Xinu
Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:45, on 9/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Mustafa\reader_s.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "c:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BDWizReg] "C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe" /complete
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Mustafa\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Mustafa\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236367984062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - c:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - c:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
--
End of file - 8515 bytes
ComboFix 09-03-06.02 - Mustafa 2009-03-08 16:48:31.1 - NTFSx86
Gestart vanuit: c:\documents and settings\Mustafa\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mustafa\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\fxe.sp
c:\windows\system32\pthreadGC2.dll
c:\windows\ynh.dx
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))
.
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Malwarebytes
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 15:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 15:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 14:15 . 2009-03-08 14:15 244 --ah----- C:\sqmnoopt00.sqm
2009-03-08 14:15 . 2009-03-08 14:15 232 --ah----- C:\sqmdata00.sqm
2009-03-08 14:15 . 2009-03-08 14:15 121 --a------ c:\windows\bdagent.INI
2009-03-08 14:04 . 2009-03-08 14:04 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-08 14:04 . 2009-03-08 14:04 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\program files\BitDefender
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\BitDefender
2009-03-08 14:01 . 2009-03-08 14:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-03-08 14:00 . 2009-03-08 16:57 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-08 13:58 . 2009-03-08 14:01 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-03-08 13:49 . 2009-03-08 13:50 <DIR> d-------- c:\program files\Common Files\Softwin
2009-03-08 13:45 . 2009-03-08 13:45 80 --a------ c:\windows\system32\24.tmp
2009-03-08 09:57 . 2009-03-08 09:57 80 --a------ c:\windows\system32\22.tmp
2009-03-08 00:23 . 2009-03-08 00:23 80 --a------ c:\windows\system32\21.tmp
2009-03-07 23:04 . 2009-03-07 23:04 130 --a------ c:\windows\adobe.bat
2009-03-07 23:04 . 2009-03-07 23:09 6 --a------ c:\windows\_id.dat
2009-03-07 23:03 . 2009-03-07 23:03 80 --a------ c:\windows\system32\20.tmp
2009-03-07 21:20 . 2009-03-07 21:20 0 --a------ c:\windows\system32\1E.tmp
2009-03-07 21:12 . 2009-03-07 21:12 80 --a------ c:\windows\system32\1C.tmp
2009-03-07 17:51 . 2009-03-07 17:51 80 --a------ c:\windows\system32\1B.tmp
2009-03-07 13:52 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-03-07 13:48 . 2009-03-07 13:54 <DIR> d-------- c:\program files\ATI Technologies
2009-03-07 13:48 . 2007-07-28 04:01 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-03-07 13:48 . 2007-07-28 04:01 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-03-07 13:48 . 2007-07-28 04:01 972,072 -ra------ c:\windows\system32\ativva6x.dat
2009-03-07 13:48 . 2009-03-08 14:54 614,400 --a------ c:\windows\system32\ati2sgag.exe
2009-03-07 13:48 . 2007-07-28 04:31 344,064 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-03-07 13:48 . 2007-07-28 04:24 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-03-07 13:48 . 2007-06-12 18:30 151,367 -ra------ c:\windows\system32\atiicdxx.dat
2009-03-07 13:48 . 2007-04-12 02:33 7,069 -ra------ c:\windows\system32\atifglpf.xml
2009-03-07 13:47 . 2009-03-07 13:47 80 --a------ c:\windows\system32\1A.tmp
2009-03-07 13:31 . 2009-03-07 13:31 80 --a------ c:\windows\system32\19.tmp
2009-03-07 13:23 . 2007-05-03 18:52 11,557 -ra------ c:\windows\atiogl.xml
2009-03-07 13:22 . 2009-03-07 13:22 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-07 13:21 . 2009-03-07 13:21 80 --a------ c:\windows\system32\17.tmp
2009-03-07 13:16 . 2009-03-07 13:16 80 --a------ c:\windows\system32\16.tmp
2009-03-07 13:06 . 2009-03-07 13:06 80 --a------ c:\windows\system32\15.tmp
2009-03-07 12:59 . 2009-03-07 13:05 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-07 12:56 . 2009-03-07 12:56 80 --a------ c:\windows\system32\13.tmp
