417B-8441-6CD5BE538169}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0CBDDE56-0CD1-455B-9F3B-D06C85016B2B}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A08AC129-B8F1-4390-A3BB-1ABD2F4B708A}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C22BABCA-BF07-436F-B301-0A781861DF59}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6A2C9427-DE0C-45C3-ADCA-8B38798C0E94}"= TCP:6004|h:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{846E0A27-371E-4A17-A81F-1D52A31FB1C6}"= UDP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{684E87F7-2A70-41B1-8FA6-0456DB2DCCAD}"= TCP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EB73333-FC27-4C13-98CE-A8DBD5CFEAB8}"= UDP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{087A6F83-F292-4076-BE6F-23D67BBF80A2}"= TCP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E828B60B-45E4-4A1D-986B-D7269B1BB3BF}"= UDP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"{54B88D6D-B619-4C66-A6E9-B0F5F6AF4807}"= TCP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B41E46D8-A57B-4882-838C-266EBAF67E7C}h:\\program files\\gigabyte\\gest\\run.exe"= UDP:h:\program files\gigabyte\gest\run.exe:update
"UDP Query User{3794F18C-8646-45B8-B8C0-D47CFD97211B}h:\\program files\\gigabyte\\gest\\run.exe"= TCP:h:\program files\gigabyte\gest\run.exe:update
"TCP Query User{C9087AA0-0F88-42F1-BF70-CB691B2126D9}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F0E0910A-F771-4BB5-AC85-F41619181E89}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"{DA27D010-232B-47AD-AD9B-E71D05C9DD66}"= h:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7C38E2FD-1285-4A65-9322-823F7713E53F}h:\\program files\\mozilla firefox\\firefox.exe"= UDP:h:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19852FB5-2F28-4052-A948-E953005C8064}h:\\program files\\mozilla firefox\\firefox.exe"= TCP:h:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0264916-D501-4C52-8D74-37EC3C08E15D}h:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B3DD38AD-A77C-4F78-940B-0FDC57D991CE}h:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{A62355AC-C244-4107-BBA2-B169E8AAC9C9}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{0FD20DE9-534D-4A6B-83A6-E2DA3294A99E}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"{F495EF0E-131D-47F1-A139-3EFDA922C1B2}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{F94D906B-FCC5-47A7-963D-9A652294341A}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B4DA0BF1-6424-4C48-BC7B-C0CD8F3E9B5F}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{9BF12A3E-5322-4B63-AA86-4F437C3C82DF}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{030F13BA-6D84-4289-9DCC-578097ACD2C4}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CC1902E8-C38E-420B-8975-F303F88AF2DB}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{725246E5-8A1C-4C27-8A9A-E37FC4602A3C}l:\\program files\\soulseek\\slsk.exe"= UDP:l:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{CC295CDE-D773-4171-9495-B29D9C0CE1C9}l:\\program files\\soulseek\\slsk.exe"= TCP:l:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{AC99DA82-B50A-4CC7-AF61-31C34C64C68A}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D8DD8E3-0827-47A0-BA6A-FA3873781419}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5DFCDBFD-3E8B-4373-A9E6-66F2E41689DA}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{1C9B813B-E98E-40DA-B29E-891C3A0D2D9F}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{99B3871C-2BBC-4E92-BBF5-6755B89430CC}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= UDP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"UDP Query User{A46F85B8-97CF-46E2-A26D-5610A5292CD4}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= TCP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"TCP Query User{1DCAF861-0E69-4C30-8B60-5EB5A89565D8}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{88857FA2-BDE8-4982-A290-0C4B837E0CFA}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"TCP Query User{7F8288BD-ECCB-464E-9A0A-DBD7EAEE799B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{A3A7F4F4-5E76-4D53-AA92-242C2990259B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"{4361F15F-DB2B-4879-A8EF-C45BFDABA229}"= UDP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B01B4575-12BE-4FDC-91B0-C2DC2269DFB4}"= TCP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1F129AD4-9B93-4086-96D3-0CE36090FBD8}"= UDP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{15F80740-FD42-45AC-BF26-F4F26D829DF5}"= TCP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E4BD0039-DF64-4C3C-8FE9-013AAE1627EC}"= UDP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B484D927-E677-417E-83EF-ACA33E8BD968}"= TCP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{36E7BB45-8FA4-4A2C-BB9C-046AFD28B446}"= UDP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D78C388-3320-4760-B5FD-452F8D74AF97}"= TCP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F57A389B-7498-4C2E-97AE-005CDA1FFF3F}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{831FFDE4-612D-4FA9-986B-707F7E2B2B6B}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{54B14E92-F661-40C0-94BB-66FFD12218F5}h:\\program files\\hamachi\\hamachi.exe"= UDP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3E4A569C-2C69-4611-B7DC-C0834388D85A}h:\\program files\\hamachi\\hamachi.exe"= TCP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{C089C9F5-50DA-4ACA-B9FD-ECA7214D6D45}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{05D4DD74-8032-47BD-83E8-C8626916C947}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{38DD6668-3FB5-4119-9831-10055ADC26F3}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F1D982BE-6C0C-40A8-9CB8-B9FE2FC539CE}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{38AB18AB-7090-4A1D-88B0-7929BAEC4F38}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{E7346ACC-6762-45BF-A63E-EC22DD410738}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{7753DA29-CA9D-4884-B9DB-3C2C458F25C3}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= UDP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{56787688-F8A4-4865-B909-146DA29F5289}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= TCP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{0C51FDCC-C327-4021-A518-85A845DC1495}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"UDP Query User{637AEE17-ED9B-4095-9107-ABB8B6EDDE4B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"TCP Query User{C3765651-54BB-4563-A954-3786048233FA}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"UDP Query User{D70C8E06-23AB-41A7-B105-9A85347F1D6B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"TCP Query User{FEDC7680-D624-4166-AE8B-7DED401DD8E2}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"UDP Query User{E97F53C1-B8F6-451F-9282-22C534B1AFC5}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"TCP Query User{F08F9E12-953D-4ACC-849A-FED0A7192696}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{8B13990C-BA4F-4BDB-92AA-7CA46597FCED}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"{A711EC67-D91F-4ADB-8DCA-E8C2F80520C3}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{470BEB62-28F9-471E-92A6-179DD8EF60A2}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{467B0F4C-97DF-422F-BCB0-19654BD2E65F}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1E562899-B3B1-4274-BE12-4182B2875809}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{4F03CCE1-2E05-403E-8D3B-04BDACD830BC}"= UDP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{39C497E6-B76B-4308-BC0A-03588578CED7}"= TCP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{5D59F9FF-3364-465C-A2CA-EA224404A4CD}"= UDP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{56F3028E-E8A1-49D9-B755-C06DBCF50E3C}"= TCP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{9462BE42-100E-48ED-B76C-B6FCB29FABAB}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes
"{5636228D-2368-45CE-BCBA-D3A33DE5E7AD}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C1A1145A-E771-42FB-ABDC-18A0684B0ACB}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DD7E311D-2776-486C-B515-D60616E8C989}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{052D71C6-7927-4A4F-807F-05F68F68AFEC}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= UDP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"UDP Query User{90EF3AAA-2054-494D-BCF9-5D20EE903968}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= TCP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"TCP Query User{4A5CF36A-3C88-4B30-9905-903CDE6E2D54}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= UDP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"UDP Query User{70CECCBB-B80D-482B-B9AB-9108C7A4C4CE}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= TCP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"{2E0C2DA5-3C22-4B1E-A2E0-10114FD40071}"= UDP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CF736CD4-258C-4AD3-BCD4-D3E6A264AB55}"= TCP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F8416B54-282B-4072-9FAB-5557E009445C}"= UDP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05B0B89B-4FE4-46B4-9D1B-0C21209DF13E}"= TCP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BB2BF83C-484D-43F3-9E65-7D541D0E8FBA}"= UDP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{9EA89AC5-CBEB-4C62-B0B6-565E521AEB30}"= TCP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"TCP Query User{E0B0020B-A011-4C49-9CC8-A1C8D111DB1B}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{72009B21-A152-4002-8048-0BDAA9E3413C}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"TCP Query User{82B1986E-E838-4DDA-B2D9-DC1911F54A58}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{46CB7554-A4F8-4CF3-BBE1-4D85D1940B5C}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{C8D3F9D6-DCEB-4085-AF20-032C250F3421}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{2A76A17F-BC37-4936-99A2-23E608C8CDED}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{CD84CCD5-8217-4BEF-8699-86354A7423B4}"= UDP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{5BA18E52-8607-47DB-A0E7-0FA4E9F3E9AC}"= TCP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{E03A3BBA-C8EA-4FDF-BD2C-4FC964198059}h:\\program files\\codemasters\\grid\\grid.exe"= UDP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"UDP Query User{10B8F2D5-84C9-4408-A02F-C9BE0D868072}h:\\program files\\codemasters\\grid\\grid.exe"= TCP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"{361012DF-4724-4BFC-8BF5-D8607C328A4D}"= UDP:h:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B68810EF-6A5A-4B0E-9C4C-2DC4B03D71FB}"= TCP:h:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{11DC2C2C-B347-438C-8590-02D18F9BBD5F}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= UDP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"UDP Query User{18DEF511-36DA-41A6-9883-31D4BD1A507D}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= TCP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"TCP Query User{675189A6-B9DA-4F9A-9B43-A9C316EC3FAD}h:\\program files\\itunes\\itunes.exe"= UDP:h:\program files\itunes\itunes.exe:iTunes
"UDP Query User{09BEC613-0039-47F7-88B1-4E406242774E}h:\\program files\\itunes\\itunes.exe"= TCP:h:\program files\itunes\itunes.exe:iTunes
"TCP Query User{08C434E2-A1DE-4DA3-8761-924C2EE814EE}h:\\program files\\utorrent\\utorrent.exe"= UDP:h:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3533973F-9900-4EA8-BD7E-A4417E8CC3CC}h:\\program files\\utorrent\\utorrent.exe"= TCP:h:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\GEST\GSvr.exe [2008-06-14 55816]
R3 gwiopm;gwiopm;h:\program files\Unknown Device Identifier\gwiopm.sys [1998-06-03 3904]
S0 pavboot;pavboot;h:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{101dba37-d014-11dd-9ad1-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b247d84-7204-11dd-a25b-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde26-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f9-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - O:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7fb-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - P:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faff1d8b-aff6-11dd-8423-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = Telenet
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - h:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 4
FF - component: h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\extensions\[email protected]\components\piclensstub.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 23:11
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,8a,72,d5,5a,1c,82,59,c1,7c,a2,e2,c3,4f,7f,e1,b5,d4,07,1d,5b,d2,44,
e4,18,a4,7b,21,14,1f,2f,fe,da,07,4f,62,e2,2b,e2,07,99,07,b1,cd,c5,20,35,b1,\
"??"=hex:2f,40,de,c4,41,ee,68,aa,40,1c,a3,ec,e7,26,cc,e0

