Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log met regels die ik niet vertrouw..

Anoniem
None
15 antwoorden
  • Hoi,

    Hieronder mijn hijackthis log. Een paar regels vertrouw ik niet, kan iemand eens kijken?

    (AVG, S&D en Addaware vinden niets)

    Oh, vetgedrukt werkt niet in code,

    Het gaat me om deze (3x):
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

    [code:1:836dd3d6d0]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:17:12, on 13-3-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    [b]O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')[/b][b]O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')[/b]O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    [b]O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')[/b]O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232137717765
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe


    End of file - 6474 bytes

    [/code:1:836dd3d6d0]

  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:de923165ed] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [/b:de923165ed]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:de923165ed] en sla het op je bureaublad op.
    Dubbelklik op [b:de923165ed]mbam-setup.exe[/b:de923165ed] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:de923165ed]
    [*:de923165ed]Update MalwareBytes' Anti-Malware
    [*:de923165ed]Start MalwareBytes' Anti-Malware
    [/list:u:de923165ed]Klik daarna op "[b:de923165ed]Voltooien[/b:de923165ed]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:de923165ed]
    [*:de923165ed]Zodra het programma gestart is, ga dan naar het tabblad "[b:de923165ed]Instellingen[/b:de923165ed]".
    [*:de923165ed]Vink hier aan: "[b:de923165ed]Sluit Internet Explorer tijdens verwijdering van malware[/b:de923165ed]".
    [*:de923165ed]Ga daarna naar het tabblad "[b:de923165ed]Scanner[/b:de923165ed]", kies hier voor "[b:de923165ed]Snelle Scan[/b:de923165ed]".
    [*:de923165ed]Druk vervolgens op "[b:de923165ed]Scannen[/b:de923165ed]" om de scan te starten.
    [*:de923165ed]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:de923165ed]Wanneer de scan voltooid is, klik op [b:de923165ed]OK[/b:de923165ed], daarna "[b:de923165ed]Bekijk Resultaten[/b:de923165ed]" om de resultaten te zien.
    [*:de923165ed]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:de923165ed]Verwijder geselecteerde[/b:de923165ed]".
    [*:de923165ed]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:de923165ed]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:de923165ed]Logs[/b:de923165ed]" tab te klikken in het programma.

    Plaats dit logje


    Download [b:de923165ed] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:de923165ed]
  • MalwareBytes:

    [code:1:bfbae2e0f0]
    Malwarebytes' Anti-Malware 1.34
    Database versie: 1845
    Windows 5.1.2600 Service Pack 3

    13-3-2009 17:51:01
    mbam-log-2009-03-13 (17-51-01).txt

    Scan type: Snelle Scan
    Objecten gescand: 62609
    Verstreken tijd: 4 minute(s), 40 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    [/code:1:bfbae2e0f0]

    ComboFix:

    [code:1:bfbae2e0f0]
    ComboFix 09-03-12.01 - Beheerder 2009-03-13 17:54:35.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1024.709 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beheerder\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt



    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\pthreadGC2.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-13 to 2009-03-13 ))))))))))))))))))))))))))))))
    .