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\program files\NOS
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-07 12:42 . 2009-03-07 12:42 80 --a------ c:\windows\system32\11.tmp
2009-03-07 12:29 . 2006-12-28 17:44 84,992 -ra------ c:\windows\system32\drivers\AtiHdAud.sys
2009-03-07 12:09 . 2009-03-07 11:59 580,096 --a------ c:\windows\system32\otof
2009-03-07 12:03 . 2009-03-07 11:59 580,096 --a------ c:\windows\system32\rzxpyqll
2009-03-07 11:59 . 2009-03-07 11:59 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-07 11:59 . 2009-03-07 13:42 10 --a------ c:\windows\WININIT.INI
2009-03-07 11:41 . 2009-03-07 11:41 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-07 11:23 . 2008-04-14 17:39 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-07 11:18 . 2009-03-07 11:58 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\nidle
2009-03-07 11:18 . 2009-03-07 11:18 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-03-07 11:18 . 2009-03-07 11:18 80 --a------ c:\windows\system32\14C.tmp
2009-03-07 11:18 . 2009-03-07 11:18 0 --a------ c:\windows\system32\14F.tmp
2009-03-07 08:38 . 2009-03-08 12:39 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\GetRightToGo
2009-03-07 00:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-07 00:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-07 00:10 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\Dursun
2009-03-06 23:31 . 2009-03-06 23:31 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-06 22:02 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-06 22:00 . 2009-03-06 22:00 <DIR> d-------- c:\program files\Microsoft Works
2009-03-06 21:59 . 2009-03-06 21:59 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-06 21:56 . 2009-03-06 21:56 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-06 21:55 . 2009-03-06 21:56 <DIR> d-------- c:\windows\SHELLNEW
2009-03-06 21:55 . 2009-03-07 12:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-06 21:54 . 2009-03-06 21:54 <DIR> dr-h----- C:\MSOCache
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools Pro
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-06 21:44 . 2009-03-06 21:53 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools Lite
2009-03-06 21:16 . 2009-03-06 21:16 <DIR> d-------- c:\windows\Logs
2009-03-06 21:01 . 2009-03-06 21:01 8,908 --ah----- c:\windows\system32\mlfcache.dat
2009-03-06 21:00 . 2009-03-06 21:00 <DIR> d-------- c:\program files\Bonjour
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\program files\iTunes
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\program files\iPod
2009-03-06 20:57 . 2009-03-06 21:00 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Apple Computer
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-06 20:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-06 20:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 20:55 . 2009-03-08 14:44 <DIR> d-------- c:\program files\QuickTime
2009-03-06 20:55 . 2009-03-06 20:55 <DIR> d-------- c:\program files\Apple Software Update
2009-03-06 20:55 . 2009-03-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-06 20:54 . 2009-03-06 20:54 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-06 20:54 . 2009-03-06 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-06 20:50 . 2009-03-06 20:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-06 20:49 . 2009-03-06 20:49 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Windows Desktop Search
2009-03-06 20:48 . 2009-03-06 20:48 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-06 20:48 . 2009-03-08 14:45 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-06 20:47 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-06 20:47 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-06 20:47 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-06 20:46 . 2009-03-08 14:45 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-06 20:43 . 2009-03-06 20:43 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-06 20:43 . 2009-03-06 20:44 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-06 20:43 . 2009-03-06 20:45 <DIR> d-------- C:\89ca5952262d6ad9e5b6
2009-03-06 20:41 . 2009-03-06 20:43 <DIR> d-------- C:\d798060b76b04303a25991309c2bcd17