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,a7,9d,7d,65,df,be,2d,01,98,42,d4,5c,f8,eb,27,e4,54,81,a9,ca,
ff,5d,9b,0d,a5,34,41,ea,a4,50,87,11,7b,b7,89,be,50,f5,88,ac,7d,14,85,4d,41,\
"rkeysecu"=hex:ab,0b,33,51,eb,2e,5b,63,52,60,d5,0a,61,6b,51,04
.
Voltooingstijd: 2009-05-03 23:13
ComboFix-quarantined-files.txt 2009-05-03 21:12
ComboFix2.txt 2008-11-08 14:54
ComboFix3.txt 2008-11-08 13:03

Pre-Run: 31.338.307.584 bytes beschikbaar
Post-Run: 109.942.108.160 bytes beschikbaar

407

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{101dba37-d014-11dd-9ad1-001d7daf2a01}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3b247d84-7204-11dd-a25b-001d7daf2a01}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{601dde26-0747-1243-ac5d-001d7daf2a01}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca27b7f9-0a06-11dd-8b1b-001d7daf2a01}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca27b7fb-0a06-11dd-8b1b-001d7daf2a01}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{faff1d8b-aff6-11dd-8423-001d7daf2a01}]


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
CFScript.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

brecko

Legacy Member
ComboFix 09-05-03.6 - Mister Jack 04/05/2009 21:17.5 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.32.1043.18.2046.1075 [GMT 2:00]
Gestart vanuit: h:\users\Mister Jack\Desktop\ComboFix.exe
gebruikte Opdracht switches :: h:\users\Mister Jack\Desktop\CFScript.txt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-04 to 2009-05-04 ))))))))))))))))))))))))))))))
.