    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Malwarebytes
    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-13 17:45 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 17:45 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 14:04 . 2009-03-13 14:04 <DIR> d–h—– C:\$AVG8.VAULT$
    2009-03-13 14:03 . 2009-03-13 14:03 <DIR> d——– c:\program files\Trend Micro
    2009-03-12 14:03 . 2009-03-12 14:03 <DIR> d——– c:\program files\Alcohol Soft
    2009-03-12 13:57 . 2009-03-12 13:57 717,296 –a—— c:\windows\system32\drivers\sptd.sys
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\All Users\Application Data\InstallShield
    2009-03-09 16:58 . 2009-03-09 16:59 <DIR> d——– c:\program files\TVersity Codec Pack
    2009-03-09 16:52 . 2009-03-09 16:52 <DIR> d——– c:\program files\TVersity
    2009-03-07 22:45 . 2009-03-10 19:54 101 –a—— c:\windows\CMMIXER.INI
    2009-03-07 22:06 . 2009-03-07 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Nokia
    2009-03-07 22:06 . 2008-02-01 15:17 138,112 –a—— c:\windows\system32\drivers
    mwcdnsu.sys
    2009-03-07 22:06 . 2008-02-01 15:17 8,320 –a—— c:\windows\system32\drivers
    mwcdnsuc.sys
    2009-03-07 21:09 . 2009-03-07 21:09 <DIR> d——– c:\program files\Common Files\PCSuite
    2009-03-07 21:08 . 2009-03-07 22:05 <DIR> d——– c:\program files\Common Files\Nokia
    2009-03-07 21:08 . 2008-08-26 09:26 18,816 –a—— c:\windows\system32\drivers\pccsmcfd.sys
    2009-03-07 21:07 . 2009-03-07 21:07 <DIR> d——– c:\program files\PC Connectivity Solution
    2009-03-07 21:07 . 2008-09-15 07:29 1,112,288 –a—— c:\windows\system32\wdfcoinstaller01007.dll
    2009-03-07 21:07 . 2008-09-15 07:56 659,968 –a—— c:\windows\system32
    mwcdcocls.dll
    2009-03-07 21:07 . 2008-09-15 07:56 22,016 –a—— c:\windows\system32\drivers\ccdcmbo.sys
    2009-03-07 21:07 . 2008-09-15 07:56 17,664 –a—— c:\windows\system32\drivers\ccdcmb.sys
    2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerfltj.sys
    2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerflt.sys
    2009-03-07 20:39 . 2008-03-21 13:57 14,640 ——— c:\windows\system32\spmsgXP_2k3.dll
    2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-03-07 19:06 . 2009-03-07 19:06 <DIR> d——– c:\program files\Better File Rename
    2009-03-07 17:37 . 2009-03-09 16:59 <DIR> d——– c:\program files\ffdshow
    2009-03-07 17:37 . 2007-12-24 13:47 7,680 –a—— c:\windows\system32\ff_vfw.dll
    2009-03-07 17:37 . 2007-11-29 12:52 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
    2009-03-07 16:49 . 2009-03-07 16:49 <DIR> d——– c:\program files\Orb Networks
    2009-03-07 16:49 . 2009-03-07 16:55 <DIR> d——– c:\documents and settings\All Users\Application Data\OrbNetworks
    2009-03-07 16:37 . 2009-03-07 16:37 <DIR> d——– c:\program files\Microsoft Activesync
    2009-03-07 16:36 . 2009-03-07 16:36 <DIR> d——– c:\program files\CABviaActiveSync
    2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a—— c:\windows\system32\drivers\usbser.sys
    2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
    2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2009-03-05 17:17 . 2009-03-05 17:22 <DIR> d——– c:\documents and settings\Beheerder\Application Data\PC Suite
    2009-03-05 17:17 . 2009-03-07 21:33 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nokia
    2009-03-05 17:17 . 2009-03-05 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\PC Suite
    2009-03-05 17:14 . 2009-03-05 17:14 <DIR> d——– c:\program files\DIFX
    2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d——– c:\program files\Nokia
    2009-03-05 17:13 . 2009-03-07 22:05 <DIR> d——– c:\documents and settings\All Users\Application Data\Installations
    2009-03-05 17:13 . 2008-02-01 15:17 90,624 –a—— c:\windows\system32
    mwcdcls.dll
    2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Seagate
    2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2009-03-02 00:05 . 2009-03-02 00:05 <DIR> d——– c:\program files\MediaMonkey
    2009-03-01 23:39 . 2009-03-13 15:29 <DIR> d——– c:\documents and settings\Beheerder\Tracing
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Microsoft
    2009-03-01 23:36 . 2009-03-01 23:36 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-02-28 17:59 . 2009-02-28 17:59 <DIR> d——– c:\documents and settings\All Users\Application Data\NVIDIA
    2009-02-28 17:54 . 2009-02-28 17:57 <DIR> d——– c:\windows
    view
    2009-02-28 17:54 . 2006-10-22 15:06 208,896 –a—— c:\windows\system32\NVUNINST.EXE
    2009-02-28 17:54 . 2006-10-22 12:22 208,896 –a—— c:\windows\system32
    vudisp.exe
    2009-02-28 17:54 . 2009-03-13 10:25 88,566 –a—— c:\windows\system32
    vapps.xml
    2009-02-28 17:54 . 2006-10-22 12:22 17,056 –a—— c:\windows\system32
    vdisp.nvu
    2009-02-28 17:52 . 2009-02-28 17:52 <DIR> d——– c:\program files\SystemRequirementsLab
    2009-02-28 17:49 . 2006-10-22 12:22 4,527,488 –a—— c:\windows\system32
    v4_disp.dll
    2009-02-28 17:49 . 2008-04-14 22:32 4,274,816 –a–c— c:\windows\system32\dllcache
    v4_disp.dll
    2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a—— c:\windows\system32\drivers
    v4_mini.sys
    2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a–c— c:\windows\system32\dllcache
    v4_mini.sys
    2009-02-28 17:37 . 2009-02-28 17:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Matrox
    2009-02-28 17:29 . 2009-02-28 17:29 98,304 –a—— c:\windows\system32\CmdLineExt.dll
    2009-02-28 17:20 . 2009-02-28 17:20 <DIR> d——– c:\program files\Rockstar Games
    2009-02-28 17:10 . 2009-02-28 17:41 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-02-28 16:56 . 2009-02-28 16:57 <DIR> d——– c:\program files\MagicDisc
    2009-02-28 16:56 . 2008-02-18 17:29 96,256 –a—— c:\windows\system32\drivers\mcdbus.sys
    2009-02-22 16:38 . 2009-02-22 16:38 <DIR> d——– c:\program files\HD Tune
    2009-02-21 16:40 . 2009-02-21 16:40 <DIR> d——– c:\program files\MSXML 4.0
    2009-02-20 20:29 . 2009-02-20 20:29 <DIR> d——– c:\documents and settings\All Users\Application Data\ashampoo