2009-03-06 20:40 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-06 20:38 . 2009-03-07 18:28 <DIR> d-------- c:\documents and settings\Mustafa\Contacts
2009-03-06 20:36 . 2009-03-06 20:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-06 20:35 . 2009-03-06 20:36 <DIR> d-------- c:\program files\Windows Live
2009-03-06 20:24 . 2009-03-06 20:35 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-06 20:23 . 2009-03-06 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-06 20:21 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-03-06 20:21 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-06 20:16 . 2009-03-07 12:58 <DIR> d-------- c:\program files\MSBuild
2009-03-06 20:16 . 2009-03-06 20:16 <DIR> d-------- C:\6d88cb3b4dd9170236040d7b0211
2009-03-06 20:16 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-06 20:16 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-06 20:16 . 2009-03-08 14:55 614,400 --a------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-06 20:16 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-06 20:16 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-06 20:16 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-06 20:16 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-06 20:10 . 2008-12-21 00:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-06 20:10 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-06 20:10 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-06 20:10 . 2008-12-21 00:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-06 20:10 . 2008-12-21 00:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 20:10 . 2008-12-21 00:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-06 20:10 . 2008-12-21 00:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-06 20:10 . 2008-12-21 00:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 13:55 98,304 ----a-w c:\windows\system32\dllcache\wmpstub.exe
2009-03-08 13:54 99,840 ----a-w c:\windows\system32\dfrgfat.exe
2009-03-08 13:52 53,346 ----a-w c:\windows\slrundll.exe
2009-03-08 13:50 9,728,512 ----a-r c:\windows\RTLCPL.exe
2009-03-08 13:50 87,040 ----a-w c:\windows\notepad.exe
2009-03-08 13:50 785,920 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
2009-03-08 13:50 761,344 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2009-03-08 13:50 52,736 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\notiflag.exe
2009-03-08 13:50 35,840 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
2009-03-08 13:50 188,928 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
2009-03-08 13:50 170,496 ----a-w c:\windows\regedit.exe
2009-03-08 13:50 167,936 ----a-w c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe
2009-03-08 13:50 117,248 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\HelpHost.exe
2009-03-08 13:50 1,212,416 ----a-r c:\windows\RtlUpd.exe
2009-03-08 13:50 1,212,416 ----a-r c:\windows\RtkUpd.exe
2009-03-08 13:49 2,175,488 ----a-r c:\windows\MicCal.exe
2009-03-08 13:48 335,872 ----a-w c:\windows\HideWin.exe
2009-03-08 13:48 27,648 ----a-w c:\windows\hh.exe
2009-03-08 13:48 2,827,776 ----a-r c:\windows\alcwzrd.exe
2009-03-08 13:34 90,112 ----a-w c:\windows\Alcmtr.exe
2009-03-08 13:34 50,688 ----a-w c:\windows\system32\rundll32.exe
2009-03-08 13:34 2,899,456 ----a-w c:\windows\SkyTel.exe
2009-03-08 13:30 416,768 ----a-w c:\windows\system32\cmd.exe
2009-03-08 13:27 176,128 ----a-w c:\windows\system32\wscript.exe
2009-03-08 13:27 117,760 ----a-w c:\windows\system32\logagent.exe
2009-03-08 13:26 32,256 ----a-w c:\windows\system32\ctfmon.exe
2009-03-08 13:26 167,424 ----a-w c:\windows\system32\imapi.exe
2009-03-08 13:24 531,968 ----a-w c:\windows\system32\logonui.exe
2009-03-08 13:23 1,054,208 ----a-w c:\windows\explorer.exe
2009-03-08 13:22 43,008 ----a-w c:\windows\system32\userinit.exe
2009-03-08 13:16 201,728 ----a-w c:\windows\system32\searchprotocolhost.exe
2009-03-07 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 10:59 580,096 ----a-w c:\windows\system32\user32.DLL
2009-03-07 10:18 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-02-24 23:26 2,255,360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-03 16:03 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-16 16:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
c:\windows\system32\user32.dll ... is geïnfecteerd !!