2099-06-01 11:29 . 2009-04-24 14:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Microsoft Games
2099-04-03 18:06 . 2008-11-26 23:13 -------- d-----w h:\program files\Activision
2099-04-03 16:19 . 2099-04-03 16:19 -------- d-----w h:\program files\BSPlayer
2099-04-03 16:12 . 2099-04-03 16:12 -------- d-----w h:\users\Mister Jack\AppData\Roaming\Grisoft
2099-04-03 16:12 . 2007-05-30 12:10 10872 ----a-w h:\windows\system32\drivers\AvgAsCln.sys
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\programdata\Grisoft
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\users\All Users\Grisoft
2099-04-03 15:35 . 2008-04-24 12:48 -------- d-----w h:\program files\Windows Live
2099-04-03 15:34 . 2008-12-01 19:48 -------- d-----w h:\program files\iTunes
2099-04-03 15:33 . 2008-09-10 15:44 -------- d-----w h:\program files\Bonjour
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\programdata\WLInstaller
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\users\All Users\WLInstaller
2099-04-03 15:33 . 2008-12-01 20:38 -------- d-----w h:\program files\QuickTime
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\programdata\Apple Computer
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\users\All Users\Apple Computer
2099-04-03 15:33 . 2099-04-03 15:33 -------- d-----w h:\users\Mister Jack\AppData\Local\Apple
2099-04-03 15:32 . 2008-12-01 19:47 -------- d-----w h:\program files\Common Files\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\programdata\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\users\All Users\Apple
2099-04-03 14:18 . 2008-07-22 21:56 -------- d-----w h:\program files\BitLord
2099-04-03 14:11 . 2099-04-03 14:11 -------- d-----w h:\program files\DAEMON Tools Lite
2099-04-03 14:10 . 2099-04-03 14:10 717296 ----a-w h:\windows\system32\drivers\sptd.sys
2099-04-03 14:10 . 2099-04-03 14:10 -------- d-----w h:\users\Mister Jack\AppData\Roaming\DAEMON Tools
2099-04-03 14:08 . 2008-11-23 16:19 -------- d-----w h:\users\Mister Jack\AppData\Local\PunkBuster
2099-04-03 14:05 . 2008-12-20 12:26 -------- d-----w h:\windows\system32\Macromed
2099-04-03 13:56 . 2099-04-03 13:04 -------- d-----w h:\windows\Panther
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\programdata\NVIDIA
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\users\All Users\NVIDIA
2099-04-03 13:54 . 2099-04-03 13:54 -------- d-----w h:\program files\My Company Name
2099-04-03 13:51 . 2099-04-03 13:51 -------- d-----w h:\program files\Google
2099-04-03 13:49 . 2099-04-03 13:49 -------- d-----w h:\users\Mister Jack\AppData\Local\Mozilla
2099-04-03 13:48 . 2009-05-02 11:55 -------- d-sh--w h:\windows\Installer
2099-04-03 13:25 . 2008-06-14 17:06 30008 ----a-w h:\windows\system32\drivers\ET5Drv.sys
2099-04-03 13:22 . 2007-08-20 05:31 151552 ----a-r h:\windows\system32\xRaidAPI.dll
2099-04-03 13:22 . 2007-08-29 08:55 1966080 ----a-r h:\windows\system32\xRaidSetup.exe
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w H:\RaidTool
2099-04-03 13:22 . 2007-09-29 05:30 65024 ----a-w h:\windows\system32\drivers\jraid.sys
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\users\Mister Jack\{a1bd05e3-43f1-442e-8aa4-fd06be53b582}
2099-04-03 13:22 . 2006-08-30 04:33 319984 ----a-r h:\windows\system32\DifxApi.dll
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\windows\RaidTool
2099-04-03 13:21 . 2099-04-03 13:21 -------- d-----w h:\users\Mister Jack\AppData\Roaming\InstallShield
2099-04-03 13:19 . 2099-04-03 13:19 -------- d-----w h:\windows\system32\RTCOM
2099-04-03 13:17 . 2007-07-25 01:33 135168 ----a-w h:\windows\system32\SRSWOW.dll
2099-04-03 13:17 . 2006-12-13 02:30 339968 ----a-w h:\windows\system32\SRSTSXT.dll
2099-04-03 13:17 . 2007-05-17 03:26 185776 ----a-w h:\windows\system32\SRSTSHD.dll
2099-04-03 13:17 . 2007-04-16 09:09 167936 ----a-w h:\windows\system32\SRSHP360.dll
2099-04-03 13:17 . 2007-09-12 05:29 23040 ----a-w h:\windows\system32\RtkCoInst.dll
2099-04-03 13:17 . 2007-08-22 11:37 564736 ----a-w h:\windows\system32\RtkPgExt.dll
2099-04-03 13:17 . 2007-03-23 07:34 266240 ----a-w h:\windows\system32\RtkApoApi.dll
2099-04-03 13:17 . 2007-08-31 07:36 2087936 ----a-w h:\windows\system32\RtkAPO.dll
2099-04-03 13:17 . 2007-09-19 06:50 4702208 ----a-w h:\windows\RtHDVCpl.exe
2099-04-03 13:17 . 2007-09-19 09:11 1959832 ----a-w h:\windows\system32\drivers\RTKVHDA.sys
2099-04-03 13:17 . 2007-07-30 10:26 126976 ----a-w h:\windows\system32\maxxaudioapo.dll
2099-04-03 13:17 . 2099-04-03 13:22 -------- d-----w h:\program files\Realtek
2099-04-03 13:14 . 2007-07-26 14:15 53248 ----a-w h:\windows\system32\CSVer.dll
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w H:\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\GIGABYTE
2099-04-03 13:14 . 2009-05-02 12:01 -------- d--h--w h:\program files\InstallShield Installation Information
2099-04-03 13:14 . 2008-06-14 16:58 -------- d-----w h:\program files\Common Files\InstallShield
2099-04-03 13:10 . 2009-02-15 15:47 127176 ----a-w h:\users\Mister Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2099-04-03 13:08 . 2099-04-03 13:08 -------- d-sh--w h:\programdata\Sjablonen
2099-04-03 13:07 . 2099-04-03 13:07 -------- d-----r h:\windows\system32\config\systemprofile\Contacts
2099-04-03 12:59 . 2009-04-09 20:15 -------- d-----w h:\windows\system32\catroot2
2099-04-03 12:58 . 2099-04-03 13:08 -------- d-----w h:\windows\Debug
2099-04-03 12:48 . 2099-04-03 13:56 -------- d-sh--w H:\Boot
2009-05-04 16:47 . 2008-06-02 17:43 -------- d-----w h:\users\Mister Jack\AppData\Roaming\TextPad
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\programdata\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\All Users\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\Mister Jack\AppData\Local\TVU Networks
2009-04-30 12:09 . 2009-04-30 12:09 -------- d-----w h:\users\Mister Jack\DoctorWeb
2009-04-17 13:23 . 2009-04-17 13:23 -------- d-----w h:\users\Mister Jack\AppData\Local\EA Games
2009-04-17 13:11 . 2009-04-17 13:11 7064 ----a-w h:\windows\system32\ealregsnapshot1.reg
2009-04-17 13:11 . 2009-04-17 13:11 -------- d-----w h:\users\Mister Jack\AppData\Local\Downloaded Installations
2009-04-17 12:36 . 2009-04-17 13:04 -------- d-----w h:\program files\The Godfather II
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\programdata\Electronic Arts
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\users\All Users\Electronic Arts
2009-04-17 12:14 . 2008-10-10 02:52 2036576 ----a-w h:\windows\system32\D3DCompiler_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 452440 ----a-w h:\windows\system32\d3dx10_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 4379984 ----a-w h:\windows\system32\D3DX9_40.dll
2009-04-12 17:30 . 2009-04-12 17:30 -------- d-----w h:\users\Mister Jack\AppData\Local\PC
2009-04-12 17:30 . 2009-04-12 17:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Wheelman
2009-04-12 12:14 . 2009-04-12 12:14 -------- d-----w h:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 21:24 . 2006-11-02 16:18 745746 ----a-w h:\windows\system32\perfh013.dat
2009-05-03 21:24 . 2006-11-02 16:18 144852 ----a-w h:\windows\system32\perfc013.dat
2009-05-03 21:21 . 2009-01-18 14:58 -------- d-----w h:\program files\Common Files\Steam
2009-05-03 21:19 . 2009-01-18 14:58 -------- d-----w h:\program files\Steam
2009-05-02 12:01 . 2008-04-05 14:08 -------- d-----w h:\program files\Electronic Arts
2009-04-27 14:46 . 2008-04-07 17:24 -------- d-----w h:\program files\Microsoft Visual Studio 8
2009-04-21 14:14 . 2008-11-08 12:38 -------- d-----w h:\program files\Malwarebytes' Anti-Malware
2009-04-17 12:14 . 2008-04-14 17:01 -------- d-----w h:\program files\EA GAMES
2009-04-06 13:32 . 2008-11-08 12:38 38496 ----a-w h:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-08 12:38 15504 ----a-w h:\windows\system32\drivers\mbam.sys
2009-03-30 12:01 . 2008-06-07 11:22 -------- d-----w h:\program files\Last.fm
2009-03-30 10:48 . 2099-04-03 13:09 1356 ----a-w h:\users\Mister Jack\AppData\Local\d3d9caps.dat
2009-03-11 22:34 . 2008-04-04 10:09 22328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2009-03-11 22:33 . 2008-04-04 10:09 107832 ----a-w h:\windows\system32\PnkBstrB.exe
2009-02-14 16:13 . 2009-02-14 16:13 97800 ----a-w h:\windows\system32\infocardapi.dll
2009-02-14 16:13 . 2009-02-14 16:13 622080 ----a-w h:\windows\system32\icardagt.exe
2009-02-14 16:13 . 2009-02-14 16:13 11264 ----a-w h:\windows\system32\icardres.dll
2009-02-14 16:13 . 2009-02-14 16:13 105016 ----a-w h:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 781344 ----a-w h:\windows\system32\PresentationNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 43544 ----a-w h:\windows\system32\PresentationHostProxy.dll
2009-02-14 16:13 . 2009-02-14 16:13 326160 ----a-w h:\windows\system32\PresentationHost.exe
2009-02-14 15:59 . 2009-02-14 15:59 96760 ----a-w h:\windows\system32\dfshim.dll
2009-02-14 15:59 . 2009-02-14 15:59 41984 ----a-w h:\windows\system32\netfxperf.dll
2009-02-14 15:59 . 2009-02-14 15:59 282112 ----a-w h:\windows\system32\mscoree.dll
2009-02-14 15:59 . 2009-02-14 15:59 83968 ----a-w h:\windows\system32\mscories.dll
2009-02-14 15:59 . 2009-02-14 15:59 158720 ----a-w h:\windows\system32\mscorier.dll
2006-11-02 12:49 . 2006-11-02 12:49 174 --sha-w h:\program files\desktop.ini
.

brecko

Legacy Member
((((((((((((((((((((((((((((( SnapShot@2009-05-03_21.11.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2099-04-03 13:18 . 2009-05-03 21:23 53858 h:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-05-03 21:23 76946 h:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2099-04-03 13:11 . 2009-05-03 21:23 11298 h:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1037789980-1614441686-2393366311-1000_UserData.bin
- 2099-04-03 13:11 . 2009-05-03 11:18 11298 h:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1037789980-1614441686-2393366311-1000_UserData.bin
+ 2008-10-13 13:40 . 2009-05-03 21:15 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-13 13:40 . 2008-10-13 13:40 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-13 13:40 . 2009-05-03 21:15 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-13 13:40 . 2008-10-13 13:40 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-13 13:40 . 2008-10-13 13:40 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-13 13:40 . 2009-05-03 21:15 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 17:07 . 2009-05-03 11:14 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-03 21:18 . 2009-05-03 21:18 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-21 17:07 . 2009-05-03 11:14 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-03 21:18 . 2009-05-03 21:18 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-03 21:24 664980 h:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-03 11:20 664980 h:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-03 21:24 125058 h:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-03 11:20 125058 h:\windows\System32\perfc009.dat

brecko

Legacy Member
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="h:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Rainlendar2"="h:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Steam"="h:\program files\Steam\Steam.exe" [2009-01-18 1410296]
"WMPNSCFG"="h:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

brecko

Legacy Member
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="h:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"!AVG Anti-Spyware"="h:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="h:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"SSBkgdUpdate"="h:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Malwarebytes Anti-Malware (reboot)"="h:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" - h:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - h:\windows\SkyTel.exe [2007-08-03 1826816]