    2009-02-19 18:01 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\InstallShield
    2009-02-18 10:53 . 2009-02-18 10:53 <DIR> d——– c:\documents and settings\Beheerder\Application Data\U3
    2009-02-17 12:55 . 2009-02-17 12:55 <DIR> d——– c:\program files\DVD Shrink
    2009-02-17 12:55 . 2009-02-19 19:07 <DIR> d——– c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-02-17 12:35 . 2009-02-17 12:36 <DIR> d——– c:\documents and settings\Beheerder\Application Data\CyberLink
    2009-02-17 12:34 . 2009-03-07 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\CyberLink
    2009-02-17 12:33 . 2009-03-10 13:37 <DIR> d–h—– c:\program files\InstallShield Installation Information
    2009-02-17 12:33 . 2009-02-17 12:34 <DIR> d——– c:\program files\CyberLink
    2009-02-17 12:33 . 2009-02-17 12:33 <DIR> d——– c:\program files\Common Files\CyberLink
    2009-02-17 12:32 . 2009-02-17 12:32 505,128 –a—— c:\windows\system32\msvcp71.dll
    2009-02-17 12:32 . 2009-02-17 12:32 353,576 –a—— c:\windows\system32\msvcr71.dll
    2009-02-17 12:32 . 2009-02-17 12:32 29,480 –a—— c:\windows\system32\msxml3a.dll
    2009-02-15 18:58 . 2009-03-13 16:37 69 –a—— c:\windows\NeroDigital.ini
    2009-02-15 18:44 . 2009-02-15 18:44 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nero
    2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\program files\Nero
    2009-02-15 18:42 . 2009-02-15 18:43 <DIR> d——– c:\program files\Common Files\Nero
    2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\windows\system32\XPSViewer
    2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\program files\MSBuild
    2009-02-15 18:26 . 2009-02-15 18:26 <DIR> d——– c:\program files\Reference Assemblies
    2009-02-15 18:26 . 2008-07-06 13:06 1,676,288 ——— c:\windows\system32\xpssvcs.dll
    2009-02-15 18:26 . 2008-07-06 13:06 1,676,288 —–c— c:\windows\system32\dllcache\xpssvcs.dll
    2009-02-15 18:26 . 2008-07-06 11:50 597,504 —–c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-02-15 18:26 . 2008-07-06 13:06 575,488 ——— c:\windows\system32\xpsshhdr.dll
    2009-02-15 18:26 . 2008-07-06 13:06 575,488 —–c— c:\windows\system32\dllcache\xpsshhdr.dll
    2009-02-15 18:26 . 2008-07-06 13:06 117,760 ——— c:\windows\system32\prntvpt.dll
    2009-02-15 18:26 . 2008-07-06 13:06 89,088 —–c— c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-02-15 17:44 . 2009-03-13 10:26 <DIR> d——– c:\program files\SpeedFan
    2009-02-15 17:44 . 2009-02-21 21:08 45 –a—— c:\windows\system32\initdebug.nfo
    2009-02-15 17:41 . 2001-09-06 21:26 1,733,120 –a—— c:\windows\system32\g400d.dll
    2009-02-15 17:41 . 2001-09-06 21:26 1,733,120 –a–c— c:\windows\system32\dllcache\g400d.dll
    2009-02-15 17:41 . 2001-09-06 20:27 322,560 –a—— c:\windows\system32\drivers\g400m.sys
    2009-02-15 17:41 . 2001-09-06 20:27 322,560 –a–c— c:\windows\system32\dllcache\g400m.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 13:37 ——— d—–w c:\documents and settings\Beheerder\Application Data\uTorrent
    2009-03-12 13:18 ——— d—–w c:\program files\FTDv3.8
    2009-03-04 13:41 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-02-15 17:35 ——— d—–w c:\program files\Ahead
    2009-02-06 17:52 49,504 —-a-w c:\windows\system32\sirenacm.dll
    2009-02-05 18:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\mIRC
    2009-02-05 17:34 ——— d—–w c:\program files\mIRC
    2009-01-29 22:01 ——— d—–w c:\program files\GrabIt
    2009-01-29 19:36 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-29 19:36 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-29 19:36 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2009-01-26 00:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\Foxit
    2009-01-26 00:10 ——— d—–w c:\program files\Foxit Software
    2009-01-19 17:46 ——— d—–w c:\program files\uTorrent
    2009-01-18 20:22 ——— d—–w c:\program files\Linksys
    2009-01-17 17:29 9,472 —-a-w c:\windows\system32\drivers\sisperf.sys
    2009-01-17 17:29 49,024 —-a-w c:\windows\system32\drivers\sisidex.sys
    2009-01-17 17:29 4,096 —-a-w c:\windows\system32\drivers\siside.sys
    2009-01-17 17:29 139,264 —-a-w c:\windows\system32\IDEproperty.dll
    2009-01-16 21:39 ——— d—–w c:\program files\DiskInternals
    2009-01-16 21:05 ——— d—–w c:\documents and settings\Beheerder\Application Data\AVGTOOLBAR
    2009-01-16 20:48 ——— d—–w c:\program files\AVG
    2009-01-16 20:11 ——— d—–w c:\program files\microsoft frontpage
    2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32
    wiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32
    vmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

    c:\documents and settings\Beheerder\Menu Start\Programma's\Opstarten\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-28 546816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-01-29 20:36 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Linksys\\KiSS PC-Link\\KiSS_PC-Link.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-16 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-16 107272]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-05-15 12:07:00 61424]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-16 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 298264]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\software\Diagnostics\everesthome220\kerneld.wnt –> e:\software\Diagnostics\everesthome220\kerneld.wnt [?]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
    mwcdnsu.sys [2009-03-07 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
    mwcdnsuc.sys [2009-03-07 8320]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-01-16 166720]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcbd5954-fda1-11dd-bf01-000e2e3c7529}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-13 17:55:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\e:\software\Diagnostics\everesthome220\kerneld.wnt"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
    .
    Voltooingstijd: 2009-03-13 17:57:07
    ComboFix-quarantined-files.txt 2009-03-13 16:57:05