578,560 2004-08-03 23:03:24 c:\windows\$NtServicePackUninstall$\user32.dll
580,096 2008-04-14 17:02:44 c:\windows\ServicePackFiles\i386\user32.dll
580,096 2008-04-14 17:02:44 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\user32.dll
580,096 2009-03-07 10:59:01 c:\windows\system32\user32.DLL
580,096 2009-03-07 10:59:01 c:\windows\system32\dllcache\user32.dll
------- Sigcheck -------
2004-08-04 00:03 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\user32.dll
2009-03-07 11:59 580096 8a0f7c6bca4b61ed77aeca40143324cb c:\windows\system32\user32.DLL
2009-03-07 11:59 580096 8a0f7c6bca4b61ed77aeca40143324cb c:\windows\system32\dllcache\user32.dll
2004-08-03 22:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\ndis.sys
2009-03-07 11:18 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-03-07 11:18 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2009-03-08 14:23 1054208 8e67ec8af8c7284cb41d39f60655f903 c:\windows\explorer.exe
2009-03-08 14:47 1052672 52e72d88aace89a7142c120290978289 c:\windows\$NtServicePackUninstall$\explorer.exe
2009-03-08 14:50 1054720 8b1fdc7f8e8caa4bfe2748740488de38 c:\windows\ServicePackFiles\i386\explorer.exe
2009-03-08 14:52 1054208 fdeb1fa307c9a238abb9d34049b31af4 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\explorer.exe
2009-03-08 14:47 32768 abee78fff8721105b950f3c9a274545c c:\windows\$NtServicePackUninstall$\ctfmon.exe
2009-03-08 14:50 32768 4c86a7bd5f8c2b3001f20161e993da02 c:\windows\ServicePackFiles\i386\ctfmon.exe
2009-03-08 14:52 32256 174c0f5ffc62684f665f7f6ce94e0045 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\ctfmon.exe
2009-03-08 14:26 32256 64a8ba3f12eb87fe70c6171a2bb43462 c:\windows\system32\ctfmon.exe
2009-03-08 14:48 74752 db7d465f31ef12f9753ef92fd2217ae7 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2009-03-08 14:51 74752 b800a64fe5ba2f9b8a76780981c6c1d6 c:\windows\ServicePackFiles\i386\spoolsv.exe
2009-03-08 14:53 74752 67dbbfb6ca4eb958572672a90393e0e6 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\spoolsv.exe
2008-04-14 18:03 75264 3d12626c4e02a949ec0ea9231a1894d2 c:\windows\system32\spoolsv.exe
2009-03-08 14:48 41472 f1a468d4fed5a3030f06f54d7373b168 c:\windows\$NtServicePackUninstall$\userinit.exe
2009-03-08 14:51 43008 48684499cd1783344b0d4540719c6b3a c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-08 14:53 43008 728035f6d2348b1e7cfe19f27de07ea6 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\userinit.exe
2009-03-08 14:22 43008 848e4e0b50d254a564d8ea2372ec91d7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-03-08 32256]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-03-08 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-08 90112]
"SkyTel"="SkyTel.EXE" [2009-03-08 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
Scan saved at 19:32:45, on 9/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Mustafa\reader_s.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "c:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BDWizReg] "C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe" /complete
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Mustafa\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Mustafa\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236367984062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - c:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - c:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
--
End of file - 8515 bytes
ComboFix 09-03-06.02 - Mustafa 2009-03-08 16:48:31.1 - NTFSx86
Gestart vanuit: c:\documents and settings\Mustafa\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mustafa\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\fxe.sp
c:\windows\system32\pthreadGC2.dll
c:\windows\ynh.dx
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))
.
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Malwarebytes
2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 15:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 15:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 14:15 . 2009-03-08 14:15 244 --ah----- C:\sqmnoopt00.sqm
2009-03-08 14:15 . 2009-03-08 14:15 232 --ah----- C:\sqmdata00.sqm
2009-03-08 14:15 . 2009-03-08 14:15 121 --a------ c:\windows\bdagent.INI
2009-03-08 14:04 . 2009-03-08 14:04 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-08 14:04 . 2009-03-08 14:04 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\program files\BitDefender
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\BitDefender
2009-03-08 14:01 . 2009-03-08 14:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-03-08 14:00 . 2009-03-08 16:57 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-08 13:58 . 2009-03-08 14:01 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-03-08 13:49 . 2009-03-08 13:50 <DIR> d-------- c:\program files\Common Files\Softwin
2009-03-08 13:45 . 2009-03-08 13:45 80 --a------ c:\windows\system32\24.tmp
2009-03-08 09:57 . 2009-03-08 09:57 80 --a------ c:\windows\system32\22.tmp
2009-03-08 00:23 . 2009-03-08 00:23 80 --a------ c:\windows\system32\21.tmp
2009-03-07 23:04 . 2009-03-07 23:04 130 --a------ c:\windows\adobe.bat
2009-03-07 23:04 . 2009-03-07 23:09 6 --a------ c:\windows\_id.dat