h:\users\Mister Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - h:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - h:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-5-24 25214]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2F3C7318-7EB0-4403-9375-16D652B61727}i:\\games\\cod4\\iw3mp.exe"= UDP:i:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{D6087E29-F758-412F-B52C-CEAB9A6AE16C}i:\\games\\cod4\\iw3mp.exe"= TCP:i:\games\cod4\iw3mp.exe:iw3mp
"TCP Query User{72BE48E6-E6A5-44CC-A143-9F638587F252}h:\\program files\\bitlord\\bitlord.exe"= UDP:h:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4A034299-19AF-44F2-8292-013E8709FD1E}h:\\program files\\bitlord\\bitlord.exe"= TCP:h:\program files\bitlord\bitlord.exe:BitLord
"{703B02E3-A2EA-48CC-ACEC-98C7B94BF0E8}"= UDP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7CE29DB9-9A1E-416C-9EF5-A5B978A0D338}"= TCP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{115371C0-9F98-4717-9CCF-55066C72E152}"= UDP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{15EE8286-486F-4D2F-BB64-82C905F8BD46}"= TCP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{248AB76C-F3C5-417B-8441-6CD5BE538169}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0CBDDE56-0CD1-455B-9F3B-D06C85016B2B}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A08AC129-B8F1-4390-A3BB-1ABD2F4B708A}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C22BABCA-BF07-436F-B301-0A781861DF59}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6A2C9427-DE0C-45C3-ADCA-8B38798C0E94}"= TCP:6004|h:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{846E0A27-371E-4A17-A81F-1D52A31FB1C6}"= UDP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{684E87F7-2A70-41B1-8FA6-0456DB2DCCAD}"= TCP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EB73333-FC27-4C13-98CE-A8DBD5CFEAB8}"= UDP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{087A6F83-F292-4076-BE6F-23D67BBF80A2}"= TCP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E828B60B-45E4-4A1D-986B-D7269B1BB3BF}"= UDP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"{54B88D6D-B619-4C66-A6E9-B0F5F6AF4807}"= TCP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B41E46D8-A57B-4882-838C-266EBAF67E7C}h:\\program files\\gigabyte\\gest\\run.exe"= UDP:h:\program files\gigabyte\gest\run.exe:update
"UDP Query User{3794F18C-8646-45B8-B8C0-D47CFD97211B}h:\\program files\\gigabyte\\gest\\run.exe"= TCP:h:\program files\gigabyte\gest\run.exe:update
"TCP Query User{C9087AA0-0F88-42F1-BF70-CB691B2126D9}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F0E0910A-F771-4BB5-AC85-F41619181E89}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"{DA27D010-232B-47AD-AD9B-E71D05C9DD66}"= h:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7C38E2FD-1285-4A65-9322-823F7713E53F}h:\\program files\\mozilla firefox\\firefox.exe"= UDP:h:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19852FB5-2F28-4052-A948-E953005C8064}h:\\program files\\mozilla firefox\\firefox.exe"= TCP:h:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0264916-D501-4C52-8D74-37EC3C08E15D}h:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B3DD38AD-A77C-4F78-940B-0FDC57D991CE}h:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{A62355AC-C244-4107-BBA2-B169E8AAC9C9}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{0FD20DE9-534D-4A6B-83A6-E2DA3294A99E}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"{F495EF0E-131D-47F1-A139-3EFDA922C1B2}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{F94D906B-FCC5-47A7-963D-9A652294341A}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B4DA0BF1-6424-4C48-BC7B-C0CD8F3E9B5F}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{9BF12A3E-5322-4B63-AA86-4F437C3C82DF}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{030F13BA-6D84-4289-9DCC-578097ACD2C4}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CC1902E8-C38E-420B-8975-F303F88AF2DB}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{725246E5-8A1C-4C27-8A9A-E37FC4602A3C}l:\\program files\\soulseek\\slsk.exe"= UDP:l:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{CC295CDE-D773-4171-9495-B29D9C0CE1C9}l:\\program files\\soulseek\\slsk.exe"= TCP:l:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{AC99DA82-B50A-4CC7-AF61-31C34C64C68A}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D8DD8E3-0827-47A0-BA6A-FA3873781419}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5DFCDBFD-3E8B-4373-A9E6-66F2E41689DA}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{1C9B813B-E98E-40DA-B29E-891C3A0D2D9F}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{99B3871C-2BBC-4E92-BBF5-6755B89430CC}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= UDP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"UDP Query User{A46F85B8-97CF-46E2-A26D-5610A5292CD4}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= TCP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"TCP Query User{1DCAF861-0E69-4C30-8B60-5EB5A89565D8}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{88857FA2-BDE8-4982-A290-0C4B837E0CFA}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"TCP Query User{7F8288BD-ECCB-464E-9A0A-DBD7EAEE799B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{A3A7F4F4-5E76-4D53-AA92-242C2990259B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"{4361F15F-DB2B-4879-A8EF-C45BFDABA229}"= UDP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B01B4575-12BE-4FDC-91B0-C2DC2269DFB4}"= TCP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1F129AD4-9B93-4086-96D3-0CE36090FBD8}"= UDP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{15F80740-FD42-45AC-BF26-F4F26D829DF5}"= TCP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E4BD0039-DF64-4C3C-8FE9-013AAE1627EC}"= UDP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B484D927-E677-417E-83EF-ACA33E8BD968}"= TCP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{36E7BB45-8FA4-4A2C-BB9C-046AFD28B446}"= UDP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D78C388-3320-4760-B5FD-452F8D74AF97}"= TCP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F57A389B-7498-4C2E-97AE-005CDA1FFF3F}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{831FFDE4-612D-4FA9-986B-707F7E2B2B6B}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{54B14E92-F661-40C0-94BB-66FFD12218F5}h:\\program files\\hamachi\\hamachi.exe"= UDP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3E4A569C-2C69-4611-B7DC-C0834388D85A}h:\\program files\\hamachi\\hamachi.exe"= TCP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{C089C9F5-50DA-4ACA-B9FD-ECA7214D6D45}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{05D4DD74-8032-47BD-83E8-C8626916C947}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{38DD6668-3FB5-4119-9831-10055ADC26F3}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F1D982BE-6C0C-40A8-9CB8-B9FE2FC539CE}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{38AB18AB-7090-4A1D-88B0-7929BAEC4F38}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{E7346ACC-6762-45BF-A63E-EC22DD410738}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{7753DA29-CA9D-4884-B9DB-3C2C458F25C3}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= UDP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{56787688-F8A4-4865-B909-146DA29F5289}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= TCP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{0C51FDCC-C327-4021-A518-85A845DC1495}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"UDP Query User{637AEE17-ED9B-4095-9107-ABB8B6EDDE4B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"TCP Query User{C3765651-54BB-4563-A954-3786048233FA}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"UDP Query User{D70C8E06-23AB-41A7-B105-9A85347F1D6B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"TCP Query User{FEDC7680-D624-4166-AE8B-7DED401DD8E2}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"UDP Query User{E97F53C1-B8F6-451F-9282-22C534B1AFC5}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"TCP Query User{F08F9E12-953D-4ACC-849A-FED0A7192696}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{8B13990C-BA4F-4BDB-92AA-7CA46597FCED}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"{A711EC67-D91F-4ADB-8DCA-E8C2F80520C3}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{470BEB62-28F9-471E-92A6-179DD8EF60A2}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{467B0F4C-97DF-422F-BCB0-19654BD2E65F}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1E562899-B3B1-4274-BE12-4182B2875809}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{4F03CCE1-2E05-403E-8D3B-04BDACD830BC}"= UDP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{39C497E6-B76B-4308-BC0A-03588578CED7}"= TCP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{5D59F9FF-3364-465C-A2CA-EA224404A4CD}"= UDP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{56F3028E-E8A1-49D9-B755-C06DBCF50E3C}"= TCP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{9462BE42-100E-48ED-B76C-B6FCB29FABAB}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes
"{5636228D-2368-45CE-BCBA-D3A33DE5E7AD}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C1A1145A-E771-42FB-ABDC-18A0684B0ACB}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DD7E311D-2776-486C-B515-D60616E8C989}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{052D71C6-7927-4A4F-807F-05F68F68AFEC}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= UDP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"UDP Query User{90EF3AAA-2054-494D-BCF9-5D20EE903968}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= TCP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"TCP Query User{4A5CF36A-3C88-4B30-9905-903CDE6E2D54}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= UDP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"UDP Query User{70CECCBB-B80D-482B-B9AB-9108C7A4C4CE}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= TCP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"{2E0C2DA5-3C22-4B1E-A2E0-10114FD40071}"= UDP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CF736CD4-258C-4AD3-BCD4-D3E6A264AB55}"= TCP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F8416B54-282B-4072-9FAB-5557E009445C}"= UDP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05B0B89B-4FE4-46B4-9D1B-0C21209DF13E}"= TCP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BB2BF83C-484D-43F3-9E65-7D541D0E8FBA}"= UDP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{9EA89AC5-CBEB-4C62-B0B6-565E521AEB30}"= TCP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"TCP Query User{E0B0020B-A011-4C49-9CC8-A1C8D111DB1B}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{72009B21-A152-4002-8048-0BDAA9E3413C}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"TCP Query User{82B1986E-E838-4DDA-B2D9-DC1911F54A58}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{46CB7554-A4F8-4CF3-BBE1-4D85D1940B5C}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{C8D3F9D6-DCEB-4085-AF20-032C250F3421}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{2A76A17F-BC37-4936-99A2-23E608C8CDED}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{CD84CCD5-8217-4BEF-8699-86354A7423B4}"= UDP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{5BA18E52-8607-47DB-A0E7-0FA4E9F3E9AC}"= TCP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{E03A3BBA-C8EA-4FDF-BD2C-4FC964198059}h:\\program files\\codemasters\\grid\\grid.exe"= UDP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"UDP Query User{10B8F2D5-84C9-4408-A02F-C9BE0D868072}h:\\program files\\codemasters\\grid\\grid.exe"= TCP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"{361012DF-4724-4BFC-8BF5-D8607C328A4D}"= UDP:h:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B68810EF-6A5A-4B0E-9C4C-2DC4B03D71FB}"= TCP:h:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{11DC2C2C-B347-438C-8590-02D18F9BBD5F}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= UDP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"UDP Query User{18DEF511-36DA-41A6-9883-31D4BD1A507D}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= TCP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"TCP Query User{675189A6-B9DA-4F9A-9B43-A9C316EC3FAD}h:\\program files\\itunes\\itunes.exe"= UDP:h:\program files\itunes\itunes.exe:iTunes
"UDP Query User{09BEC613-0039-47F7-88B1-4E406242774E}h:\\program files\\itunes\\itunes.exe"= TCP:h:\program files\itunes\itunes.exe:iTunes
"TCP Query User{08C434E2-A1DE-4DA3-8761-924C2EE814EE}h:\\program files\\utorrent\\utorrent.exe"= UDP:h:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3533973F-9900-4EA8-BD7E-A4417E8CC3CC}h:\\program files\\utorrent\\utorrent.exe"= TCP:h:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\GEST\GSvr.exe [2008-06-14 55816]
R3 gwiopm;gwiopm;h:\program files\Unknown Device Identifier\gwiopm.sys [1998-06-03 3904]
S0 pavboot;pavboot;h:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{101dba37-d014-11dd-9ad1-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b247d84-7204-11dd-a25b-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601dde26-0747-1243-ac5d-001d7daf2a01}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7f9-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - O:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b7fb-0a06-11dd-8b1b-001d7daf2a01}]
\shell\AutoRun\command - P:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faff1d8b-aff6-11dd-8423-001d7daf2a01}]
\shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
\shell\Open\command - resycled\boot.com k:
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = Telenet
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - h:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 4
FF - component: h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\extensions\[email protected]\components\piclensstub.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 21:21
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,8a,72,d5,5a,1c,82,59,c1,7c,a2,e2,c3,4f,7f,e1,b5,d4,07,1d,5b,d2,44,
e4,18,a4,7b,21,14,1f,2f,fe,da,07,4f,62,e2,2b,e2,07,99,07,b1,cd,c5,20,35,b1,\
"??"=hex:2f,40,de,c4,41,ee,68,aa,40,1c,a3,ec,e7,26,cc,e0