    Pre-Run: 5.104.771.072 bytes beschikbaar
    Post-Run: 5,157,187,584 bytes beschikbaar

    241 — E O F — 2009-02-21 15:41:27
    [/code:1:bfbae2e0f0]

    Volgens mij is er niet veel gevonden of wel?


















  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.




    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • eh, ik heb geen flashdisks of iets dergelijks in gebruik…
  • Sla die stap dan over.
  • Bij deze:

    (wat is/was er mis trouwens?)

    [code:1:8f2d0095b9]
    ComboFix 09-03-14.01 - Beheerder 2009-03-15 17:40:27.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1024.634 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beheerder\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Beheerder\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

    FILE ::
    c:\windows\system32\drivers\pccsmcfd.sys
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\pccsmcfd.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-15 to 2009-03-15 ))))))))))))))))))))))))))))))
    .

    2009-03-15 00:20 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-03-15 00:20 . 2008-10-16 14:06 208,744 –a—— c:\windows\system32\muweb.dll
    2009-03-15 00:20 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-03-13 22:06 . 2009-03-13 22:06 38,040 –a—— C:\img2-001.raw
    2009-03-13 22:04 . 2007-04-10 22:46 1,966,312 –a—— c:\windows\system32\drivers\VX1000.sys
    2009-03-13 22:04 . 2007-04-10 22:46 709,992 –a—— c:\windows\vVX1000.exe
    2009-03-13 22:04 . 2007-04-10 22:46 476,520 –a—— c:\windows\vVX1000.dll
    2009-03-13 22:04 . 2007-04-10 22:46 202,088 –a—— c:\windows\system32\LCCoin14.dll
    2009-03-13 22:04 . 2007-04-10 22:46 185,704 –a—— c:\windows\system32\cVX1000.dll
    2009-03-13 22:04 . 2007-04-10 22:46 111,976 –a—— c:\windows\VX1000.dll
    2009-03-13 22:04 . 2007-04-10 22:46 15,498 –a—— c:\windows\VX1000.ini
    2009-03-13 22:04 . 2007-04-10 22:46 13,023 –a—— c:\windows\VX1000.src
    2009-03-13 22:02 . 2009-03-13 22:04 <DIR> d——– c:\program files\Microsoft LifeCam
    2009-03-13 21:58 . 2009-03-13 21:58 <DIR> d——– c:\windows\system32\drivers\umdf
    2009-03-13 21:57 . 2006-09-28 16:05 2,414,360 –a—— c:\windows\system32\d3dx9_31.dll
    2009-03-13 21:57 . 2006-09-28 16:05 237,848 –a—— c:\windows\system32\xactengine2_4.dll
    2009-03-13 21:57 . 2006-07-28 09:30 236,824 –a—— c:\windows\system32\xactengine2_3.dll
    2009-03-13 21:57 . 2006-09-28 16:04 68,888 –a—— c:\windows\system32\xinput1_3.dll
    2009-03-13 21:57 . 2006-07-28 09:30 62,744 –a—— c:\windows\system32\xinput1_2.dll
    2009-03-13 21:57 . 2006-09-28 16:03 15,128 –a—— c:\windows\system32\x3daudio1_1.dll
    2009-03-13 21:56 . 2005-05-26 15:34 2,297,552 –a—— c:\windows\system32\d3dx9_26.dll
    2009-03-13 21:55 . 2008-04-14 00:15 60,032 –a—— c:\windows\system32\drivers\USBAUDIO.sys
    2009-03-13 21:55 . 2008-04-14 00:15 60,032 –a–c— c:\windows\system32\dllcache\usbaudio.sys
    2009-03-13 21:53 . 2008-04-14 00:15 32,128 –a—— c:\windows\system32\drivers\usbccgp.sys
    2009-03-13 21:53 . 2008-04-14 00:15 32,128 –a–c— c:\windows\system32\dllcache\usbccgp.sys
    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Malwarebytes
    2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-13 17:45 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 17:45 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 14:04 . 2009-03-13 14:04 <DIR> d–h—– C:\$AVG8.VAULT$
    2009-03-13 14:03 . 2009-03-13 14:03 <DIR> d——– c:\program files\Trend Micro
    2009-03-12 14:03 . 2009-03-12 14:03 <DIR> d——– c:\program files\Alcohol Soft
    2009-03-12 13:57 . 2009-03-12 13:57 717,296 –a—— c:\windows\system32\drivers\sptd.sys
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Jasc Software Inc
    2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\All Users\Application Data\InstallShield
    2009-03-09 16:58 . 2009-03-09 16:59 <DIR> d——– c:\program files\TVersity Codec Pack
    2009-03-09 16:52 . 2009-03-09 16:52 <DIR> d——– c:\program files\TVersity
    2009-03-07 22:45 . 2009-03-10 19:54 101 –a—— c:\windows\CMMIXER.INI
    2009-03-07 22:06 . 2009-03-07 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Nokia
    2009-03-07 22:06 . 2008-02-01 15:17 138,112 –a—— c:\windows\system32\drivers
    mwcdnsu.sys
    2009-03-07 22:06 . 2008-02-01 15:17 8,320 –a—— c:\windows\system32\drivers
    mwcdnsuc.sys
    2009-03-07 21:09 . 2009-03-07 21:09 <DIR> d——– c:\program files\Common Files\PCSuite
    2009-03-07 21:08 . 2009-03-07 22:05 <DIR> d——– c:\program files\Common Files\Nokia
    2009-03-07 21:07 . 2009-03-07 21:07 <DIR> d——– c:\program files\PC Connectivity Solution
    2009-03-07 21:07 . 2008-09-15 07:29 1,112,288 –a—— c:\windows\system32\wdfcoinstaller01007.dll
    2009-03-07 21:07 . 2008-09-15 07:56 659,968 –a—— c:\windows\system32
    mwcdcocls.dll
    2009-03-07 21:07 . 2008-09-15 07:56 22,016 –a—— c:\windows\system32\drivers\ccdcmbo.sys
    2009-03-07 21:07 . 2008-09-15 07:56 17,664 –a—— c:\windows\system32\drivers\ccdcmb.sys
    2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerfltj.sys
    2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerflt.sys
    2009-03-07 20:39 . 2008-03-21 13:57 14,640 ——— c:\windows\system32\spmsgXP_2k3.dll
    2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-03-07 19:06 . 2009-03-07 19:06 <DIR> d——– c:\program files\Better File Rename
    2009-03-07 17:37 . 2009-03-09 16:59 <DIR> d——– c:\program files\ffdshow
    2009-03-07 17:37 . 2007-12-24 13:47 7,680 –a—— c:\windows\system32\ff_vfw.dll
    2009-03-07 17:37 . 2007-11-29 12:52 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
    2009-03-07 16:49 . 2009-03-07 16:49 <DIR> d——– c:\program files\Orb Networks
    2009-03-07 16:49 . 2009-03-07 16:55 <DIR> d——– c:\documents and settings\All Users\Application Data\OrbNetworks
    2009-03-07 16:37 . 2009-03-07 16:37 <DIR> d——– c:\program files\Microsoft Activesync
    2009-03-07 16:36 . 2009-03-07 16:36 <DIR> d——– c:\program files\CABviaActiveSync
    2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a—— c:\windows\system32\drivers\usbser.sys
    2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
    2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2009-03-05 17:17 . 2009-03-05 17:22 <DIR> d——– c:\documents and settings\Beheerder\Application Data\PC Suite
    2009-03-05 17:17 . 2009-03-07 21:33 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nokia
    2009-03-05 17:17 . 2009-03-05 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\PC Suite
    2009-03-05 17:14 . 2009-03-05 17:14 <DIR> d——– c:\program files\DIFX
    2009-03-05 17:13 . 2009-03-13 22:04 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d——– c:\program files\Nokia
    2009-03-05 17:13 . 2009-03-07 22:05 <DIR> d——– c:\documents and settings\All Users\Application Data\Installations
    2009-03-05 17:13 . 2008-02-01 15:17 90,624 –a—— c:\windows\system32
    mwcdcls.dll
    2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Seagate
    2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2009-03-02 00:05 . 2009-03-02 00:05 <DIR> d——– c:\program files\MediaMonkey
    2009-03-01 23:39 . 2009-03-15 04:09 <DIR> d——– c:\documents and settings\Beheerder\Tracing
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live
    2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Microsoft
    2009-03-01 23:36 . 2009-03-01 23:36 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-02-28 17:59 . 2009-02-28 17:59 <DIR> d——– c:\documents and settings\All Users\Application Data\NVIDIA
    2009-02-28 17:54 . 2009-02-28 17:57 <DIR> d——– c:\windows
    view
    2009-02-28 17:54 . 2006-10-22 15:06 208,896 –a—— c:\windows\system32\NVUNINST.EXE
    2009-02-28 17:54 . 2006-10-22 12:22 208,896 –a—— c:\windows\system32
    vudisp.exe
    2009-02-28 17:54 . 2009-03-15 00:32 88,566 –a—— c:\windows\system32
    vapps.xml
    2009-02-28 17:54 . 2006-10-22 12:22 17,056 –a—— c:\windows\system32
    vdisp.nvu
    2009-02-28 17:52 . 2009-02-28 17:52 <DIR> d——– c:\program files\SystemRequirementsLab
    2009-02-28 17:49 . 2006-10-22 12:22 4,527,488 –a—— c:\windows\system32
    v4_disp.dll
    2009-02-28 17:49 . 2008-04-14 22:32 4,274,816 –a–c— c:\windows\system32\dllcache
    v4_disp.dll
    2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a—— c:\windows\system32\drivers
    v4_mini.sys
    2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a–c— c:\windows\system32\dllcache
    v4_mini.sys
    2009-02-28 17:37 . 2009-02-28 17:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Matrox
    2009-02-28 17:29 . 2009-02-28 17:29 98,304 –a—— c:\windows\system32\CmdLineExt.dll
    2009-02-28 17:20 . 2009-02-28 17:20 <DIR> d——– c:\program files\Rockstar Games
    2009-02-28 17:10 . 2009-02-28 17:41 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-02-28 16:56 . 2009-02-28 16:57 <DIR> d——– c:\program files\MagicDisc
    2009-02-28 16:56 . 2008-02-18 17:29 96,256 –a—— c:\windows\system32\drivers\mcdbus.sys
    2009-02-22 16:38 . 2009-02-22 16:38 <DIR> d——– c:\program files\HD Tune
    2009-02-21 16:40 . 2009-02-21 16:40 <DIR> d——– c:\program files\MSXML 4.0
    2009-02-20 20:29 . 2009-02-20 20:29 <DIR> d——– c:\documents and settings\All Users\Application Data\ashampoo
    2009-02-19 18:01 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\InstallShield
    2009-02-18 10:53 . 2009-02-18 10:53 <DIR> d——– c:\documents and settings\Beheerder\Application Data\U3
    2009-02-17 12:55 . 2009-02-17 12:55 <DIR> d——– c:\program files\DVD Shrink
    2009-02-17 12:55 . 2009-02-19 19:07 <DIR> d——– c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-02-17 12:35 . 2009-02-17 12:36 <DIR> d——– c:\documents and settings\Beheerder\Application Data\CyberLink
    2009-02-17 12:34 . 2009-03-07 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\CyberLink
    2009-02-17 12:33 . 2009-03-10 13:37 <DIR> d–h—– c:\program files\InstallShield Installation Information
    2009-02-17 12:33 . 2009-02-17 12:34 <DIR> d——– c:\program files\CyberLink
    2009-02-17 12:33 . 2009-02-17 12:33 <DIR> d——– c:\program files\Common Files\CyberLink
    2009-02-17 12:32 . 2009-02-17 12:32 505,128 –a—— c:\windows\system32\msvcp71.dll
    2009-02-17 12:32 . 2009-02-17 12:32 353,576 –a—— c:\windows\system32\msvcr71.dll
    2009-02-17 12:32 . 2009-02-17 12:32 29,480 –a—— c:\windows\system32\msxml3a.dll
    2009-02-15 18:58 . 2009-03-14 23:38 69 –a—— c:\windows\NeroDigital.ini
    2009-02-15 18:44 . 2009-02-15 18:44 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nero
    2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\program files\Nero
    2009-02-15 18:42 . 2009-02-15 18:43 <DIR> d——– c:\program files\Common Files\Nero
    2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\windows\system32\XPSViewer
    2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\program files\MSBuild