2009-03-07 23:03 . 2009-03-07 23:03 80 --a------ c:\windows\system32\20.tmp
2009-03-07 21:20 . 2009-03-07 21:20 0 --a------ c:\windows\system32\1E.tmp
2009-03-07 21:12 . 2009-03-07 21:12 80 --a------ c:\windows\system32\1C.tmp
2009-03-07 17:51 . 2009-03-07 17:51 80 --a------ c:\windows\system32\1B.tmp
2009-03-07 13:52 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-03-07 13:48 . 2009-03-07 13:54 <DIR> d-------- c:\program files\ATI Technologies
2009-03-07 13:48 . 2007-07-28 04:01 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-03-07 13:48 . 2007-07-28 04:01 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-03-07 13:48 . 2007-07-28 04:01 972,072 -ra------ c:\windows\system32\ativva6x.dat
2009-03-07 13:48 . 2009-03-08 14:54 614,400 --a------ c:\windows\system32\ati2sgag.exe
2009-03-07 13:48 . 2007-07-28 04:31 344,064 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-03-07 13:48 . 2007-07-28 04:24 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-03-07 13:48 . 2007-06-12 18:30 151,367 -ra------ c:\windows\system32\atiicdxx.dat
2009-03-07 13:48 . 2007-04-12 02:33 7,069 -ra------ c:\windows\system32\atifglpf.xml
2009-03-07 13:47 . 2009-03-07 13:47 80 --a------ c:\windows\system32\1A.tmp
2009-03-07 13:31 . 2009-03-07 13:31 80 --a------ c:\windows\system32\19.tmp
2009-03-07 13:23 . 2007-05-03 18:52 11,557 -ra------ c:\windows\atiogl.xml
2009-03-07 13:22 . 2009-03-07 13:22 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-07 13:21 . 2009-03-07 13:21 80 --a------ c:\windows\system32\17.tmp
2009-03-07 13:16 . 2009-03-07 13:16 80 --a------ c:\windows\system32\16.tmp
2009-03-07 13:06 . 2009-03-07 13:06 80 --a------ c:\windows\system32\15.tmp
2009-03-07 12:59 . 2009-03-07 13:05 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-07 12:56 . 2009-03-07 12:56 80 --a------ c:\windows\system32\13.tmp
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\program files\NOS
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-07 12:42 . 2009-03-07 12:42 80 --a------ c:\windows\system32\11.tmp
2009-03-07 12:29 . 2006-12-28 17:44 84,992 -ra------ c:\windows\system32\drivers\AtiHdAud.sys
2009-03-07 12:09 . 2009-03-07 11:59 580,096 --a------ c:\windows\system32\otof
2009-03-07 12:03 . 2009-03-07 11:59 580,096 --a------ c:\windows\system32\rzxpyqll
2009-03-07 11:59 . 2009-03-07 11:59 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-07 11:59 . 2009-03-07 13:42 10 --a------ c:\windows\WININIT.INI
2009-03-07 11:41 . 2009-03-07 11:41 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-07 11:23 . 2008-04-14 17:39 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-07 11:18 . 2009-03-07 11:58 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\nidle
2009-03-07 11:18 . 2009-03-07 11:18 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-03-07 11:18 . 2009-03-07 11:18 80 --a------ c:\windows\system32\14C.tmp
2009-03-07 11:18 . 2009-03-07 11:18 0 --a------ c:\windows\system32\14F.tmp
2009-03-07 08:38 . 2009-03-08 12:39 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\GetRightToGo
2009-03-07 00:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-07 00:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-07 00:10 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\Dursun
2009-03-06 23:31 . 2009-03-06 23:31 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-06 22:02 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-06 22:00 . 2009-03-06 22:00 <DIR> d-------- c:\program files\Microsoft Works
2009-03-06 21:59 . 2009-03-06 21:59 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-06 21:56 . 2009-03-06 21:56 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-06 21:55 . 2009-03-06 21:56 <DIR> d-------- c:\windows\SHELLNEW
2009-03-06 21:55 . 2009-03-07 12:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-06 21:54 . 2009-03-06 21:54 <DIR> dr-h----- C:\MSOCache
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools Pro
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools
2009-03-06 21:48 . 2009-03-06 21:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-06 21:44 . 2009-03-06 21:53 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\DAEMON Tools Lite
2009-03-06 21:16 . 2009-03-06 21:16 <DIR> d-------- c:\windows\Logs
2009-03-06 21:01 . 2009-03-06 21:01 8,908 --ah----- c:\windows\system32\mlfcache.dat
2009-03-06 21:00 . 2009-03-06 21:00 <DIR> d-------- c:\program files\Bonjour
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\program files\iTunes
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\program files\iPod
2009-03-06 20:57 . 2009-03-06 21:00 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Apple Computer
2009-03-06 20:57 . 2009-03-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-06 20:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-06 20:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 20:55 . 2009-03-08 14:44 <DIR> d-------- c:\program files\QuickTime
2009-03-06 20:55 . 2009-03-06 20:55 <DIR> d-------- c:\program files\Apple Software Update
2009-03-06 20:55 . 2009-03-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-06 20:54 . 2009-03-06 20:54 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-06 20:54 . 2009-03-06 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-06 20:50 . 2009-03-06 20:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-06 20:49 . 2009-03-06 20:49 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\Windows Desktop Search