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,a7,9d,7d,65,df,be,2d,01,98,42,d4,5c,f8,eb,27,e4,54,81,a9,ca,
ff,5d,9b,0d,a5,34,41,ea,a4,50,87,11,7b,b7,89,be,50,f5,88,ac,7d,14,85,4d,41,\
"rkeysecu"=hex:ab,0b,33,51,eb,2e,5b,63,52,60,d5,0a,61,6b,51,04
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2956)
h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
h:\program files\TortoiseSVN\bin\TortoiseStub.dll
h:\program files\TortoiseSVN\bin\TortoiseSVN.dll
h:\program files\TortoiseSVN\bin\intl3_tsvn.dll
h:\program files\Dropbox\DropboxExt.dll
h:\windows\System32\cscui.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
h:\windows\system32\imapi2.dll
h:\program files\Bonjour\mdnsNSP.dll
.
Voltooingstijd: 2009-05-04 21:23
ComboFix-quarantined-files.txt 2009-05-04 19:22
ComboFix2.txt 2009-05-03 21:13
ComboFix3.txt 2008-11-08 14:54
ComboFix4.txt 2008-11-08 13:03

Pre-Run: 103.713.787.904 bytes beschikbaar
Post-Run: 103.721.857.024 bytes beschikbaar

430

Juisterr

Legacy Member
wil je de fix nog eens doen maar let dan op dat je de spatie even weghaalt.

curre ntversion

moet zijn
currentversion

brecko

Legacy Member
ComboFix 09-05-04.A1 - Mister Jack 05/05/2009 16:01.6 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.32.1043.18.2046.1058 [GMT 2:00]
Gestart vanuit: h:\users\Mister Jack\Desktop\ComboFix.exe
gebruikte Opdracht switches :: h:\users\Mister Jack\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\users\Mister Jack\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0007\~de7b92.tmp
h:\users\Mister Jack\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0007\~df394b.tmp
h:\users\Mister Jack\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0008\~df394b.tmp
h:\users\MISTER~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0007\~de7b92.tmp
h:\users\MISTER~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0007\~df394b.tmp
h:\users\MISTER~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0008\~df394b.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))
.