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-15 16:34 ——— d—–w c:\documents and settings\Beheerder\Application Data\uTorrent
    2009-03-12 13:18 ——— d—–w c:\program files\FTDv3.8
    2009-03-04 13:41 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-02-15 17:35 ——— d—–w c:\program files\Ahead
    2009-02-09 14:08 1,846,912 —-a-w c:\windows\system32\win32k.sys
    2009-02-06 17:52 49,504 —-a-w c:\windows\system32\sirenacm.dll
    2009-02-05 18:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\mIRC
    2009-02-05 17:34 ——— d—–w c:\program files\mIRC
    2009-01-29 22:01 ——— d—–w c:\program files\GrabIt
    2009-01-29 19:36 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-29 19:36 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-29 19:36 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2009-01-26 00:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\Foxit
    2009-01-26 00:10 ——— d—–w c:\program files\Foxit Software
    2009-01-19 17:46 ——— d—–w c:\program files\uTorrent
    2009-01-18 20:22 ——— d—–w c:\program files\Linksys
    2009-01-17 17:29 9,472 —-a-w c:\windows\system32\drivers\sisperf.sys
    2009-01-17 17:29 49,024 —-a-w c:\windows\system32\drivers\sisidex.sys
    2009-01-17 17:29 4,096 —-a-w c:\windows\system32\drivers\siside.sys
    2009-01-17 17:29 139,264 —-a-w c:\windows\system32\IDEproperty.dll
    2009-01-16 21:39 ——— d—–w c:\program files\DiskInternals
    2009-01-16 21:05 ——— d—–w c:\documents and settings\Beheerder\Application Data\AVGTOOLBAR
    2009-01-16 20:48 ——— d—–w c:\program files\AVG
    2009-01-16 20:11 ——— d—–w c:\program files\microsoft frontpage
    2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-13_17.56.20,53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-03-13 21:01:48 53,248 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2009-03-13 21:01:49 12,800 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2009-03-13 21:01:49 473,600 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2009-03-13 21:01:45 2,676,224 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:45 2,846,720 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:46 563,712 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:46 567,296 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:46 576,000 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:47 577,024 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:47 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:47 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:48 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:49 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-03-13 21:01:49 145,920 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2009-03-13 21:01:49 159,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2009-03-13 21:01:50 364,544 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2009-03-13 21:01:50 178,176 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2009-03-13 21:01:48 223,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2009-03-13 21:05:08 49,334 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_3B39D466F97F59A5D83D68.exe
    + 2009-03-13 21:05:08 49,334 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_638BCDEA3B33CA68073C66.exe
    + 2009-03-13 21:05:08 287,934 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_93458484A917975E9CF2AA.exe
    + 2009-03-13 21:05:08 29,926 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_CB6C72A2F50662445A5776.exe
    + 2009-03-13 21:05:08 287,934 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_E35C8803599553ABBDC417.exe
    + 2005-03-18 15:23:10 53,248 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 15:23:10 12,800 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 15:23:14 473,600 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2004-09-29 11:38:58 2,676,224 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 15:23:10 145,920 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 15:23:10 159,232 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 15:23:14 364,544 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 15:23:12 178,176 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 15:23:14 223,232 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2004-12-01 14:53:06 2,846,720 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-02-05 18:32:54 563,712 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 16:23:14 567,296 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-05-26 14:15:56 576,000 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-22 16:21:34 577,024 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 13:11:52 577,536 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-12-05 16:20:50 577,536 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-02-03 06:40:48 578,560 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-03-31 10:27:50 578,560 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-08-24 21:30:12 276,480 ——w c:\windows\system32\audiodev.dll
    - 2004-08-11 00:45:04 233,472 —-a-w c:\windows\system32\blackbox.dll
    + 2006-08-24 21:30:12 537,600 —-a-w c:\windows\system32\blackbox.dll
    - 2004-08-11 00:45:04 161,792 —-a-w c:\windows\system32\cewmdm.dll
    + 2006-08-24 21:30:12 228,352 —-a-w c:\windows\system32\cewmdm.dll
    + 2005-02-05 18:45:26 2,222,800 —-a-w c:\windows\system32\d3dx9_24.dll
    + 2005-03-18 16:19:58 2,337,488 —-a-w c:\windows\system32\d3dx9_25.dll
    + 2005-07-22 18:59:04 2,319,568 —-a-w c:\windows\system32\d3dx9_27.dll
    + 2006-02-03 07:43:16 2,332,368 —-a-w c:\windows\system32\d3dx9_29.dll
    - 2004-08-11 00:45:04 233,472 -c–a-w c:\windows\system32\dllcache\blackbox.dll
    + 2006-08-24 21:30:12 537,600 -c–a-w c:\windows\system32\dllcache\blackbox.dll
    + 2008-04-13 23:16:24 17,024 -c–a-w c:\windows\system32\dllcache\ccdecode.sys
    - 2004-08-11 00:45:04 161,792 -c–a-w c:\windows\system32\dllcache\cewmdm.dll
    + 2006-08-24 21:30:12 228,352 -c–a-w c:\windows\system32\dllcache\cewmdm.dll
    - 2004-08-11 00:45:04 527,360 -c–a-w c:\windows\system32\dllcache\drmv2clt.dll
    + 2006-08-24 21:30:14 990,208 -c–a-w c:\windows\system32\dllcache\drmv2clt.dll
    - 2004-08-11 00:45:04 6,656 -c–a-w c:\windows\system32\dllcache\laprxy.dll
    + 2006-08-24 21:30:16 11,264 -c–a-w c:\windows\system32\dllcache\LAPRXY.dll
    - 2008-06-10 08:17:42 96,768 -c–a-w c:\windows\system32\dllcache\logagent.exe
    + 2006-08-24 19:31:04 100,864 -c–a-w c:\windows\system32\dllcache\logagent.exe
    - 2008-04-14 20:32:30 310,272 -c–a-w c:\windows\system32\dllcache\mp43dmod.dll
    + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MP43DMOD.dll
    - 2008-04-14 20:32:30 384,512 -c–a-w c:\windows\system32\dllcache\mp4sdmod.dll
    + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MP4SDMOD.dll
    - 2008-04-14 20:32:30 240,640 -c–a-w c:\windows\system32\dllcache\mpg4dmod.dll
    + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MPG4DMOD.dll
    - 2004-08-11 00:45:04 141,312 -c–a-w c:\windows\system32\dllcache\msnetobj.dll
    + 2006-08-24 21:30:18 179,712 -c–a-w c:\windows\system32\dllcache\msnetobj.dll
    - 2004-08-11 00:45:04 25,088 -c–a-w c:\windows\system32\dllcache\mspmsnsv.dll
    + 2006-08-24 21:30:20 27,648 -c–a-w c:\windows\system32\dllcache\mspmsnsv.dll
    - 2004-08-11 00:45:04 169,472 -c–a-w c:\windows\system32\dllcache\mspmsp.dll
    + 2006-08-24 21:30:20 175,104 -c–a-w c:\windows\system32\dllcache\mspmsp.dll
    - 2004-08-11 00:45:04 360,176 -c–a-w c:\windows\system32\dllcache\msscp.dll
    + 2006-08-24 21:30:20 414,208 -c–a-w c:\windows\system32\dllcache\msscp.dll
    + 2008-04-13 23:09:52 5,504 -c–a-w c:\windows\system32\dllcache\mstee.sys
    - 2004-08-11 00:45:04 311,296 -c–a-w c:\windows\system32\dllcache\mswmdm.dll
    + 2006-08-24 21:30:20 320,512 -c–a-w c:\windows\system32\dllcache\mswmdm.dll
    + 2008-04-13 23:16:26 85,248 -c–a-w c:\windows\system32\dllcache
    abtsfec.sys
    + 2008-04-13 23:16:24 10,880 -c–a-w c:\windows\system32\dllcache
    disip.sys
    - 2004-08-11 00:45:04 221,184 -c–a-w c:\windows\system32\dllcache\qasf.dll
    + 2006-08-24 21:30:22 210,432 -c–a-w c:\windows\system32\dllcache\qasf.dll
    - 2008-04-14 20:32:40 144,384 -c–a-w c:\windows\system32\dllcache\schannel.dll
    + 2008-12-05 06:58:53 144,896 -c–a-w c:\windows\system32\dllcache\schannel.dll
    - 2008-04-14 20:32:40 8,508,416 -c–a-w c:\windows\system32\dllcache\shell32.dll
    + 2008-06-17 19:03:19 8,508,416 -c–a-w c:\windows\system32\dllcache\shell32.dll
    + 2008-04-13 23:16:24 11,136 -c–a-w c:\windows\system32\dllcache\slip.sys
    + 2008-04-13 23:16:22 15,232 -c–a-w c:\windows\system32\dllcache\streamip.sys
    + 2008-04-14 21:32:46 54,272 -c–a-w c:\windows\system32\dllcache\vfwwdm32.dll
    - 2008-09-15 15:28:42 1,846,528 -c–a-w c:\windows\system32\dllcache\win32k.sys
    + 2009-02-09 14:08:47 1,846,912 -c–a-w c:\windows\system32\dllcache\win32k.sys
    - 2004-08-11 00:45:04 380,144 -c–a-w c:\windows\system32\dllcache\wmadmod.dll
    + 2006-08-24 21:30:22 757,248 -c–a-w c:\windows\system32\dllcache\WMADMOD.dll
    - 2004-08-11 00:45:04 712,704 -c–a-w c:\windows\system32\dllcache\wmadmoe.dll
    + 2006-08-24 21:30:22 1,118,208 -c–a-w c:\windows\system32\dllcache\WMADMOE.dll
    - 2007-10-20 05:01:32 227,328 -c–a-w c:\windows\system32\dllcache\wmasf.dll
    + 2006-08-24 21:30:22 222,208 -c–a-w c:\windows\system32\dllcache\WMASF.dll
    - 2004-08-11 00:45:04 30,208 -c–a-w c:\windows\system32\dllcache\wmdmlog.dll
    + 2006-08-24 21:30:22 33,792 -c–a-w c:\windows\system32\dllcache\wmdmlog.dll
    - 2004-08-11 00:45:04 34,304 -c–a-w c:\windows\system32\dllcache\wmdmps.dll
    + 2006-08-24 21:30:22 37,376 -c–a-w c:\windows\system32\dllcache\wmdmps.dll
    - 2004-08-11 00:45:04 150,016 -c–a-w c:\windows\system32\dllcache\wmidx.dll
    + 2006-08-24 21:30:24 157,184 -c–a-w c:\windows\system32\dllcache\wmidx.dll
    - 2008-06-10 10:37:02 1,026,048 -c–a-w c:\windows\system32\dllcache\WMNetmgr.dll
    + 2006-08-24 21:30:24 937,984 -c–a-w c:\windows\system32\dllcache\WMNetMgr.dll
    - 2004-08-11 00:45:04 773,368 -c–a-w c:\windows\system32\dllcache\wmsdmod.dll
    + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmsdmod.dll
    - 2004-08-11 00:45:04 1,116,160 -c–a-w c:\windows\system32\dllcache\wmsdmoe2.dll
    + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmsdmoe2.dll
    - 2004-08-11 00:45:06 531,192 -c–a-w c:\windows\system32\dllcache\wmspdmod.dll
    + 2006-08-24 21:30:26 603,648 -c–a-w c:\windows\system32\dllcache\WMSPDMOD.dll
    - 2004-08-11 00:45:06 936,960 -c–a-w c:\windows\system32\dllcache\wmspdmoe.dll
    + 2006-08-24 21:30:26 1,327,616 -c–a-w c:\windows\system32\dllcache\WMSPDMOE.dll
    - 2006-12-07 06:40:49 2,362,184 -c–a-w c:\windows\system32\dllcache\wmvcore.dll
    + 2006-08-24 21:30:26 2,450,944 -c–a-w c:\windows\system32\dllcache\wmvcore.dll
    - 2004-08-11 00:45:06 871,160 -c–a-w c:\windows\system32\dllcache\wmvdmod.dll
    + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmvdmod.dll
    - 2004-08-11 00:45:06 999,424 -c–a-w c:\windows\system32\dllcache\wmvdmoe2.dll
    + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmvdmoe2.dll
    + 2008-04-13 23:16:26 19,200 -c–a-w c:\windows\system32\dllcache\wstcodec.sys
    + 2008-04-13 23:16:24 17,024 —-a-w c:\windows\system32\drivers\CCDECODE.sys
    + 2008-04-13 23:09:52 5,504 —-a-w c:\windows\system32\drivers\MSTEE.sys
    + 2008-04-13 23:16:26 85,248 —-a-w c:\windows\system32\drivers\NABTSFEC.sys
    + 2008-04-13 23:16:24 10,880 —-a-w c:\windows\system32\drivers\NdisIP.sys
    + 2008-04-13 23:16:24 11,136 —-a-w c:\windows\system32\drivers\SLIP.sys
    + 2008-04-13 23:16:22 15,232 —-a-w c:\windows\system32\drivers\StreamIP.sys
    + 2006-08-24 21:30:26 667,648 ——w c:\windows\system32\drivers\umdf\wpdmtpdr.dll
    - 2004-08-11 00:45:06 18,944 —-a-w c:\windows\system32\drivers\wpdusb.sys
    + 2006-08-24 19:26:02 38,656 —-a-w c:\windows\system32\drivers\wpdusb.sys
    + 2008-04-13 23:16:26 19,200 —-a-w c:\windows\system32\drivers\WSTCODEC.SYS
    + 2006-08-24 19:27:06 249,344 ——w c:\windows\system32\drmupgds.exe
    - 2004-08-11 00:45:04 527,360 —-a-w c:\windows\system32\drmv2clt.dll
    + 2006-08-24 21:30:14 990,208 —-a-w c:\windows\system32\drmv2clt.dll
    + 2007-04-12 21:46:36 202,072 -c–a-w c:\windows\system32\DRVSTORE\NX6000_F6B3840B39991CB5F379BB4F46F6AA68F481F295\LCCoin14.dll
    + 2007-04-12 21:46:36 34,136 -c–a-w c:\windows\system32\DRVSTORE\NX6000_F6B3840B39991CB5F379BB4F46F6AA68F481F295
    x6000.sys
    + 2007-04-10 21:46:53 111,976 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\1033\VX1000.dll
    + 2007-04-10 21:46:52 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\cVX1000.dll
    + 2007-04-10 21:46:52 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\LCCoin14.dll
    + 2007-04-10 21:46:52 505,192 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\TwainUI.dll
    + 2007-04-10 21:46:52 476,520 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.dll
    + 2007-04-10 21:46:52 709,992 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe
    + 2007-04-10 21:46:53 1,966,312 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\VX1000.sys
    + 2007-04-10 21:46:50 111,976 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\1033\VX3000.dll
    + 2007-04-10 21:46:47 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\cVX3000.dll
    + 2007-04-10 21:46:47 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\LCCoin14.dll
    + 2007-04-10 21:46:47 505,192 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\TwainUI.dll
    + 2007-04-10 21:46:48 476,520 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.dll
    + 2007-04-10 21:46:48 709,992 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.exe
    + 2007-04-10 21:46:48 1,966,696 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\VX3000.sys
    + 2007-04-10 21:46:46 116,072 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\1033\VX6000.dll
    + 2007-04-10 21:46:43 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\cVX6000.dll
    + 2007-04-10 21:46:43 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\LCCoin14.dll
    + 2007-04-10 21:46:43 484,712 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\vVX6000.dll
    + 2007-04-10 21:46:43 996,712 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\vVX6000.exe
    + 2007-04-10 21:46:44 2,385,896 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6000Xp.sys
    + 2007-04-10 21:46:44 36,328 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6KCamd.sys
    + 2007-04-10 21:46:44 509,288 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6KTUI.dll
    - 2009-03-01 23:34:41 97,456 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-03-14 23:31:24 97,456 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2004-08-11 00:45:04 6,656 —-a-w c:\windows\system32\laprxy.dll
    + 2006-08-24 21:30:16 11,264 —-a-w c:\windows\system32\LAPRXY.dll
    - 2008-06-10 08:17:42 96,768 —-a-w c:\windows\system32\logagent.exe
    + 2006-08-24 19:31:04 100,864 —-a-w c:\windows\system32\logagent.exe
    + 2006-08-24 21:30:18 211,968 ——w c:\windows\system32\MFPLAT.dll
    + 2006-08-24 21:30:18 258,560 ——w c:\windows\system32\MP43DECD.dll
    - 2008-04-14 20:32:30 310,272 —-a-w c:\windows\system32\mp43dmod.dll
    + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MP43DMOD.dll
    + 2006-08-24 21:30:18 316,928 ——w c:\windows\system32\MP4SDECD.dll
    - 2008-04-14 20:32:30 384,512 —-a-w c:\windows\system32\mp4sdmod.dll
    + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MP4SDMOD.dll
    + 2006-08-24 21:30:18 259,072 ——w c:\windows\system32\MPG4DECD.dll
    - 2008-04-14 20:32:30 240,640 —-a-w c:\windows\system32\mpg4dmod.dll
    + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MPG4DMOD.dll
    - 2009-02-12 04:56:17 21,244,872 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-25 20:54:59 24,768,960 —-a-w c:\windows\system32\MRT.exe
    - 2004-08-11 00:45:04 141,312 —-a-w c:\windows\system32\msnetobj.dll
    + 2006-08-24 21:30:18 179,712 —-a-w c:\windows\system32\msnetobj.dll
    - 2004-08-11 00:45:04 25,088 —-a-w c:\windows\system32\MsPMSNSv.dll
    + 2006-08-24 21:30:20 27,648 —-a-w c:\windows\system32\mspmsnsv.dll
    - 2004-08-11 00:45:04 169,472 —-a-w c:\windows\system32\MsPMSP.dll
    + 2006-08-24 21:30:20 175,104 —-a-w c:\windows\system32\mspmsp.dll
    - 2004-08-11 00:45:04 360,176 —-a-w c:\windows\system32\MSSCP.dll
    + 2006-08-24 21:30:20 414,208 —-a-w c:\windows\system32\msscp.dll
    - 2004-08-11 00:45:04 311,296 —-a-w c:\windows\system32\MSWMDM.dll
    + 2006-08-24 21:30:20 320,512 —-a-w c:\windows\system32\mswmdm.dll
    + 2006-08-24 21:30:22 284,160 ——w c:\windows\system32\PortableDeviceApi.dll
    + 2006-08-24 21:30:22 101,888 ——w c:\windows\system32\PortableDeviceClassExtension.dll
    + 2006-08-24 21:30:22 166,912 ——w c:\windows\system32\PortableDeviceTypes.dll
    + 2006-08-24 21:30:22 132,096 ——w c:\windows\system32\PortableDeviceWiaCompat.dll
    + 2006-08-24 21:30:22 198,144 ——w c:\windows\system32\PortableDeviceWMDRM.dll
    - 2004-08-11 00:45:04 221,184 —-a-w c:\windows\system32\qasf.dll
    + 2006-08-24 21:30:22 210,432 —-a-w c:\windows\system32\qasf.dll
    - 2008-04-14 20:32:40 144,384 —-a-w c:\windows\system32\schannel.dll
    + 2008-12-05 06:58:53 144,896 —-a-w c:\windows\system32\schannel.dll
    - 2008-04-14 20:32:40 8,508,416 —-a-w c:\windows\system32\shell32.dll
    + 2008-06-17 19:03:19 8,508,416 —-a-w c:\windows\system32\shell32.dll
    - 2007-07-27 08:41:40 16,760 ——w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:43 18,808 ——w c:\windows\system32\spmsg.dll
    - 2004-08-11 00:45:04 47,104 —-a-w c:\windows\system32\uwdf.exe
    + 2006-08-24 21:42:14 8,704 —-a-w c:\windows\system32\uwdf.exe
    + 2008-04-14 21:32:46 54,272 —-a-w c:\windows\system32\vfwwdm32.dll
    - 2004-08-11 00:45:04 15,872 —-a-w c:\windows\system32\wdfapi.dll
    + 2006-08-24 21:30:22 4,096 —-a-w c:\windows\system32\wdfapi.dll
    - 2004-08-11 00:45:04 38,912 —-a-w c:\windows\system32\wdfmgr.exe
    + 2006-08-24 21:42:14 8,704 —-a-w c:\windows\system32\wdfmgr.exe
    - 2004-08-11 00:45:04 380,144 —-a-w c:\windows\system32\wmadmod.dll
    + 2006-08-24 21:30:22 757,248 —-a-w c:\windows\system32\WMADMOD.dll
    - 2004-08-11 00:45:04 712,704 —-a-w c:\windows\system32\wmadmoe.dll
    + 2006-08-24 21:30:22 1,118,208 —-a-w c:\windows\system32\WMADMOE.dll
    - 2007-10-20 05:01:32 227,328 —-a-w c:\windows\system32\wmasf.dll
    + 2006-08-24 21:30:22 222,208 —-a-w c:\windows\system32\WMASF.dll
    - 2004-08-11 00:45:04 30,208 —-a-w c:\windows\system32\WMDMLOG.dll
    + 2006-08-24 21:30:22 33,792 —-a-w c:\windows\system32\wmdmlog.dll
    - 2004-08-11 00:45:04 34,304 —-a-w c:\windows\system32\WMDMPS.dll
    + 2006-08-24 21:30:22 37,376 —-a-w c:\windows\system32\wmdmps.dll
    - 2004-08-11 00:45:04 344,064 —-a-w c:\windows\system32\WMDRMdev.dll
    + 2006-08-24 21:30:22 428,032 —-a-w c:\windows\system32\wmdrmdev.dll
    - 2004-08-11 00:45:04 290,816 —-a-w c:\windows\system32\WMDRMNet.dll
    + 2006-08-24 21:30:24 347,648 —-a-w c:\windows\system32\wmdrmnet.dll
    + 2006-08-24 21:30:24 532,992 ——w c:\windows\system32\wmdrmsdk.dll
    - 2004-08-11 00:45:04 150,016 —-a-w c:\windows\system32\wmidx.dll
    + 2006-08-24 21:30:24 157,184 —-a-w c:\windows\system32\wmidx.dll
    - 2008-06-10 10:37:02 1,026,048 —-a-w c:\windows\system32\WMNetmgr.dll
    + 2006-08-24 21:30:24 937,984 —-a-w c:\windows\system32\WMNetMgr.dll
    - 2004-08-11 00:45:04 773,368 —-a-w c:\windows\system32\wmsdmod.dll
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmsdmod.dll
    - 2004-08-11 00:45:04 1,116,160 —-a-w c:\windows\system32\wmsdmoe2.dll
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmsdmoe2.dll
    - 2004-08-11 00:45:06 531,192 —-a-w c:\windows\system32\wmspdmod.dll
    + 2006-08-24 21:30:26 603,648 —-a-w c:\windows\system32\WMSPDMOD.dll
    - 2004-08-11 00:45:06 936,960 —-a-w c:\windows\system32\wmspdmoe.dll
    + 2006-08-24 21:30:26 1,327,616 —-a-w c:\windows\system32\WMSPDMOE.dll
    - 2004-08-11 00:45:06 1,181,944 —-a-w c:\windows\system32\wmvadvd.dll
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\WMVADVD.dll
    - 2004-08-11 00:45:06 1,509,376 —-a-w c:\windows\system32\WMVADVE.DLL
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\WMVADVE.DLL
    - 2008-06-10 10:57:40 2,364,472 —-a-w c:\windows\system32\WMVCore.dll
    + 2006-08-24 21:30:26 2,450,944 —-a-w c:\windows\system32\wmvcore.dll
    + 2006-08-24 21:30:26 1,539,584 ——w c:\windows\system32\WMVDECOD.dll
    - 2004-08-11 00:45:06 871,160 —-a-w c:\windows\system32\wmvdmod.dll
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmvdmod.dll
    - 2004-08-11 00:45:06 999,424 —-a-w c:\windows\system32\wmvdmoe2.dll
    + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmvdmoe2.dll
    + 2006-08-24 21:30:26 1,532,416 ——w c:\windows\system32\WMVENCOD.dll
    + 2006-08-24 21:30:26 1,392,128 ——w c:\windows\system32\WMVSDECD.dll
    + 2006-08-24 21:30:26 790,016 ——w c:\windows\system32\WMVSENCD.dll
    + 2006-08-24 21:30:26 656,896 ——w c:\windows\system32\WMVXENCD.dll
    - 2004-08-11 00:45:06 38,912 —-a-w c:\windows\system32\wpd_ci.dll
    + 2006-08-24 21:30:28 629,760 —-a-w c:\windows\system32\wpd_ci.dll
    - 2004-08-11 00:45:06 61,952 —-a-w c:\windows\system32\wpdconns.dll
    + 2006-08-24 21:30:26 35,840 —-a-w c:\windows\system32\wpdconns.dll
    - 2004-08-11 00:45:06 114,176 —-a-w c:\windows\system32\wpdmtp.dll
    + 2006-08-24 21:30:26 154,624 —-a-w c:\windows\system32\wpdmtp.dll
    - 2004-08-11 00:45:06 66,560 —-a-w c:\windows\system32\wpdmtpus.dll
    + 2006-08-24 21:30:28 63,488 —-a-w c:\windows\system32\wpdmtpus.dll
    + 2006-08-24 21:30:28 2,589,184 ——w c:\windows\system32\WpdShext.dll
    + 2006-08-24 19:26:22 17,408 ——w c:\windows\system32\wpdshextautoplay.exe
    + 2006-08-24 21:30:28 133,120 ——w c:\windows\system32\WPDShServiceObj.dll
    - 2004-08-11 00:45:06 327,680 —-a-w c:\windows\system32\wpdsp.dll
    + 2006-08-24 21:30:28 349,184 —-a-w c:\windows\system32\wpdsp.dll
    + 2006-02-03 07:41:26 14,032 —-a-w c:\windows\system32\x3daudio1_0.dll
    + 2006-02-03 07:42:06 230,096 —-a-w c:\windows\system32\xactengine2_0.dll
    + 2006-03-31 11:39:48 229,584 —-a-w c:\windows\system32\xactengine2_1.dll
    + 2006-05-31 06:24:16 230,168 —-a-w c:\windows\system32\xactengine2_2.dll
    + 2006-03-31 11:39:24 62,672 —-a-w c:\windows\system32\xinput1_1.dll
    + 2005-12-05 17:07:30 61,136 —-a-w c:\windows\system32\xinput9_1_0.dll
    + 2007-04-10 21:46:52 505,192 —-a-w c:\windows\twain_32\VX1000\TwainUI.dll
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32
    wiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32
    vmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

    c:\documents and settings\Beheerder\Menu Start\Programma's\Opstarten\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-28 546816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-01-29 20:36 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Linksys\\KiSS PC-Link\\KiSS_PC-Link.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-16 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-16 107272]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-05-15 12:07:00 61424]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-16 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 298264]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\software\Diagnostics\everesthome220\kerneld.wnt –> e:\software\Diagnostics\everesthome220\kerneld.wnt [?]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
    mwcdnsu.sys [2009-03-07 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
    mwcdnsuc.sys [2009-03-07 8320]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-01-16 166720]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 17:41:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\e:\software\Diagnostics\everesthome220\kerneld.wnt"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
    .
    Voltooingstijd: 2009-03-15 17:43:03
    ComboFix-quarantined-files.txt 2009-03-15 16:43:00
    ComboFix2.txt 2009-03-13 16:57:09

    Pre-Run: 4.709.113.856 bytes beschikbaar
    Post-Run: 4,726,333,440 bytes beschikbaar

    528 — E O F — 2009-03-14 23:26:50
    [/code:1:8f2d0095b9]





















  • Zijn er nog problemen?
  • Ik heb het idee dat de pc af en toe met dingen bezig is die hij niet behoort te doen.

    Wat was volgens jou de infectie dan?
  • Een rootkit en een besmette mountpoint.

    Wat zijn dan die dingen die de computer volgens jou niet hoort te doen?
  • Zonder dat ik met de pc werk, hoor ik de harddisk regelmatig werken. Ik had zelfs de automatische updates uitgezet om dat gedownload uit te sluiten.

    Tijdens het branden van een CD of DVD liep het buffer regelmatig naar 10% zonder dat ik verder iets deed (ook msn etc stond dan uit)

    Kan je me iets meer vertellen over die rootkit en mountpoint?

    Zoals, hoe kan ik het voorkomen of herkennen? Mijn virusscanner is AVG en ik draai regelmatig S&D an ad-aware.
  • Een rootkit kan je niet herkennen, die schuilt zich diep.
    Ook besmtette mounpoints zijn niet te herkennen als je niet diep zoekt in het Register.


    Gebruik is rootkit hook analyzer en kijk welke regels in het rood worden aangegeven.
    Plaats die regels hier.
  • Dit?

    The process pnkbstra.exe does not have any product, company or description information.

    Information about the responsible process pnkbstra.exe:

    file path: C:\windows\system32\pnkbstra.exe
    Click here to do a Google search on pnkbstra.exe



    System routines are being intercepted

    One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up.


    The module spfh.sys is hooking the kernel to intercept base system services.

    Information about the responsible module spfh.sys:

    file path: spfh.sys
    This file is no longer available. We suggest you try to find this file in another location on your hard disk.
    Click here to do a Google search on spfh.sys


    Ok, ik snap dat dat lastig te zien is maar toch gaf je mij de instructies naar aanleiding van mijn hijack log. Kwam dat door die 3 regels?
  • Nee die regels waren volkomen legitiem.
    Hoe je rootkits in bijv. HijackThis logs en ComboFix logs kan herkennen kan ik je niet in 1 post uitleggen, daarvoor kan je een opleiding volgen op HijackThis.nl

    Jouw problemen lijken me niet malware gerelateerd want je logs zijn schoon.
    Maar misschien kan je dit eens proberen.


    Download en bewaar SDFix
    op je bureaublad.
    Dubbelklik op [b:f972d6939d]SDFix.exe[/b:f972d6939d] en kies voor [b:f972d6939d]Install[/b:f972d6939d] om het tooltje uit te pakken in een eigen map op je bureaublad.

    Start de computer opnieuw op, maar dan in veilige modus.

    [list:f972d6939d][*:f972d6939d] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:f972d6939d]RunThis.bat[/b:f972d6939d] om het tooltje te starten.
    [*:f972d6939d] Typ [b:f972d6939d]Y[/b:f972d6939d] om het clean proces te starten.
    [*:f972d6939d] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
    [*:f972d6939d] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:f972d6939d]Finished[/b:f972d6939d] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
    [*:f972d6939d] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:f972d6939d]Report.txt[/b:f972d6939d].[/list:u:f972d6939d]


    Post dit logje in je volgende bericht.
  • Othuroyo, bedankt voor de reminder, ik ben er alleen nog niet aan toegekomen.

    Deze pc gaat binnenkort toch weg, hij wordt vervangen door een sneller, ander exemplaar.

    Wat me nog wel verbaast is dat dit systeem MSN Live 50% van de processorkracht pakt. (het is een 2.2GHZ P4).

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.