2009-03-06 20:48 . 2009-03-06 20:48 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-06 20:48 . 2009-03-08 14:45 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-06 20:47 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-06 20:47 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-06 20:47 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-06 20:46 . 2009-03-08 14:45 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-06 20:43 . 2009-03-06 20:43 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-06 20:43 . 2009-03-06 20:44 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-06 20:43 . 2009-03-06 20:45 <DIR> d-------- C:\89ca5952262d6ad9e5b6
2009-03-06 20:41 . 2009-03-06 20:43 <DIR> d-------- C:\d798060b76b04303a25991309c2bcd17
2009-03-06 20:40 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-06 20:38 . 2009-03-07 18:28 <DIR> d-------- c:\documents and settings\Mustafa\Contacts
2009-03-06 20:36 . 2009-03-06 20:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-06 20:35 . 2009-03-06 20:36 <DIR> d-------- c:\program files\Windows Live
2009-03-06 20:24 . 2009-03-06 20:35 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-06 20:23 . 2009-03-06 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-06 20:21 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-03-06 20:21 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-06 20:16 . 2009-03-07 12:58 <DIR> d-------- c:\program files\MSBuild
2009-03-06 20:16 . 2009-03-06 20:16 <DIR> d-------- C:\6d88cb3b4dd9170236040d7b0211
2009-03-06 20:16 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-06 20:16 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-06 20:16 . 2009-03-08 14:55 614,400 --a------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-06 20:16 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-06 20:16 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-06 20:16 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-06 20:16 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-06 20:10 . 2008-12-21 00:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-06 20:10 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-06 20:10 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-06 20:10 . 2008-12-21 00:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-06 20:10 . 2008-12-21 00:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 20:10 . 2008-12-21 00:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-06 20:10 . 2008-12-21 00:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-06 20:10 . 2008-12-21 00:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 13:55 98,304 ----a-w c:\windows\system32\dllcache\wmpstub.exe
2009-03-08 13:54 99,840 ----a-w c:\windows\system32\dfrgfat.exe
2009-03-08 13:52 53,346 ----a-w c:\windows\slrundll.exe
2009-03-08 13:50 9,728,512 ----a-r c:\windows\RTLCPL.exe
2009-03-08 13:50 87,040 ----a-w c:\windows\notepad.exe
2009-03-08 13:50 785,920 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
2009-03-08 13:50 761,344 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2009-03-08 13:50 52,736 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\notiflag.exe
2009-03-08 13:50 35,840 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
2009-03-08 13:50 188,928 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
2009-03-08 13:50 170,496 ----a-w c:\windows\regedit.exe
2009-03-08 13:50 167,936 ----a-w c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe
2009-03-08 13:50 117,248 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\HelpHost.exe
2009-03-08 13:50 1,212,416 ----a-r c:\windows\RtlUpd.exe
2009-03-08 13:50 1,212,416 ----a-r c:\windows\RtkUpd.exe
2009-03-08 13:49 2,175,488 ----a-r c:\windows\MicCal.exe
2009-03-08 13:48 335,872 ----a-w c:\windows\HideWin.exe
2009-03-08 13:48 27,648 ----a-w c:\windows\hh.exe
2009-03-08 13:48 2,827,776 ----a-r c:\windows\alcwzrd.exe
2009-03-08 13:34 90,112 ----a-w c:\windows\Alcmtr.exe
2009-03-08 13:34 50,688 ----a-w c:\windows\system32\rundll32.exe
2009-03-08 13:34 2,899,456 ----a-w c:\windows\SkyTel.exe
2009-03-08 13:30 416,768 ----a-w c:\windows\system32\cmd.exe
2009-03-08 13:27 176,128 ----a-w c:\windows\system32\wscript.exe
2009-03-08 13:27 117,760 ----a-w c:\windows\system32\logagent.exe
2009-03-08 13:26 32,256 ----a-w c:\windows\system32\ctfmon.exe
2009-03-08 13:26 167,424 ----a-w c:\windows\system32\imapi.exe
2009-03-08 13:24 531,968 ----a-w c:\windows\system32\logonui.exe
2009-03-08 13:23 1,054,208 ----a-w c:\windows\explorer.exe
2009-03-08 13:22 43,008 ----a-w c:\windows\system32\userinit.exe
2009-03-08 13:16 201,728 ----a-w c:\windows\system32\searchprotocolhost.exe
2009-03-07 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 10:59 580,096 ----a-w c:\windows\system32\user32.DLL
2009-03-07 10:18 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-02-24 23:26 2,255,360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-03 16:03 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-16 16:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
c:\windows\system32\user32.dll ... is geïnfecteerd !!
578,560 2004-08-03 23:03:24 c:\windows\$NtServicePackUninstall$\user32.dll
580,096 2008-04-14 17:02:44 c:\windows\ServicePackFiles\i386\user32.dll
580,096 2008-04-14 17:02:44 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\user32.dll
580,096 2009-03-07 10:59:01 c:\windows\system32\user32.DLL
580,096 2009-03-07 10:59:01 c:\windows\system32\dllcache\user32.dll
------- Sigcheck -------
2004-08-04 00:03 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\user32.dll
2009-03-07 11:59 580096 8a0f7c6bca4b61ed77aeca40143324cb c:\windows\system32\user32.DLL
2009-03-07 11:59 580096 8a0f7c6bca4b61ed77aeca40143324cb c:\windows\system32\dllcache\user32.dll
2004-08-03 22:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\ndis.sys
2009-03-07 11:18 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-03-07 11:18 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2009-03-08 14:23 1054208 8e67ec8af8c7284cb41d39f60655f903 c:\windows\explorer.exe
2009-03-08 14:47 1052672 52e72d88aace89a7142c120290978289 c:\windows\$NtServicePackUninstall$\explorer.exe
2009-03-08 14:50 1054720 8b1fdc7f8e8caa4bfe2748740488de38 c:\windows\ServicePackFiles\i386\explorer.exe
2009-03-08 14:52 1054208 fdeb1fa307c9a238abb9d34049b31af4 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\explorer.exe
2009-03-08 14:47 32768 abee78fff8721105b950f3c9a274545c c:\windows\$NtServicePackUninstall$\ctfmon.exe
2009-03-08 14:50 32768 4c86a7bd5f8c2b3001f20161e993da02 c:\windows\ServicePackFiles\i386\ctfmon.exe
2009-03-08 14:52 32256 174c0f5ffc62684f665f7f6ce94e0045 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\ctfmon.exe
2009-03-08 14:26 32256 64a8ba3f12eb87fe70c6171a2bb43462 c:\windows\system32\ctfmon.exe
2009-03-08 14:48 74752 db7d465f31ef12f9753ef92fd2217ae7 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2009-03-08 14:51 74752 b800a64fe5ba2f9b8a76780981c6c1d6 c:\windows\ServicePackFiles\i386\spoolsv.exe
2009-03-08 14:53 74752 67dbbfb6ca4eb958572672a90393e0e6 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\spoolsv.exe
2008-04-14 18:03 75264 3d12626c4e02a949ec0ea9231a1894d2 c:\windows\system32\spoolsv.exe
2009-03-08 14:48 41472 f1a468d4fed5a3030f06f54d7373b168 c:\windows\$NtServicePackUninstall$\userinit.exe
2009-03-08 14:51 43008 48684499cd1783344b0d4540719c6b3a c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-08 14:53 43008 728035f6d2348b1e7cfe19f27de07ea6 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\userinit.exe
2009-03-08 14:22 43008 848e4e0b50d254a564d8ea2372ec91d7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-03-08 32256]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-03-08 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-08 90112]
"SkyTel"="SkyTel.EXE" [2009-03-08 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=