2099-06-01 11:29 . 2009-04-24 14:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Microsoft Games
2099-04-03 18:06 . 2008-11-26 23:13 -------- d-----w h:\program files\Activision
2099-04-03 16:19 . 2099-04-03 16:19 -------- d-----w h:\program files\BSPlayer
2099-04-03 16:12 . 2099-04-03 16:12 -------- d-----w h:\users\Mister Jack\AppData\Roaming\Grisoft
2099-04-03 16:12 . 2007-05-30 12:10 10872 ----a-w h:\windows\system32\drivers\AvgAsCln.sys
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\programdata\Grisoft
2099-04-03 16:11 . 2099-04-03 16:12 -------- d-----w h:\users\All Users\Grisoft
2099-04-03 15:35 . 2008-04-24 12:48 -------- d-----w h:\program files\Windows Live
2099-04-03 15:34 . 2008-12-01 19:48 -------- d-----w h:\program files\iTunes
2099-04-03 15:33 . 2008-09-10 15:44 -------- d-----w h:\program files\Bonjour
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\programdata\WLInstaller
2099-04-03 15:33 . 2008-04-24 12:44 -------- d-----w h:\users\All Users\WLInstaller
2099-04-03 15:33 . 2008-12-01 20:38 -------- d-----w h:\program files\QuickTime
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\programdata\Apple Computer
2099-04-03 15:33 . 2008-10-21 12:38 -------- d-----w h:\users\All Users\Apple Computer
2099-04-03 15:33 . 2099-04-03 15:33 -------- d-----w h:\users\Mister Jack\AppData\Local\Apple
2099-04-03 15:32 . 2008-12-01 19:47 -------- d-----w h:\program files\Common Files\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\programdata\Apple
2099-04-03 15:32 . 2099-04-03 15:32 -------- d-----w h:\users\All Users\Apple
2099-04-03 14:18 . 2008-07-22 21:56 -------- d-----w h:\program files\BitLord
2099-04-03 14:11 . 2099-04-03 14:11 -------- d-----w h:\program files\DAEMON Tools Lite
2099-04-03 14:10 . 2099-04-03 14:10 717296 ----a-w h:\windows\system32\drivers\sptd.sys
2099-04-03 14:10 . 2099-04-03 14:10 -------- d-----w h:\users\Mister Jack\AppData\Roaming\DAEMON Tools
2099-04-03 14:08 . 2008-11-23 16:19 -------- d-----w h:\users\Mister Jack\AppData\Local\PunkBuster
2099-04-03 14:05 . 2008-12-20 12:26 -------- d-----w h:\windows\system32\Macromed
2099-04-03 13:56 . 2099-04-03 13:04 -------- d-----w h:\windows\Panther
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\programdata\NVIDIA
2099-04-03 13:56 . 2009-01-10 00:13 -------- d-----w h:\users\All Users\NVIDIA
2099-04-03 13:54 . 2099-04-03 13:54 -------- d-----w h:\program files\My Company Name
2099-04-03 13:51 . 2099-04-03 13:51 -------- d-----w h:\program files\Google
2099-04-03 13:49 . 2099-04-03 13:49 -------- d-----w h:\users\Mister Jack\AppData\Local\Mozilla
2099-04-03 13:48 . 2009-05-02 11:55 -------- d-sh--w h:\windows\Installer
2099-04-03 13:25 . 2008-06-14 17:06 30008 ----a-w h:\windows\system32\drivers\ET5Drv.sys
2099-04-03 13:22 . 2007-08-20 05:31 151552 ----a-r h:\windows\system32\xRaidAPI.dll
2099-04-03 13:22 . 2007-08-29 08:55 1966080 ----a-r h:\windows\system32\xRaidSetup.exe
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w H:\RaidTool
2099-04-03 13:22 . 2007-09-29 05:30 65024 ----a-w h:\windows\system32\drivers\jraid.sys
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\users\Mister Jack\{a1bd05e3-43f1-442e-8aa4-fd06be53b582}
2099-04-03 13:22 . 2006-08-30 04:33 319984 ----a-r h:\windows\system32\DifxApi.dll
2099-04-03 13:22 . 2099-04-03 13:22 -------- d-----w h:\windows\RaidTool
2099-04-03 13:21 . 2099-04-03 13:21 -------- d-----w h:\users\Mister Jack\AppData\Roaming\InstallShield
2099-04-03 13:19 . 2099-04-03 13:19 -------- d-----w h:\windows\system32\RTCOM
2099-04-03 13:17 . 2007-07-25 01:33 135168 ----a-w h:\windows\system32\SRSWOW.dll
2099-04-03 13:17 . 2006-12-13 02:30 339968 ----a-w h:\windows\system32\SRSTSXT.dll
2099-04-03 13:17 . 2007-05-17 03:26 185776 ----a-w h:\windows\system32\SRSTSHD.dll
2099-04-03 13:17 . 2007-04-16 09:09 167936 ----a-w h:\windows\system32\SRSHP360.dll
2099-04-03 13:17 . 2007-09-12 05:29 23040 ----a-w h:\windows\system32\RtkCoInst.dll
2099-04-03 13:17 . 2007-08-22 11:37 564736 ----a-w h:\windows\system32\RtkPgExt.dll
2099-04-03 13:17 . 2007-03-23 07:34 266240 ----a-w h:\windows\system32\RtkApoApi.dll
2099-04-03 13:17 . 2007-08-31 07:36 2087936 ----a-w h:\windows\system32\RtkAPO.dll
2099-04-03 13:17 . 2007-09-19 06:50 4702208 ----a-w h:\windows\RtHDVCpl.exe
2099-04-03 13:17 . 2007-09-19 09:11 1959832 ----a-w h:\windows\system32\drivers\RTKVHDA.sys
2099-04-03 13:17 . 2007-07-30 10:26 126976 ----a-w h:\windows\system32\maxxaudioapo.dll
2099-04-03 13:17 . 2099-04-03 13:22 -------- d-----w h:\program files\Realtek
2099-04-03 13:14 . 2007-07-26 14:15 53248 ----a-w h:\windows\system32\CSVer.dll
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w H:\Intel
2099-04-03 13:14 . 2099-04-03 13:14 -------- d-----w h:\program files\GIGABYTE
2099-04-03 13:14 . 2009-05-02 12:01 -------- d--h--w h:\program files\InstallShield Installation Information
2099-04-03 13:14 . 2008-06-14 16:58 -------- d-----w h:\program files\Common Files\InstallShield
2099-04-03 13:10 . 2009-02-15 15:47 127176 ----a-w h:\users\Mister Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2099-04-03 13:08 . 2099-04-03 13:08 -------- d-sh--w h:\programdata\Sjablonen
2099-04-03 13:07 . 2099-04-03 13:07 -------- d-----r h:\windows\system32\config\systemprofile\Contacts
2099-04-03 12:59 . 2009-04-09 20:15 -------- d-----w h:\windows\system32\catroot2
2099-04-03 12:58 . 2099-04-03 13:08 -------- d-----w h:\windows\Debug
2099-04-03 12:48 . 2099-04-03 13:56 -------- d-sh--w H:\Boot
2009-05-04 16:47 . 2008-06-02 17:43 -------- d-----w h:\users\Mister Jack\AppData\Roaming\TextPad
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\programdata\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\All Users\TVU Networks
2009-05-02 19:20 . 2009-05-02 19:20 -------- d-----w h:\users\Mister Jack\AppData\Local\TVU Networks
2009-04-30 12:09 . 2009-04-30 12:09 -------- d-----w h:\users\Mister Jack\DoctorWeb
2009-04-17 13:23 . 2009-04-17 13:23 -------- d-----w h:\users\Mister Jack\AppData\Local\EA Games
2009-04-17 13:11 . 2009-04-17 13:11 7064 ----a-w h:\windows\system32\ealregsnapshot1.reg
2009-04-17 13:11 . 2009-04-17 13:11 -------- d-----w h:\users\Mister Jack\AppData\Local\Downloaded Installations
2009-04-17 12:36 . 2009-04-17 13:04 -------- d-----w h:\program files\The Godfather II
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\programdata\Electronic Arts
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w h:\users\All Users\Electronic Arts
2009-04-17 12:14 . 2008-10-10 02:52 2036576 ----a-w h:\windows\system32\D3DCompiler_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 452440 ----a-w h:\windows\system32\d3dx10_40.dll
2009-04-17 12:14 . 2008-10-10 02:52 4379984 ----a-w h:\windows\system32\D3DX9_40.dll
2009-04-12 17:30 . 2009-04-12 17:30 -------- d-----w h:\users\Mister Jack\AppData\Local\PC
2009-04-12 17:30 . 2009-04-12 17:43 -------- d-----w h:\users\Mister Jack\AppData\Local\Wheelman
2009-04-12 12:14 . 2009-04-12 12:14 -------- d-----w h:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 14:11 . 2009-01-18 14:58 -------- d-----w h:\program files\Steam
2009-05-03 21:24 . 2006-11-02 16:18 745746 ----a-w h:\windows\system32\perfh013.dat
2009-05-03 21:24 . 2006-11-02 16:18 144852 ----a-w h:\windows\system32\perfc013.dat
2009-05-03 21:21 . 2009-01-18 14:58 -------- d-----w h:\program files\Common Files\Steam
2009-05-02 12:01 . 2008-04-05 14:08 -------- d-----w h:\program files\Electronic Arts
2009-04-27 14:46 . 2008-04-07 17:24 -------- d-----w h:\program files\Microsoft Visual Studio 8
2009-04-21 14:14 . 2008-11-08 12:38 -------- d-----w h:\program files\Malwarebytes' Anti-Malware
2009-04-17 12:14 . 2008-04-14 17:01 -------- d-----w h:\program files\EA GAMES
2009-04-06 13:32 . 2008-11-08 12:38 38496 ----a-w h:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-08 12:38 15504 ----a-w h:\windows\system32\drivers\mbam.sys
2009-03-30 12:01 . 2008-06-07 11:22 -------- d-----w h:\program files\Last.fm
2009-03-30 10:48 . 2099-04-03 13:09 1356 ----a-w h:\users\Mister Jack\AppData\Local\d3d9caps.dat
2009-03-11 22:34 . 2008-04-04 10:09 22328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2009-03-11 22:33 . 2008-04-04 10:09 107832 ----a-w h:\windows\system32\PnkBstrB.exe
2009-02-14 16:13 . 2009-02-14 16:13 97800 ----a-w h:\windows\system32\infocardapi.dll
2009-02-14 16:13 . 2009-02-14 16:13 622080 ----a-w h:\windows\system32\icardagt.exe
2009-02-14 16:13 . 2009-02-14 16:13 11264 ----a-w h:\windows\system32\icardres.dll
2009-02-14 16:13 . 2009-02-14 16:13 105016 ----a-w h:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 781344 ----a-w h:\windows\system32\PresentationNative_v0300.dll
2009-02-14 16:13 . 2009-02-14 16:13 43544 ----a-w h:\windows\system32\PresentationHostProxy.dll
2009-02-14 16:13 . 2009-02-14 16:13 326160 ----a-w h:\windows\system32\PresentationHost.exe
2009-02-14 15:59 . 2009-02-14 15:59 96760 ----a-w h:\windows\system32\dfshim.dll
2009-02-14 15:59 . 2009-02-14 15:59 41984 ----a-w h:\windows\system32\netfxperf.dll
2009-02-14 15:59 . 2009-02-14 15:59 282112 ----a-w h:\windows\system32\mscoree.dll
2009-02-14 15:59 . 2009-02-14 15:59 83968 ----a-w h:\windows\system32\mscories.dll
2009-02-14 15:59 . 2009-02-14 15:59 158720 ----a-w h:\windows\system32\mscorier.dll
2006-11-02 12:49 . 2006-11-02 12:49 174 --sha-w h:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-03_21.11.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2099-04-03 13:18 . 2009-05-05 14:11 54312 h:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-05-05 14:11 77056 h:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2099-04-03 13:11 . 2009-05-05 14:11 11424 h:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1037789980-1614441686-2393366311-1000_UserData.bin
- 2008-10-13 13:40 . 2008-10-13 13:40 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-13 13:40 . 2009-05-03 21:15 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-13 13:40 . 2009-05-03 21:15 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-13 13:40 . 2008-10-13 13:40 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-13 13:40 . 2008-10-13 13:40 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-13 13:40 . 2009-05-03 21:15 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 17:07 . 2009-05-03 11:14 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-05 14:07 . 2009-05-05 14:07 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-21 17:07 . 2009-05-03 11:14 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-05 14:07 . 2009-05-05 14:07 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-03 21:24 664980 h:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-03 11:20 664980 h:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-03 21:24 125058 h:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-03 11:20 125058 h:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w h:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="h:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Rainlendar2"="h:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Steam"="h:\program files\Steam\Steam.exe" [2009-01-18 1410296]
"WMPNSCFG"="h:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

brecko

Legacy Member
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="h:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"!AVG Anti-Spyware"="h:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="h:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"SSBkgdUpdate"="h:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Malwarebytes Anti-Malware (reboot)"="h:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" - h:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - h:\windows\SkyTel.exe [2007-08-03 1826816]

h:\users\Mister Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - h:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - h:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-5-24 25214]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2F3C7318-7EB0-4403-9375-16D652B61727}i:\\games\\cod4\\iw3mp.exe"= UDP:i:\games\cod4\iw3mp.exe:iw3mp
"UDP Query User{D6087E29-F758-412F-B52C-CEAB9A6AE16C}i:\\games\\cod4\\iw3mp.exe"= TCP:i:\games\cod4\iw3mp.exe:iw3mp
"TCP Query User{72BE48E6-E6A5-44CC-A143-9F638587F252}h:\\program files\\bitlord\\bitlord.exe"= UDP:h:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4A034299-19AF-44F2-8292-013E8709FD1E}h:\\program files\\bitlord\\bitlord.exe"= TCP:h:\program files\bitlord\bitlord.exe:BitLord
"{703B02E3-A2EA-48CC-ACEC-98C7B94BF0E8}"= UDP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7CE29DB9-9A1E-416C-9EF5-A5B978A0D338}"= TCP:h:\windows\System32\PnkBstrA.exe:PnkBstrA
"{115371C0-9F98-4717-9CCF-55066C72E152}"= UDP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{15EE8286-486F-4D2F-BB64-82C905F8BD46}"= TCP:h:\windows\System32\PnkBstrB.exe:PnkBstrB
"{248AB76C-F3C5-417B-8441-6CD5BE538169}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0CBDDE56-0CD1-455B-9F3B-D06C85016B2B}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A08AC129-B8F1-4390-A3BB-1ABD2F4B708A}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C22BABCA-BF07-436F-B301-0A781861DF59}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6A2C9427-DE0C-45C3-ADCA-8B38798C0E94}"= TCP:6004|h:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{846E0A27-371E-4A17-A81F-1D52A31FB1C6}"= UDP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{684E87F7-2A70-41B1-8FA6-0456DB2DCCAD}"= TCP:h:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EB73333-FC27-4C13-98CE-A8DBD5CFEAB8}"= UDP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{087A6F83-F292-4076-BE6F-23D67BBF80A2}"= TCP:h:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E828B60B-45E4-4A1D-986B-D7269B1BB3BF}"= UDP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"{54B88D6D-B619-4C66-A6E9-B0F5F6AF4807}"= TCP:h:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B41E46D8-A57B-4882-838C-266EBAF67E7C}h:\\program files\\gigabyte\\gest\\run.exe"= UDP:h:\program files\gigabyte\gest\run.exe:update
"UDP Query User{3794F18C-8646-45B8-B8C0-D47CFD97211B}h:\\program files\\gigabyte\\gest\\run.exe"= TCP:h:\program files\gigabyte\gest\run.exe:update
"TCP Query User{C9087AA0-0F88-42F1-BF70-CB691B2126D9}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F0E0910A-F771-4BB5-AC85-F41619181E89}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever
"{DA27D010-232B-47AD-AD9B-E71D05C9DD66}"= h:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7C38E2FD-1285-4A65-9322-823F7713E53F}h:\\program files\\mozilla firefox\\firefox.exe"= UDP:h:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19852FB5-2F28-4052-A948-E953005C8064}h:\\program files\\mozilla firefox\\firefox.exe"= TCP:h:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0264916-D501-4C52-8D74-37EC3C08E15D}h:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B3DD38AD-A77C-4F78-940B-0FDC57D991CE}h:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:h:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{A62355AC-C244-4107-BBA2-B169E8AAC9C9}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{0FD20DE9-534D-4A6B-83A6-E2DA3294A99E}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"{F495EF0E-131D-47F1-A139-3EFDA922C1B2}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{F94D906B-FCC5-47A7-963D-9A652294341A}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B4DA0BF1-6424-4C48-BC7B-C0CD8F3E9B5F}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{9BF12A3E-5322-4B63-AA86-4F437C3C82DF}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{030F13BA-6D84-4289-9DCC-578097ACD2C4}"= UDP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CC1902E8-C38E-420B-8975-F303F88AF2DB}"= TCP:h:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{725246E5-8A1C-4C27-8A9A-E37FC4602A3C}l:\\program files\\soulseek\\slsk.exe"= UDP:l:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{CC295CDE-D773-4171-9495-B29D9C0CE1C9}l:\\program files\\soulseek\\slsk.exe"= TCP:l:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{AC99DA82-B50A-4CC7-AF61-31C34C64C68A}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D8DD8E3-0827-47A0-BA6A-FA3873781419}h:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:h:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5DFCDBFD-3E8B-4373-A9E6-66F2E41689DA}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{1C9B813B-E98E-40DA-B29E-891C3A0D2D9F}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{99B3871C-2BBC-4E92-BBF5-6755B89430CC}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= UDP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"UDP Query User{A46F85B8-97CF-46E2-A26D-5610A5292CD4}h:\\program files\\ea sports\\nba live 08\\nbalive08.exe"= TCP:h:\program files\ea sports\nba live 08\nbalive08.exe:NBA LIVE 08
"TCP Query User{1DCAF861-0E69-4C30-8B60-5EB5A89565D8}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{88857FA2-BDE8-4982-A290-0C4B837E0CFA}h:\\users\\mister jack\\desktop\\[pc] team fortress 2 [newest] [vo0]\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\[pc] team fortress 2 [newest] [vo0]\team fortress 2\hl2.exe:hl2.exe
"TCP Query User{7F8288BD-ECCB-464E-9A0A-DBD7EAEE799B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= UDP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"UDP Query User{A3A7F4F4-5E76-4D53-AA92-242C2990259B}h:\\users\\mister jack\\desktop\\team fortress 2\\hl2.exe"= TCP:h:\users\mister jack\desktop\team fortress 2\hl2.exe:hl2.exe
"{4361F15F-DB2B-4879-A8EF-C45BFDABA229}"= UDP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B01B4575-12BE-4FDC-91B0-C2DC2269DFB4}"= TCP:h:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1F129AD4-9B93-4086-96D3-0CE36090FBD8}"= UDP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{15F80740-FD42-45AC-BF26-F4F26D829DF5}"= TCP:h:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E4BD0039-DF64-4C3C-8FE9-013AAE1627EC}"= UDP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B484D927-E677-417E-83EF-ACA33E8BD968}"= TCP:h:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{36E7BB45-8FA4-4A2C-BB9C-046AFD28B446}"= UDP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D78C388-3320-4760-B5FD-452F8D74AF97}"= TCP:h:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F57A389B-7498-4C2E-97AE-005CDA1FFF3F}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{831FFDE4-612D-4FA9-986B-707F7E2B2B6B}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{54B14E92-F661-40C0-94BB-66FFD12218F5}h:\\program files\\hamachi\\hamachi.exe"= UDP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3E4A569C-2C69-4611-B7DC-C0834388D85A}h:\\program files\\hamachi\\hamachi.exe"= TCP:h:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{C089C9F5-50DA-4ACA-B9FD-ECA7214D6D45}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{05D4DD74-8032-47BD-83E8-C8626916C947}h:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:h:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{38DD6668-3FB5-4119-9831-10055ADC26F3}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F1D982BE-6C0C-40A8-9CB8-B9FE2FC539CE}h:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:h:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{38AB18AB-7090-4A1D-88B0-7929BAEC4F38}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{E7346ACC-6762-45BF-A63E-EC22DD410738}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{7753DA29-CA9D-4884-B9DB-3C2C458F25C3}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= UDP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{56787688-F8A4-4865-B909-146DA29F5289}h:\\program files\\adobe\\flex builder 3\\jre\\bin\\javaw.exe"= TCP:h:\program files\adobe\flex builder 3\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{0C51FDCC-C327-4021-A518-85A845DC1495}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"UDP Query User{637AEE17-ED9B-4095-9107-ABB8B6EDDE4B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\hub.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\hub.exe:hub
"TCP Query User{C3765651-54BB-4563-A954-3786048233FA}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"UDP Query User{D70C8E06-23AB-41A7-B105-9A85347F1D6B}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\modeler.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\modeler.exe:modeler
"TCP Query User{FEDC7680-D624-4166-AE8B-7DED401DD8E2}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= UDP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"UDP Query User{E97F53C1-B8F6-451F-9282-22C534B1AFC5}h:\\program files\\newtek\\lightwave 3d 9.3\\programs\\lightwav.exe"= TCP:h:\program files\newtek\lightwave 3d 9.3\programs\lightwav.exe:lightwav
"TCP Query User{F08F9E12-953D-4ACC-849A-FED0A7192696}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{8B13990C-BA4F-4BDB-92AA-7CA46597FCED}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"{A711EC67-D91F-4ADB-8DCA-E8C2F80520C3}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{470BEB62-28F9-471E-92A6-179DD8EF60A2}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{467B0F4C-97DF-422F-BCB0-19654BD2E65F}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1E562899-B3B1-4274-BE12-4182B2875809}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{4F03CCE1-2E05-403E-8D3B-04BDACD830BC}"= UDP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{39C497E6-B76B-4308-BC0A-03588578CED7}"= TCP:h:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{5D59F9FF-3364-465C-A2CA-EA224404A4CD}"= UDP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{56F3028E-E8A1-49D9-B755-C06DBCF50E3C}"= TCP:h:\program files\Codemasters\GRID\GRID.exe:GRID
"{9462BE42-100E-48ED-B76C-B6FCB29FABAB}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes
"{5636228D-2368-45CE-BCBA-D3A33DE5E7AD}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C1A1145A-E771-42FB-ABDC-18A0684B0ACB}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DD7E311D-2776-486C-B515-D60616E8C989}h:\\program files\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:h:\program files\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{052D71C6-7927-4A4F-807F-05F68F68AFEC}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= UDP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"UDP Query User{90EF3AAA-2054-494D-BCF9-5D20EE903968}h:\\program files\\stylus studio 2009 xml home edition\\bin\\struzzo.exe"= TCP:h:\program files\stylus studio 2009 xml home edition\bin\struzzo.exe:Stylus Studio
"TCP Query User{4A5CF36A-3C88-4B30-9905-903CDE6E2D54}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= UDP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"UDP Query User{70CECCBB-B80D-482B-B9AB-9108C7A4C4CE}h:\\program files\\adobe\\adobe flash cs3\\flash.exe"= TCP:h:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"{2E0C2DA5-3C22-4B1E-A2E0-10114FD40071}"= UDP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CF736CD4-258C-4AD3-BCD4-D3E6A264AB55}"= TCP:h:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F8416B54-282B-4072-9FAB-5557E009445C}"= UDP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05B0B89B-4FE4-46B4-9D1B-0C21209DF13E}"= TCP:h:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BB2BF83C-484D-43F3-9E65-7D541D0E8FBA}"= UDP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{9EA89AC5-CBEB-4C62-B0B6-565E521AEB30}"= TCP:h:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"TCP Query User{E0B0020B-A011-4C49-9CC8-A1C8D111DB1B}h:\\users\\mister jack\\downloads\\utorrent.exe"= UDP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"UDP Query User{72009B21-A152-4002-8048-0BDAA9E3413C}h:\\users\\mister jack\\downloads\\utorrent.exe"= TCP:h:\users\mister jack\downloads\utorrent.exe:utorrent.exe
"TCP Query User{82B1986E-E838-4DDA-B2D9-DC1911F54A58}h:\\program files\\soulseek\\slsk.exe"= UDP:h:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{46CB7554-A4F8-4CF3-BBE1-4D85D1940B5C}h:\\program files\\soulseek\\slsk.exe"= TCP:h:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{C8D3F9D6-DCEB-4085-AF20-032C250F3421}h:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{2A76A17F-BC37-4936-99A2-23E608C8CDED}h:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:h:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{CD84CCD5-8217-4BEF-8699-86354A7423B4}"= UDP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{5BA18E52-8607-47DB-A0E7-0FA4E9F3E9AC}"= TCP:h:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{E03A3BBA-C8EA-4FDF-BD2C-4FC964198059}h:\\program files\\codemasters\\grid\\grid.exe"= UDP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"UDP Query User{10B8F2D5-84C9-4408-A02F-C9BE0D868072}h:\\program files\\codemasters\\grid\\grid.exe"= TCP:h:\program files\codemasters\grid\grid.exe:GRID Executable
"{361012DF-4724-4BFC-8BF5-D8607C328A4D}"= UDP:h:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B68810EF-6A5A-4B0E-9C4C-2DC4B03D71FB}"= TCP:h:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{11DC2C2C-B347-438C-8590-02D18F9BBD5F}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= UDP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"UDP Query User{18DEF511-36DA-41A6-9883-31D4BD1A507D}h:\\users\\mister jack\\desktop\\wheelman\\wheelman\\binaries\\wheelmangame-final.exe"= TCP:h:\users\mister jack\desktop\wheelman\wheelman\binaries\wheelmangame-final.exe:wheelmangame-final.exe
"TCP Query User{675189A6-B9DA-4F9A-9B43-A9C316EC3FAD}h:\\program files\\itunes\\itunes.exe"= UDP:h:\program files\itunes\itunes.exe:iTunes
"UDP Query User{09BEC613-0039-47F7-88B1-4E406242774E}h:\\program files\\itunes\\itunes.exe"= TCP:h:\program files\itunes\itunes.exe:iTunes
"TCP Query User{08C434E2-A1DE-4DA3-8761-924C2EE814EE}h:\\program files\\utorrent\\utorrent.exe"= UDP:h:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3533973F-9900-4EA8-BD7E-A4417E8CC3CC}h:\\program files\\utorrent\\utorrent.exe"= TCP:h:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;h:\windows\System32\drivers\pavboot.sys [9/10/2008 18:52 28544]
S3 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\GEST\gsvr.exe [3/04/2099 15:14 55816]
S3 gwiopm;gwiopm;h:\program files\Unknown Device Identifier\GWIOPM.SYS [19/11/2008 13:26 3904]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = Telenet
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - h:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - h:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 4
FF - component: h:\users\Mister Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1s9hcvkr.default\extensions\[email protected]\components\piclensstub.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: h:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 16:10
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


h:\windows\TEMP\TMP0000004B3C9EE7DEC3646CC3 524288 bytes

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,8a,72,d5,5a,1c,82,59,c1,7c,a2,e2,c3,4f,7f,e1,b5,d4,07,1d,5b,d2,44,
e4,18,a4,7b,21,14,1f,2f,fe,da,07,4f,62,e2,2b,e2,07,99,07,b1,cd,c5,20,35,b1,\
"??"=hex:2f,40,de,c4,41,ee,68,aa,40,1c,a3,ec,e7,26,cc,e0

[HKEY_USERS\S-1-5-21-1037789980-1614441686-2393366311-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,a7,9d,7d,65,df,be,2d,01,98,42,d4,5c,f8,eb,27,e4,54,81,a9,ca,
ff,5d,9b,0d,a5,34,41,ea,a4,50,87,11,7b,b7,89,be,50,f5,88,ac,7d,14,85,4d,41,\
"rkeysecu"=hex:ab,0b,33,51,eb,2e,5b,63,52,60,d5,0a,61,6b,51,04
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(856)
h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
h:\program files\TortoiseSVN\bin\TortoiseStub.dll
h:\program files\TortoiseSVN\bin\TortoiseSVN.dll
h:\program files\TortoiseSVN\bin\intl3_tsvn.dll
h:\program files\Dropbox\DropboxExt.dll
h:\windows\System32\NLSLexicons0013.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
h:\windows\System32\nvvsvc.exe
h:\windows\System32\audiodg.exe
h:\windows\System32\rundll32.exe
h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
h:\windows\System32\PnkBstrA.exe
h:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
h:\windows\System32\WUDFHost.exe
h:\windows\System32\conime.exe
h:\windows\System32\rundll32.exe
h:\program files\TortoiseSVN\bin\TSVNCache.exe
h:\windows\System32\wbem\unsecapp.exe
h:\windows\ehome\ehmsas.exe
h:\program files\Windows Media Player\wmpnetwk.exe
h:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-05 16:15 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-05 14:15
ComboFix2.txt 2009-05-04 19:23
ComboFix3.txt 2009-05-03 21:13
ComboFix4.txt 2008-11-08 14:54
ComboFix5.txt 2009-05-05 14:00

Pre-Run: 107.898.789.888 bytes beschikbaar
Post-Run: 107.764.510.720 bytes beschikbaar

447

Juisterr

Legacy Member
Download Java Runtime Environment (JRE) 6 Update 13.
  • Scroll omlaag naar : "Java SE Runtime Environment (JRE) 6 Update 13".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer Windows
  • Vink aan: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement", en klik op Continue.
  • De pagina zal herladen.
  • Klik op de jre-6u13-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u13-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

hoe gaat het nu ?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan