Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log met regels die ik niet vertrouw..

Anoniem
None
15 antwoorden
 • Ik heb het idee dat de pc af en toe met dingen bezig is die hij niet behoort te doen.

  Wat was volgens jou de infectie dan?
 • Een rootkit en een besmette mountpoint.

  Wat zijn dan die dingen die de computer volgens jou niet hoort te doen?
 • Hoi,

  Hieronder mijn hijackthis log. Een paar regels vertrouw ik niet, kan iemand eens kijken?

  (AVG, S&D en Addaware vinden niets)

  Oh, vetgedrukt werkt niet in code,

  Het gaat me om deze (3x):
  O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

  [code:1:836dd3d6d0]
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 14:17:12, on 13-3-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16791)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\Mixer.exe
  C:\WINDOWS\system32\RunDLL32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\SpeedFan\speedfan.exe
  C:\Program Files\uTorrent\uTorrent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\WINDOWS\system32\taskmgr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
  C:\WINDOWS\system32\cmd.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
  O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
  O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
  O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
  O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
  [b]O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')[/b][b]O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')[/b]O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  [b]O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')[/b]O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
  O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
  O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232137717765
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe


  End of file - 6474 bytes

  [/code:1:836dd3d6d0]
 • Start hijackthis en kies voor 'do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:

  [b:de923165ed] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [/b:de923165ed]

  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.  Download [b:de923165ed] en sla het op je bureaublad op.
  Dubbelklik op [b:de923165ed]mbam-setup.exe[/b:de923165ed] om het programma te installeren.

  Zorg dat er na de installatie een vinkje is geplaatst bij:[list:de923165ed]
  [*:de923165ed]Update MalwareBytes' Anti-Malware
  [*:de923165ed]Start MalwareBytes' Anti-Malware
  [/list:u:de923165ed]Klik daarna op "[b:de923165ed]Voltooien[/b:de923165ed]".
  Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:de923165ed]
  [*:de923165ed]Zodra het programma gestart is, ga dan naar het tabblad "[b:de923165ed]Instellingen[/b:de923165ed]".
  [*:de923165ed]Vink hier aan: "[b:de923165ed]Sluit Internet Explorer tijdens verwijdering van malware[/b:de923165ed]".
  [*:de923165ed]Ga daarna naar het tabblad "[b:de923165ed]Scanner[/b:de923165ed]", kies hier voor "[b:de923165ed]Snelle Scan[/b:de923165ed]".
  [*:de923165ed]Druk vervolgens op "[b:de923165ed]Scannen[/b:de923165ed]" om de scan te starten.
  [*:de923165ed]Het scannen kan een tijdje duren, dus wees geduldig.

  [*:de923165ed]Wanneer de scan voltooid is, klik op [b:de923165ed]OK[/b:de923165ed], daarna "[b:de923165ed]Bekijk Resultaten[/b:de923165ed]" om de resultaten te zien.
  [*:de923165ed]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:de923165ed]Verwijder geselecteerde[/b:de923165ed]".
  [*:de923165ed]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  [/list:u:de923165ed]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:de923165ed]Logs[/b:de923165ed]" tab te klikken in het programma.

  Plaats dit logje


  Download [b:de923165ed] naar je Bureaublad en gebruik het volgens deze handleiding.
  [i:de923165ed]
 • MalwareBytes:

  [code:1:bfbae2e0f0]
  Malwarebytes' Anti-Malware 1.34
  Database versie: 1845
  Windows 5.1.2600 Service Pack 3

  13-3-2009 17:51:01
  mbam-log-2009-03-13 (17-51-01).txt

  Scan type: Snelle Scan
  Objecten gescand: 62609
  Verstreken tijd: 4 minute(s), 40 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  [/code:1:bfbae2e0f0]

  ComboFix:

  [code:1:bfbae2e0f0]
  ComboFix 09-03-12.01 - Beheerder 2009-03-13 17:54:35.1 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1024.709 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Beheerder\Bureaublad\ComboFix.exe
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  * Nieuw herstelpunt werd aangemaakt  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\windows\system32\pthreadGC2.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2009-02-13 to 2009-03-13 ))))))))))))))))))))))))))))))
  .

  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Malwarebytes
  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2009-03-13 17:45 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2009-03-13 17:45 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\program files\Spybot - Search & Destroy
  2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  2009-03-13 14:04 . 2009-03-13 14:04 <DIR> d–h—– C:\$AVG8.VAULT$
  2009-03-13 14:03 . 2009-03-13 14:03 <DIR> d——– c:\program files\Trend Micro
  2009-03-12 14:03 . 2009-03-12 14:03 <DIR> d——– c:\program files\Alcohol Soft
  2009-03-12 13:57 . 2009-03-12 13:57 717,296 –a—— c:\windows\system32\drivers\sptd.sys
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\All Users\Application Data\InstallShield
  2009-03-09 16:58 . 2009-03-09 16:59 <DIR> d——– c:\program files\TVersity Codec Pack
  2009-03-09 16:52 . 2009-03-09 16:52 <DIR> d——– c:\program files\TVersity
  2009-03-07 22:45 . 2009-03-10 19:54 101 –a—— c:\windows\CMMIXER.INI
  2009-03-07 22:06 . 2009-03-07 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Nokia
  2009-03-07 22:06 . 2008-02-01 15:17 138,112 –a—— c:\windows\system32\drivers\nmwcdnsu.sys
  2009-03-07 22:06 . 2008-02-01 15:17 8,320 –a—— c:\windows\system32\drivers\nmwcdnsuc.sys
  2009-03-07 21:09 . 2009-03-07 21:09 <DIR> d——– c:\program files\Common Files\PCSuite
  2009-03-07 21:08 . 2009-03-07 22:05 <DIR> d——– c:\program files\Common Files\Nokia
  2009-03-07 21:08 . 2008-08-26 09:26 18,816 –a—— c:\windows\system32\drivers\pccsmcfd.sys
  2009-03-07 21:07 . 2009-03-07 21:07 <DIR> d——– c:\program files\PC Connectivity Solution
  2009-03-07 21:07 . 2008-09-15 07:29 1,112,288 –a—— c:\windows\system32\wdfcoinstaller01007.dll
  2009-03-07 21:07 . 2008-09-15 07:56 659,968 –a—— c:\windows\system32\nmwcdcocls.dll
  2009-03-07 21:07 . 2008-09-15 07:56 22,016 –a—— c:\windows\system32\drivers\ccdcmbo.sys
  2009-03-07 21:07 . 2008-09-15 07:56 17,664 –a—— c:\windows\system32\drivers\ccdcmb.sys
  2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerfltj.sys
  2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerflt.sys
  2009-03-07 20:39 . 2008-03-21 13:57 14,640 ——— c:\windows\system32\spmsgXP_2k3.dll
  2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
  2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
  2009-03-07 19:06 . 2009-03-07 19:06 <DIR> d——– c:\program files\Better File Rename
  2009-03-07 17:37 . 2009-03-09 16:59 <DIR> d——– c:\program files\ffdshow
  2009-03-07 17:37 . 2007-12-24 13:47 7,680 –a—— c:\windows\system32\ff_vfw.dll
  2009-03-07 17:37 . 2007-11-29 12:52 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
  2009-03-07 16:49 . 2009-03-07 16:49 <DIR> d——– c:\program files\Orb Networks
  2009-03-07 16:49 . 2009-03-07 16:55 <DIR> d——– c:\documents and settings\All Users\Application Data\OrbNetworks
  2009-03-07 16:37 . 2009-03-07 16:37 <DIR> d——– c:\program files\Microsoft Activesync
  2009-03-07 16:36 . 2009-03-07 16:36 <DIR> d——– c:\program files\CABviaActiveSync
  2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a—— c:\windows\system32\drivers\usbser.sys
  2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
  2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
  2009-03-05 17:17 . 2009-03-05 17:22 <DIR> d——– c:\documents and settings\Beheerder\Application Data\PC Suite
  2009-03-05 17:17 . 2009-03-07 21:33 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nokia
  2009-03-05 17:17 . 2009-03-05 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\PC Suite
  2009-03-05 17:14 . 2009-03-05 17:14 <DIR> d——– c:\program files\DIFX
  2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d—-c— c:\windows\system32\DRVSTORE
  2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d——– c:\program files\Nokia
  2009-03-05 17:13 . 2009-03-07 22:05 <DIR> d——– c:\documents and settings\All Users\Application Data\Installations
  2009-03-05 17:13 . 2008-02-01 15:17 90,624 –a—— c:\windows\system32\nmwcdcls.dll
  2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Seagate
  2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
  2009-03-02 00:05 . 2009-03-02 00:05 <DIR> d——– c:\program files\MediaMonkey
  2009-03-01 23:39 . 2009-03-13 15:29 <DIR> d——– c:\documents and settings\Beheerder\Tracing
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live SkyDrive
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Microsoft
  2009-03-01 23:36 . 2009-03-01 23:36 <DIR> d——– c:\program files\Common Files\Windows Live
  2009-02-28 17:59 . 2009-02-28 17:59 <DIR> d——– c:\documents and settings\All Users\Application Data\NVIDIA
  2009-02-28 17:54 . 2009-02-28 17:57 <DIR> d——– c:\windows\nview
  2009-02-28 17:54 . 2006-10-22 15:06 208,896 –a—— c:\windows\system32\NVUNINST.EXE
  2009-02-28 17:54 . 2006-10-22 12:22 208,896 –a—— c:\windows\system32\nvudisp.exe
  2009-02-28 17:54 . 2009-03-13 10:25 88,566 –a—— c:\windows\system32\nvapps.xml
  2009-02-28 17:54 . 2006-10-22 12:22 17,056 –a—— c:\windows\system32\nvdisp.nvu
  2009-02-28 17:52 . 2009-02-28 17:52 <DIR> d——– c:\program files\SystemRequirementsLab
  2009-02-28 17:49 . 2006-10-22 12:22 4,527,488 –a—— c:\windows\system32\nv4_disp.dll
  2009-02-28 17:49 . 2008-04-14 22:32 4,274,816 –a–c— c:\windows\system32\dllcache\nv4_disp.dll
  2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a—— c:\windows\system32\drivers\nv4_mini.sys
  2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a–c— c:\windows\system32\dllcache\nv4_mini.sys
  2009-02-28 17:37 . 2009-02-28 17:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Matrox
  2009-02-28 17:29 . 2009-02-28 17:29 98,304 –a—— c:\windows\system32\CmdLineExt.dll
  2009-02-28 17:20 . 2009-02-28 17:20 <DIR> d——– c:\program files\Rockstar Games
  2009-02-28 17:10 . 2009-02-28 17:41 664 –a—— c:\windows\system32\d3d9caps.dat
  2009-02-28 16:56 . 2009-02-28 16:57 <DIR> d——– c:\program files\MagicDisc
  2009-02-28 16:56 . 2008-02-18 17:29 96,256 –a—— c:\windows\system32\drivers\mcdbus.sys
  2009-02-22 16:38 . 2009-02-22 16:38 <DIR> d——– c:\program files\HD Tune
  2009-02-21 16:40 . 2009-02-21 16:40 <DIR> d——– c:\program files\MSXML 4.0
  2009-02-20 20:29 . 2009-02-20 20:29 <DIR> d——– c:\documents and settings\All Users\Application Data\ashampoo
  2009-02-19 18:01 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\InstallShield
  2009-02-18 10:53 . 2009-02-18 10:53 <DIR> d——– c:\documents and settings\Beheerder\Application Data\U3
  2009-02-17 12:55 . 2009-02-17 12:55 <DIR> d——– c:\program files\DVD Shrink
  2009-02-17 12:55 . 2009-02-19 19:07 <DIR> d——– c:\documents and settings\All Users\Application Data\DVD Shrink
  2009-02-17 12:35 . 2009-02-17 12:36 <DIR> d——– c:\documents and settings\Beheerder\Application Data\CyberLink
  2009-02-17 12:34 . 2009-03-07 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\CyberLink
  2009-02-17 12:33 . 2009-03-10 13:37 <DIR> d–h—– c:\program files\InstallShield Installation Information
  2009-02-17 12:33 . 2009-02-17 12:34 <DIR> d——– c:\program files\CyberLink
  2009-02-17 12:33 . 2009-02-17 12:33 <DIR> d——– c:\program files\Common Files\CyberLink
  2009-02-17 12:32 . 2009-02-17 12:32 505,128 –a—— c:\windows\system32\msvcp71.dll
  2009-02-17 12:32 . 2009-02-17 12:32 353,576 –a—— c:\windows\system32\msvcr71.dll
  2009-02-17 12:32 . 2009-02-17 12:32 29,480 –a—— c:\windows\system32\msxml3a.dll
  2009-02-15 18:58 . 2009-03-13 16:37 69 –a—— c:\windows\NeroDigital.ini
  2009-02-15 18:44 . 2009-02-15 18:44 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nero
  2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\program files\Nero
  2009-02-15 18:42 . 2009-02-15 18:43 <DIR> d——– c:\program files\Common Files\Nero
  2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
  2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\windows\system32\XPSViewer
  2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\program files\MSBuild
  2009-02-15 18:26 . 2009-02-15 18:26 <DIR> d——– c:\program files\Reference Assemblies
  2009-02-15 18:26 . 2008-07-06 13:06 1,676,288 ——— c:\windows\system32\xpssvcs.dll
  2009-02-15 18:26 . 2008-07-06 13:06 1,676,288 —–c— c:\windows\system32\dllcache\xpssvcs.dll
  2009-02-15 18:26 . 2008-07-06 11:50 597,504 —–c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe
  2009-02-15 18:26 . 2008-07-06 13:06 575,488 ——— c:\windows\system32\xpsshhdr.dll
  2009-02-15 18:26 . 2008-07-06 13:06 575,488 —–c— c:\windows\system32\dllcache\xpsshhdr.dll
  2009-02-15 18:26 . 2008-07-06 13:06 117,760 ——— c:\windows\system32\prntvpt.dll
  2009-02-15 18:26 . 2008-07-06 13:06 89,088 —–c— c:\windows\system32\dllcache\filterpipelineprintproc.dll
  2009-02-15 17:44 . 2009-03-13 10:26 <DIR> d——– c:\program files\SpeedFan
  2009-02-15 17:44 . 2009-02-21 21:08 45 –a—— c:\windows\system32\initdebug.nfo
  2009-02-15 17:41 . 2001-09-06 21:26 1,733,120 –a—— c:\windows\system32\g400d.dll
  2009-02-15 17:41 . 2001-09-06 21:26 1,733,120 –a–c— c:\windows\system32\dllcache\g400d.dll
  2009-02-15 17:41 . 2001-09-06 20:27 322,560 –a—— c:\windows\system32\drivers\g400m.sys
  2009-02-15 17:41 . 2001-09-06 20:27 322,560 –a–c— c:\windows\system32\dllcache\g400m.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-03-13 13:37 ——— d—–w c:\documents and settings\Beheerder\Application Data\uTorrent
  2009-03-12 13:18 ——— d—–w c:\program files\FTDv3.8
  2009-03-04 13:41 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
  2009-02-15 17:35 ——— d—–w c:\program files\Ahead
  2009-02-06 17:52 49,504 —-a-w c:\windows\system32\sirenacm.dll
  2009-02-05 18:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\mIRC
  2009-02-05 17:34 ——— d—–w c:\program files\mIRC
  2009-01-29 22:01 ——— d—–w c:\program files\GrabIt
  2009-01-29 19:36 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-29 19:36 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
  2009-01-29 19:36 10,520 —-a-w c:\windows\system32\avgrsstx.dll
  2009-01-26 00:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\Foxit
  2009-01-26 00:10 ——— d—–w c:\program files\Foxit Software
  2009-01-19 17:46 ——— d—–w c:\program files\uTorrent
  2009-01-18 20:22 ——— d—–w c:\program files\Linksys
  2009-01-17 17:29 9,472 —-a-w c:\windows\system32\drivers\sisperf.sys
  2009-01-17 17:29 49,024 —-a-w c:\windows\system32\drivers\sisidex.sys
  2009-01-17 17:29 4,096 —-a-w c:\windows\system32\drivers\siside.sys
  2009-01-17 17:29 139,264 —-a-w c:\windows\system32\IDEproperty.dll
  2009-01-16 21:39 ——— d—–w c:\program files\DiskInternals
  2009-01-16 21:05 ——— d—–w c:\documents and settings\Beheerder\Application Data\AVGTOOLBAR
  2009-01-16 20:48 ——— d—–w c:\program files\AVG
  2009-01-16 20:11 ——— d—–w c:\program files\microsoft frontpage
  2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
  "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
  "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
  "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
  "C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
  "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
  "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

  c:\documents and settings\Beheerder\Menu Start\Programma's\Opstarten\
  MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-28 546816]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
  2009-01-29 20:36 10520 c:\windows\system32\avgrsstx.dll

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  @="Driver"

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "%windir%\\system32\\sessmgr.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\Linksys\\KiSS PC-Link\\KiSS_PC-Link.exe"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\mIRC\\mirc.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
  "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
  "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
  "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-16 325128]
  R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-16 107272]
  R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-05-15 12:07:00 61424]
  R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-16 903960]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 298264]
  S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\software\Diagnostics\everesthome220\kerneld.wnt –> e:\software\Diagnostics\everesthome220\kerneld.wnt [?]
  S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-07 138112]
  S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-07 8320]
  S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-01-16 166720]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcbd5954-fda1-11dd-bf01-000e2e3c7529}]
  \Shell\AutoRun\command - G:\LaunchU3.exe -a
  .
  - - - - ORPHANS VERWIJDERD - - - -

  HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.google.nl/
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-03-13 17:55:58
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
  "ImagePath"="\??\e:\software\Diagnostics\everesthome220\kerneld.wnt"

  [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
  "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
  .
  Voltooingstijd: 2009-03-13 17:57:07
  ComboFix-quarantined-files.txt 2009-03-13 16:57:05

  Pre-Run: 5.104.771.072 bytes beschikbaar
  Post-Run: 5,157,187,584 bytes beschikbaar

  241 — E O F — 2009-02-21 15:41:27
  [/code:1:bfbae2e0f0]

  Volgens mij is er niet veel gevonden of wel?
 • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
  Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
  Dubbelklik op Flash_Disinfector.exe om de tool te starten.
  Als de tool klaar is, zal de computer opnieuw starten.
  Open een kladblokbestand.
  Kopieer de onderstaande code, en plak deze in het kladblokbestand.

 • eh, ik heb geen flashdisks of iets dergelijks in gebruik…
 • Sla die stap dan over.
 • Bij deze:

  (wat is/was er mis trouwens?)

  [code:1:8f2d0095b9]
  ComboFix 09-03-14.01 - Beheerder 2009-03-15 17:40:27.2 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1024.634 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Beheerder\Bureaublad\ComboFix.exe
  gebruikte Opdracht switches :: c:\documents and settings\Beheerder\Bureaublad\CFScript.txt
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  * Nieuw herstelpunt werd aangemaakt

  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

  FILE ::
  c:\windows\system32\drivers\pccsmcfd.sys
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\windows\system32\drivers\pccsmcfd.sys

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2009-02-15 to 2009-03-15 ))))))))))))))))))))))))))))))
  .

  2009-03-15 00:20 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
  2009-03-15 00:20 . 2008-10-16 14:06 208,744 –a—— c:\windows\system32\muweb.dll
  2009-03-15 00:20 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
  2009-03-13 22:06 . 2009-03-13 22:06 38,040 –a—— C:\img2-001.raw
  2009-03-13 22:04 . 2007-04-10 22:46 1,966,312 –a—— c:\windows\system32\drivers\VX1000.sys
  2009-03-13 22:04 . 2007-04-10 22:46 709,992 –a—— c:\windows\vVX1000.exe
  2009-03-13 22:04 . 2007-04-10 22:46 476,520 –a—— c:\windows\vVX1000.dll
  2009-03-13 22:04 . 2007-04-10 22:46 202,088 –a—— c:\windows\system32\LCCoin14.dll
  2009-03-13 22:04 . 2007-04-10 22:46 185,704 –a—— c:\windows\system32\cVX1000.dll
  2009-03-13 22:04 . 2007-04-10 22:46 111,976 –a—— c:\windows\VX1000.dll
  2009-03-13 22:04 . 2007-04-10 22:46 15,498 –a—— c:\windows\VX1000.ini
  2009-03-13 22:04 . 2007-04-10 22:46 13,023 –a—— c:\windows\VX1000.src
  2009-03-13 22:02 . 2009-03-13 22:04 <DIR> d——– c:\program files\Microsoft LifeCam
  2009-03-13 21:58 . 2009-03-13 21:58 <DIR> d——– c:\windows\system32\drivers\umdf
  2009-03-13 21:57 . 2006-09-28 16:05 2,414,360 –a—— c:\windows\system32\d3dx9_31.dll
  2009-03-13 21:57 . 2006-09-28 16:05 237,848 –a—— c:\windows\system32\xactengine2_4.dll
  2009-03-13 21:57 . 2006-07-28 09:30 236,824 –a—— c:\windows\system32\xactengine2_3.dll
  2009-03-13 21:57 . 2006-09-28 16:04 68,888 –a—— c:\windows\system32\xinput1_3.dll
  2009-03-13 21:57 . 2006-07-28 09:30 62,744 –a—— c:\windows\system32\xinput1_2.dll
  2009-03-13 21:57 . 2006-09-28 16:03 15,128 –a—— c:\windows\system32\x3daudio1_1.dll
  2009-03-13 21:56 . 2005-05-26 15:34 2,297,552 –a—— c:\windows\system32\d3dx9_26.dll
  2009-03-13 21:55 . 2008-04-14 00:15 60,032 –a—— c:\windows\system32\drivers\USBAUDIO.sys
  2009-03-13 21:55 . 2008-04-14 00:15 60,032 –a–c— c:\windows\system32\dllcache\usbaudio.sys
  2009-03-13 21:53 . 2008-04-14 00:15 32,128 –a—— c:\windows\system32\drivers\usbccgp.sys
  2009-03-13 21:53 . 2008-04-14 00:15 32,128 –a–c— c:\windows\system32\dllcache\usbccgp.sys
  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Malwarebytes
  2009-03-13 17:45 . 2009-03-13 17:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2009-03-13 17:45 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2009-03-13 17:45 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\program files\Spybot - Search & Destroy
  2009-03-13 14:12 . 2009-03-13 14:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  2009-03-13 14:04 . 2009-03-13 14:04 <DIR> d–h—– C:\$AVG8.VAULT$
  2009-03-13 14:03 . 2009-03-13 14:03 <DIR> d——– c:\program files\Trend Micro
  2009-03-12 14:03 . 2009-03-12 14:03 <DIR> d——– c:\program files\Alcohol Soft
  2009-03-12 13:57 . 2009-03-12 13:57 717,296 –a—— c:\windows\system32\drivers\sptd.sys
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Jasc Software Inc
  2009-03-10 13:43 . 2009-03-10 13:43 <DIR> d——– c:\documents and settings\All Users\Application Data\InstallShield
  2009-03-09 16:58 . 2009-03-09 16:59 <DIR> d——– c:\program files\TVersity Codec Pack
  2009-03-09 16:52 . 2009-03-09 16:52 <DIR> d——– c:\program files\TVersity
  2009-03-07 22:45 . 2009-03-10 19:54 101 –a—— c:\windows\CMMIXER.INI
  2009-03-07 22:06 . 2009-03-07 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Nokia
  2009-03-07 22:06 . 2008-02-01 15:17 138,112 –a—— c:\windows\system32\drivers\nmwcdnsu.sys
  2009-03-07 22:06 . 2008-02-01 15:17 8,320 –a—— c:\windows\system32\drivers\nmwcdnsuc.sys
  2009-03-07 21:09 . 2009-03-07 21:09 <DIR> d——– c:\program files\Common Files\PCSuite
  2009-03-07 21:08 . 2009-03-07 22:05 <DIR> d——– c:\program files\Common Files\Nokia
  2009-03-07 21:07 . 2009-03-07 21:07 <DIR> d——– c:\program files\PC Connectivity Solution
  2009-03-07 21:07 . 2008-09-15 07:29 1,112,288 –a—— c:\windows\system32\wdfcoinstaller01007.dll
  2009-03-07 21:07 . 2008-09-15 07:56 659,968 –a—— c:\windows\system32\nmwcdcocls.dll
  2009-03-07 21:07 . 2008-09-15 07:56 22,016 –a—— c:\windows\system32\drivers\ccdcmbo.sys
  2009-03-07 21:07 . 2008-09-15 07:56 17,664 –a—— c:\windows\system32\drivers\ccdcmb.sys
  2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerfltj.sys
  2009-03-07 21:07 . 2008-09-15 07:56 8,064 –a—— c:\windows\system32\drivers\usbser_lowerflt.sys
  2009-03-07 20:39 . 2008-03-21 13:57 14,640 ——— c:\windows\system32\spmsgXP_2k3.dll
  2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
  2009-03-07 20:39 . 2009-03-07 20:39 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
  2009-03-07 19:06 . 2009-03-07 19:06 <DIR> d——– c:\program files\Better File Rename
  2009-03-07 17:37 . 2009-03-09 16:59 <DIR> d——– c:\program files\ffdshow
  2009-03-07 17:37 . 2007-12-24 13:47 7,680 –a—— c:\windows\system32\ff_vfw.dll
  2009-03-07 17:37 . 2007-11-29 12:52 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
  2009-03-07 16:49 . 2009-03-07 16:49 <DIR> d——– c:\program files\Orb Networks
  2009-03-07 16:49 . 2009-03-07 16:55 <DIR> d——– c:\documents and settings\All Users\Application Data\OrbNetworks
  2009-03-07 16:37 . 2009-03-07 16:37 <DIR> d——– c:\program files\Microsoft Activesync
  2009-03-07 16:36 . 2009-03-07 16:36 <DIR> d——– c:\program files\CABviaActiveSync
  2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a—— c:\windows\system32\drivers\usbser.sys
  2009-03-05 17:22 . 2008-04-14 00:15 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
  2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  2009-03-05 17:22 . 2009-03-05 17:22 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
  2009-03-05 17:17 . 2009-03-05 17:22 <DIR> d——– c:\documents and settings\Beheerder\Application Data\PC Suite
  2009-03-05 17:17 . 2009-03-07 21:33 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nokia
  2009-03-05 17:17 . 2009-03-05 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\PC Suite
  2009-03-05 17:14 . 2009-03-05 17:14 <DIR> d——– c:\program files\DIFX
  2009-03-05 17:13 . 2009-03-13 22:04 <DIR> d—-c— c:\windows\system32\DRVSTORE
  2009-03-05 17:13 . 2009-03-07 22:06 <DIR> d——– c:\program files\Nokia
  2009-03-05 17:13 . 2009-03-07 22:05 <DIR> d——– c:\documents and settings\All Users\Application Data\Installations
  2009-03-05 17:13 . 2008-02-01 15:17 90,624 –a—— c:\windows\system32\nmwcdcls.dll
  2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Seagate
  2009-03-05 16:21 . 2009-03-05 16:21 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
  2009-03-02 00:05 . 2009-03-02 00:05 <DIR> d——– c:\program files\MediaMonkey
  2009-03-01 23:39 . 2009-03-15 04:09 <DIR> d——– c:\documents and settings\Beheerder\Tracing
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live SkyDrive
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Windows Live
  2009-03-01 23:38 . 2009-03-01 23:38 <DIR> d——– c:\program files\Microsoft
  2009-03-01 23:36 . 2009-03-01 23:36 <DIR> d——– c:\program files\Common Files\Windows Live
  2009-02-28 17:59 . 2009-02-28 17:59 <DIR> d——– c:\documents and settings\All Users\Application Data\NVIDIA
  2009-02-28 17:54 . 2009-02-28 17:57 <DIR> d——– c:\windows\nview
  2009-02-28 17:54 . 2006-10-22 15:06 208,896 –a—— c:\windows\system32\NVUNINST.EXE
  2009-02-28 17:54 . 2006-10-22 12:22 208,896 –a—— c:\windows\system32\nvudisp.exe
  2009-02-28 17:54 . 2009-03-15 00:32 88,566 –a—— c:\windows\system32\nvapps.xml
  2009-02-28 17:54 . 2006-10-22 12:22 17,056 –a—— c:\windows\system32\nvdisp.nvu
  2009-02-28 17:52 . 2009-02-28 17:52 <DIR> d——– c:\program files\SystemRequirementsLab
  2009-02-28 17:49 . 2006-10-22 12:22 4,527,488 –a—— c:\windows\system32\nv4_disp.dll
  2009-02-28 17:49 . 2008-04-14 22:32 4,274,816 –a–c— c:\windows\system32\dllcache\nv4_disp.dll
  2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a—— c:\windows\system32\drivers\nv4_mini.sys
  2009-02-28 17:49 . 2006-10-22 12:22 3,994,624 –a–c— c:\windows\system32\dllcache\nv4_mini.sys
  2009-02-28 17:37 . 2009-02-28 17:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Matrox
  2009-02-28 17:29 . 2009-02-28 17:29 98,304 –a—— c:\windows\system32\CmdLineExt.dll
  2009-02-28 17:20 . 2009-02-28 17:20 <DIR> d——– c:\program files\Rockstar Games
  2009-02-28 17:10 . 2009-02-28 17:41 664 –a—— c:\windows\system32\d3d9caps.dat
  2009-02-28 16:56 . 2009-02-28 16:57 <DIR> d——– c:\program files\MagicDisc
  2009-02-28 16:56 . 2008-02-18 17:29 96,256 –a—— c:\windows\system32\drivers\mcdbus.sys
  2009-02-22 16:38 . 2009-02-22 16:38 <DIR> d——– c:\program files\HD Tune
  2009-02-21 16:40 . 2009-02-21 16:40 <DIR> d——– c:\program files\MSXML 4.0
  2009-02-20 20:29 . 2009-02-20 20:29 <DIR> d——– c:\documents and settings\All Users\Application Data\ashampoo
  2009-02-19 18:01 . 2009-03-10 13:43 <DIR> d——– c:\program files\Common Files\InstallShield
  2009-02-18 10:53 . 2009-02-18 10:53 <DIR> d——– c:\documents and settings\Beheerder\Application Data\U3
  2009-02-17 12:55 . 2009-02-17 12:55 <DIR> d——– c:\program files\DVD Shrink
  2009-02-17 12:55 . 2009-02-19 19:07 <DIR> d——– c:\documents and settings\All Users\Application Data\DVD Shrink
  2009-02-17 12:35 . 2009-02-17 12:36 <DIR> d——– c:\documents and settings\Beheerder\Application Data\CyberLink
  2009-02-17 12:34 . 2009-03-07 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\CyberLink
  2009-02-17 12:33 . 2009-03-10 13:37 <DIR> d–h—– c:\program files\InstallShield Installation Information
  2009-02-17 12:33 . 2009-02-17 12:34 <DIR> d——– c:\program files\CyberLink
  2009-02-17 12:33 . 2009-02-17 12:33 <DIR> d——– c:\program files\Common Files\CyberLink
  2009-02-17 12:32 . 2009-02-17 12:32 505,128 –a—— c:\windows\system32\msvcp71.dll
  2009-02-17 12:32 . 2009-02-17 12:32 353,576 –a—— c:\windows\system32\msvcr71.dll
  2009-02-17 12:32 . 2009-02-17 12:32 29,480 –a—— c:\windows\system32\msxml3a.dll
  2009-02-15 18:58 . 2009-03-14 23:38 69 –a—— c:\windows\NeroDigital.ini
  2009-02-15 18:44 . 2009-02-15 18:44 <DIR> d——– c:\documents and settings\Beheerder\Application Data\Nero
  2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\program files\Nero
  2009-02-15 18:42 . 2009-02-15 18:43 <DIR> d——– c:\program files\Common Files\Nero
  2009-02-15 18:42 . 2009-02-15 18:42 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
  2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\windows\system32\XPSViewer
  2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d——– c:\program files\MSBuild

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-03-15 16:34 ——— d—–w c:\documents and settings\Beheerder\Application Data\uTorrent
  2009-03-12 13:18 ——— d—–w c:\program files\FTDv3.8
  2009-03-04 13:41 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
  2009-02-15 17:35 ——— d—–w c:\program files\Ahead
  2009-02-09 14:08 1,846,912 —-a-w c:\windows\system32\win32k.sys
  2009-02-06 17:52 49,504 —-a-w c:\windows\system32\sirenacm.dll
  2009-02-05 18:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\mIRC
  2009-02-05 17:34 ——— d—–w c:\program files\mIRC
  2009-01-29 22:01 ——— d—–w c:\program files\GrabIt
  2009-01-29 19:36 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-29 19:36 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
  2009-01-29 19:36 10,520 —-a-w c:\windows\system32\avgrsstx.dll
  2009-01-26 00:11 ——— d—–w c:\documents and settings\Beheerder\Application Data\Foxit
  2009-01-26 00:10 ——— d—–w c:\program files\Foxit Software
  2009-01-19 17:46 ——— d—–w c:\program files\uTorrent
  2009-01-18 20:22 ——— d—–w c:\program files\Linksys
  2009-01-17 17:29 9,472 —-a-w c:\windows\system32\drivers\sisperf.sys
  2009-01-17 17:29 49,024 —-a-w c:\windows\system32\drivers\sisidex.sys
  2009-01-17 17:29 4,096 —-a-w c:\windows\system32\drivers\siside.sys
  2009-01-17 17:29 139,264 —-a-w c:\windows\system32\IDEproperty.dll
  2009-01-16 21:39 ——— d—–w c:\program files\DiskInternals
  2009-01-16 21:05 ——— d—–w c:\documents and settings\Beheerder\Application Data\AVGTOOLBAR
  2009-01-16 20:48 ——— d—–w c:\program files\AVG
  2009-01-16 20:11 ——— d—–w c:\program files\microsoft frontpage
  2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
  .

  ((((((((((((((((((((((((((((( SnapShot@2009-03-13_17.56.20,53 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2009-03-13 21:01:48 53,248 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
  + 2009-03-13 21:01:49 12,800 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
  + 2009-03-13 21:01:49 473,600 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
  + 2009-03-13 21:01:45 2,676,224 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:45 2,846,720 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:46 563,712 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:46 567,296 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:46 576,000 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:47 577,024 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:47 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:47 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:48 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:49 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2009-03-13 21:01:49 145,920 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
  + 2009-03-13 21:01:49 159,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
  + 2009-03-13 21:01:50 364,544 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
  + 2009-03-13 21:01:50 178,176 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
  + 2009-03-13 21:01:48 223,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
  + 2009-03-13 21:05:08 49,334 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_3B39D466F97F59A5D83D68.exe
  + 2009-03-13 21:05:08 49,334 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_638BCDEA3B33CA68073C66.exe
  + 2009-03-13 21:05:08 287,934 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_93458484A917975E9CF2AA.exe
  + 2009-03-13 21:05:08 29,926 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_CB6C72A2F50662445A5776.exe
  + 2009-03-13 21:05:08 287,934 —-a-r c:\windows\Installer\{63AFACBC-4795-4A1B-8037-5085DC03FC54}\_E35C8803599553ABBDC417.exe
  + 2005-03-18 15:23:10 53,248 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
  + 2005-03-18 15:23:10 12,800 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
  + 2005-03-18 15:23:14 473,600 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
  + 2004-09-29 11:38:58 2,676,224 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-03-18 15:23:10 145,920 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
  + 2005-03-18 15:23:10 159,232 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
  + 2005-03-18 15:23:14 364,544 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
  + 2005-03-18 15:23:12 178,176 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
  + 2005-03-18 15:23:14 223,232 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
  + 2004-12-01 14:53:06 2,846,720 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-02-05 18:32:54 563,712 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-03-18 16:23:14 567,296 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-05-26 14:15:56 576,000 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-07-22 16:21:34 577,024 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-09-28 13:11:52 577,536 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
  + 2005-12-05 16:20:50 577,536 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
  + 2006-02-03 06:40:48 578,560 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
  + 2006-03-31 10:27:50 578,560 —-a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
  + 2006-08-24 21:30:12 276,480 ——w c:\windows\system32\audiodev.dll
  - 2004-08-11 00:45:04 233,472 —-a-w c:\windows\system32\blackbox.dll
  + 2006-08-24 21:30:12 537,600 —-a-w c:\windows\system32\blackbox.dll
  - 2004-08-11 00:45:04 161,792 —-a-w c:\windows\system32\cewmdm.dll
  + 2006-08-24 21:30:12 228,352 —-a-w c:\windows\system32\cewmdm.dll
  + 2005-02-05 18:45:26 2,222,800 —-a-w c:\windows\system32\d3dx9_24.dll
  + 2005-03-18 16:19:58 2,337,488 —-a-w c:\windows\system32\d3dx9_25.dll
  + 2005-07-22 18:59:04 2,319,568 —-a-w c:\windows\system32\d3dx9_27.dll
  + 2006-02-03 07:43:16 2,332,368 —-a-w c:\windows\system32\d3dx9_29.dll
  - 2004-08-11 00:45:04 233,472 -c–a-w c:\windows\system32\dllcache\blackbox.dll
  + 2006-08-24 21:30:12 537,600 -c–a-w c:\windows\system32\dllcache\blackbox.dll
  + 2008-04-13 23:16:24 17,024 -c–a-w c:\windows\system32\dllcache\ccdecode.sys
  - 2004-08-11 00:45:04 161,792 -c–a-w c:\windows\system32\dllcache\cewmdm.dll
  + 2006-08-24 21:30:12 228,352 -c–a-w c:\windows\system32\dllcache\cewmdm.dll
  - 2004-08-11 00:45:04 527,360 -c–a-w c:\windows\system32\dllcache\drmv2clt.dll
  + 2006-08-24 21:30:14 990,208 -c–a-w c:\windows\system32\dllcache\drmv2clt.dll
  - 2004-08-11 00:45:04 6,656 -c–a-w c:\windows\system32\dllcache\laprxy.dll
  + 2006-08-24 21:30:16 11,264 -c–a-w c:\windows\system32\dllcache\LAPRXY.dll
  - 2008-06-10 08:17:42 96,768 -c–a-w c:\windows\system32\dllcache\logagent.exe
  + 2006-08-24 19:31:04 100,864 -c–a-w c:\windows\system32\dllcache\logagent.exe
  - 2008-04-14 20:32:30 310,272 -c–a-w c:\windows\system32\dllcache\mp43dmod.dll
  + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MP43DMOD.dll
  - 2008-04-14 20:32:30 384,512 -c–a-w c:\windows\system32\dllcache\mp4sdmod.dll
  + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MP4SDMOD.dll
  - 2008-04-14 20:32:30 240,640 -c–a-w c:\windows\system32\dllcache\mpg4dmod.dll
  + 2006-08-24 21:30:18 4,096 -c–a-w c:\windows\system32\dllcache\MPG4DMOD.dll
  - 2004-08-11 00:45:04 141,312 -c–a-w c:\windows\system32\dllcache\msnetobj.dll
  + 2006-08-24 21:30:18 179,712 -c–a-w c:\windows\system32\dllcache\msnetobj.dll
  - 2004-08-11 00:45:04 25,088 -c–a-w c:\windows\system32\dllcache\mspmsnsv.dll
  + 2006-08-24 21:30:20 27,648 -c–a-w c:\windows\system32\dllcache\mspmsnsv.dll
  - 2004-08-11 00:45:04 169,472 -c–a-w c:\windows\system32\dllcache\mspmsp.dll
  + 2006-08-24 21:30:20 175,104 -c–a-w c:\windows\system32\dllcache\mspmsp.dll
  - 2004-08-11 00:45:04 360,176 -c–a-w c:\windows\system32\dllcache\msscp.dll
  + 2006-08-24 21:30:20 414,208 -c–a-w c:\windows\system32\dllcache\msscp.dll
  + 2008-04-13 23:09:52 5,504 -c–a-w c:\windows\system32\dllcache\mstee.sys
  - 2004-08-11 00:45:04 311,296 -c–a-w c:\windows\system32\dllcache\mswmdm.dll
  + 2006-08-24 21:30:20 320,512 -c–a-w c:\windows\system32\dllcache\mswmdm.dll
  + 2008-04-13 23:16:26 85,248 -c–a-w c:\windows\system32\dllcache\nabtsfec.sys
  + 2008-04-13 23:16:24 10,880 -c–a-w c:\windows\system32\dllcache\ndisip.sys
  - 2004-08-11 00:45:04 221,184 -c–a-w c:\windows\system32\dllcache\qasf.dll
  + 2006-08-24 21:30:22 210,432 -c–a-w c:\windows\system32\dllcache\qasf.dll
  - 2008-04-14 20:32:40 144,384 -c–a-w c:\windows\system32\dllcache\schannel.dll
  + 2008-12-05 06:58:53 144,896 -c–a-w c:\windows\system32\dllcache\schannel.dll
  - 2008-04-14 20:32:40 8,508,416 -c–a-w c:\windows\system32\dllcache\shell32.dll
  + 2008-06-17 19:03:19 8,508,416 -c–a-w c:\windows\system32\dllcache\shell32.dll
  + 2008-04-13 23:16:24 11,136 -c–a-w c:\windows\system32\dllcache\slip.sys
  + 2008-04-13 23:16:22 15,232 -c–a-w c:\windows\system32\dllcache\streamip.sys
  + 2008-04-14 21:32:46 54,272 -c–a-w c:\windows\system32\dllcache\vfwwdm32.dll
  - 2008-09-15 15:28:42 1,846,528 -c–a-w c:\windows\system32\dllcache\win32k.sys
  + 2009-02-09 14:08:47 1,846,912 -c–a-w c:\windows\system32\dllcache\win32k.sys
  - 2004-08-11 00:45:04 380,144 -c–a-w c:\windows\system32\dllcache\wmadmod.dll
  + 2006-08-24 21:30:22 757,248 -c–a-w c:\windows\system32\dllcache\WMADMOD.dll
  - 2004-08-11 00:45:04 712,704 -c–a-w c:\windows\system32\dllcache\wmadmoe.dll
  + 2006-08-24 21:30:22 1,118,208 -c–a-w c:\windows\system32\dllcache\WMADMOE.dll
  - 2007-10-20 05:01:32 227,328 -c–a-w c:\windows\system32\dllcache\wmasf.dll
  + 2006-08-24 21:30:22 222,208 -c–a-w c:\windows\system32\dllcache\WMASF.dll
  - 2004-08-11 00:45:04 30,208 -c–a-w c:\windows\system32\dllcache\wmdmlog.dll
  + 2006-08-24 21:30:22 33,792 -c–a-w c:\windows\system32\dllcache\wmdmlog.dll
  - 2004-08-11 00:45:04 34,304 -c–a-w c:\windows\system32\dllcache\wmdmps.dll
  + 2006-08-24 21:30:22 37,376 -c–a-w c:\windows\system32\dllcache\wmdmps.dll
  - 2004-08-11 00:45:04 150,016 -c–a-w c:\windows\system32\dllcache\wmidx.dll
  + 2006-08-24 21:30:24 157,184 -c–a-w c:\windows\system32\dllcache\wmidx.dll
  - 2008-06-10 10:37:02 1,026,048 -c–a-w c:\windows\system32\dllcache\WMNetmgr.dll
  + 2006-08-24 21:30:24 937,984 -c–a-w c:\windows\system32\dllcache\WMNetMgr.dll
  - 2004-08-11 00:45:04 773,368 -c–a-w c:\windows\system32\dllcache\wmsdmod.dll
  + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmsdmod.dll
  - 2004-08-11 00:45:04 1,116,160 -c–a-w c:\windows\system32\dllcache\wmsdmoe2.dll
  + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmsdmoe2.dll
  - 2004-08-11 00:45:06 531,192 -c–a-w c:\windows\system32\dllcache\wmspdmod.dll
  + 2006-08-24 21:30:26 603,648 -c–a-w c:\windows\system32\dllcache\WMSPDMOD.dll
  - 2004-08-11 00:45:06 936,960 -c–a-w c:\windows\system32\dllcache\wmspdmoe.dll
  + 2006-08-24 21:30:26 1,327,616 -c–a-w c:\windows\system32\dllcache\WMSPDMOE.dll
  - 2006-12-07 06:40:49 2,362,184 -c–a-w c:\windows\system32\dllcache\wmvcore.dll
  + 2006-08-24 21:30:26 2,450,944 -c–a-w c:\windows\system32\dllcache\wmvcore.dll
  - 2004-08-11 00:45:06 871,160 -c–a-w c:\windows\system32\dllcache\wmvdmod.dll
  + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmvdmod.dll
  - 2004-08-11 00:45:06 999,424 -c–a-w c:\windows\system32\dllcache\wmvdmoe2.dll
  + 2006-08-24 21:30:26 4,096 -c–a-w c:\windows\system32\dllcache\wmvdmoe2.dll
  + 2008-04-13 23:16:26 19,200 -c–a-w c:\windows\system32\dllcache\wstcodec.sys
  + 2008-04-13 23:16:24 17,024 —-a-w c:\windows\system32\drivers\CCDECODE.sys
  + 2008-04-13 23:09:52 5,504 —-a-w c:\windows\system32\drivers\MSTEE.sys
  + 2008-04-13 23:16:26 85,248 —-a-w c:\windows\system32\drivers\NABTSFEC.sys
  + 2008-04-13 23:16:24 10,880 —-a-w c:\windows\system32\drivers\NdisIP.sys
  + 2008-04-13 23:16:24 11,136 —-a-w c:\windows\system32\drivers\SLIP.sys
  + 2008-04-13 23:16:22 15,232 —-a-w c:\windows\system32\drivers\StreamIP.sys
  + 2006-08-24 21:30:26 667,648 ——w c:\windows\system32\drivers\umdf\wpdmtpdr.dll
  - 2004-08-11 00:45:06 18,944 —-a-w c:\windows\system32\drivers\wpdusb.sys
  + 2006-08-24 19:26:02 38,656 —-a-w c:\windows\system32\drivers\wpdusb.sys
  + 2008-04-13 23:16:26 19,200 —-a-w c:\windows\system32\drivers\WSTCODEC.SYS
  + 2006-08-24 19:27:06 249,344 ——w c:\windows\system32\drmupgds.exe
  - 2004-08-11 00:45:04 527,360 —-a-w c:\windows\system32\drmv2clt.dll
  + 2006-08-24 21:30:14 990,208 —-a-w c:\windows\system32\drmv2clt.dll
  + 2007-04-12 21:46:36 202,072 -c–a-w c:\windows\system32\DRVSTORE\NX6000_F6B3840B39991CB5F379BB4F46F6AA68F481F295\LCCoin14.dll
  + 2007-04-12 21:46:36 34,136 -c–a-w c:\windows\system32\DRVSTORE\NX6000_F6B3840B39991CB5F379BB4F46F6AA68F481F295\nx6000.sys
  + 2007-04-10 21:46:53 111,976 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\1033\VX1000.dll
  + 2007-04-10 21:46:52 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\cVX1000.dll
  + 2007-04-10 21:46:52 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\LCCoin14.dll
  + 2007-04-10 21:46:52 505,192 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\TwainUI.dll
  + 2007-04-10 21:46:52 476,520 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.dll
  + 2007-04-10 21:46:52 709,992 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe
  + 2007-04-10 21:46:53 1,966,312 -c–a-w c:\windows\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\VX1000.sys
  + 2007-04-10 21:46:50 111,976 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\1033\VX3000.dll
  + 2007-04-10 21:46:47 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\cVX3000.dll
  + 2007-04-10 21:46:47 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\LCCoin14.dll
  + 2007-04-10 21:46:47 505,192 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\TwainUI.dll
  + 2007-04-10 21:46:48 476,520 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.dll
  + 2007-04-10 21:46:48 709,992 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.exe
  + 2007-04-10 21:46:48 1,966,696 -c–a-w c:\windows\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\VX3000.sys
  + 2007-04-10 21:46:46 116,072 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\1033\VX6000.dll
  + 2007-04-10 21:46:43 185,704 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\cVX6000.dll
  + 2007-04-10 21:46:43 202,088 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\LCCoin14.dll
  + 2007-04-10 21:46:43 484,712 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\vVX6000.dll
  + 2007-04-10 21:46:43 996,712 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\vVX6000.exe
  + 2007-04-10 21:46:44 2,385,896 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6000Xp.sys
  + 2007-04-10 21:46:44 36,328 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6KCamd.sys
  + 2007-04-10 21:46:44 509,288 -c–a-w c:\windows\system32\DRVSTORE\VX6000_34B6C40B745EB592EBBD2F02BC6EC375C6A74955\VX6KTUI.dll
  - 2009-03-01 23:34:41 97,456 —-a-w c:\windows\system32\FNTCACHE.DAT
  + 2009-03-14 23:31:24 97,456 —-a-w c:\windows\system32\FNTCACHE.DAT
  - 2004-08-11 00:45:04 6,656 —-a-w c:\windows\system32\laprxy.dll
  + 2006-08-24 21:30:16 11,264 —-a-w c:\windows\system32\LAPRXY.dll
  - 2008-06-10 08:17:42 96,768 —-a-w c:\windows\system32\logagent.exe
  + 2006-08-24 19:31:04 100,864 —-a-w c:\windows\system32\logagent.exe
  + 2006-08-24 21:30:18 211,968 ——w c:\windows\system32\MFPLAT.dll
  + 2006-08-24 21:30:18 258,560 ——w c:\windows\system32\MP43DECD.dll
  - 2008-04-14 20:32:30 310,272 —-a-w c:\windows\system32\mp43dmod.dll
  + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MP43DMOD.dll
  + 2006-08-24 21:30:18 316,928 ——w c:\windows\system32\MP4SDECD.dll
  - 2008-04-14 20:32:30 384,512 —-a-w c:\windows\system32\mp4sdmod.dll
  + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MP4SDMOD.dll
  + 2006-08-24 21:30:18 259,072 ——w c:\windows\system32\MPG4DECD.dll
  - 2008-04-14 20:32:30 240,640 —-a-w c:\windows\system32\mpg4dmod.dll
  + 2006-08-24 21:30:18 4,096 —-a-w c:\windows\system32\MPG4DMOD.dll
  - 2009-02-12 04:56:17 21,244,872 —-a-w c:\windows\system32\MRT.exe
  + 2009-02-25 20:54:59 24,768,960 —-a-w c:\windows\system32\MRT.exe
  - 2004-08-11 00:45:04 141,312 —-a-w c:\windows\system32\msnetobj.dll
  + 2006-08-24 21:30:18 179,712 —-a-w c:\windows\system32\msnetobj.dll
  - 2004-08-11 00:45:04 25,088 —-a-w c:\windows\system32\MsPMSNSv.dll
  + 2006-08-24 21:30:20 27,648 —-a-w c:\windows\system32\mspmsnsv.dll
  - 2004-08-11 00:45:04 169,472 —-a-w c:\windows\system32\MsPMSP.dll
  + 2006-08-24 21:30:20 175,104 —-a-w c:\windows\system32\mspmsp.dll
  - 2004-08-11 00:45:04 360,176 —-a-w c:\windows\system32\MSSCP.dll
  + 2006-08-24 21:30:20 414,208 —-a-w c:\windows\system32\msscp.dll
  - 2004-08-11 00:45:04 311,296 —-a-w c:\windows\system32\MSWMDM.dll
  + 2006-08-24 21:30:20 320,512 —-a-w c:\windows\system32\mswmdm.dll
  + 2006-08-24 21:30:22 284,160 ——w c:\windows\system32\PortableDeviceApi.dll
  + 2006-08-24 21:30:22 101,888 ——w c:\windows\system32\PortableDeviceClassExtension.dll
  + 2006-08-24 21:30:22 166,912 ——w c:\windows\system32\PortableDeviceTypes.dll
  + 2006-08-24 21:30:22 132,096 ——w c:\windows\system32\PortableDeviceWiaCompat.dll
  + 2006-08-24 21:30:22 198,144 ——w c:\windows\system32\PortableDeviceWMDRM.dll
  - 2004-08-11 00:45:04 221,184 —-a-w c:\windows\system32\qasf.dll
  + 2006-08-24 21:30:22 210,432 —-a-w c:\windows\system32\qasf.dll
  - 2008-04-14 20:32:40 144,384 —-a-w c:\windows\system32\schannel.dll
  + 2008-12-05 06:58:53 144,896 —-a-w c:\windows\system32\schannel.dll
  - 2008-04-14 20:32:40 8,508,416 —-a-w c:\windows\system32\shell32.dll
  + 2008-06-17 19:03:19 8,508,416 —-a-w c:\windows\system32\shell32.dll
  - 2007-07-27 08:41:40 16,760 ——w c:\windows\system32\spmsg.dll
  + 2007-11-30 11:19:43 18,808 ——w c:\windows\system32\spmsg.dll
  - 2004-08-11 00:45:04 47,104 —-a-w c:\windows\system32\uwdf.exe
  + 2006-08-24 21:42:14 8,704 —-a-w c:\windows\system32\uwdf.exe
  + 2008-04-14 21:32:46 54,272 —-a-w c:\windows\system32\vfwwdm32.dll
  - 2004-08-11 00:45:04 15,872 —-a-w c:\windows\system32\wdfapi.dll
  + 2006-08-24 21:30:22 4,096 —-a-w c:\windows\system32\wdfapi.dll
  - 2004-08-11 00:45:04 38,912 —-a-w c:\windows\system32\wdfmgr.exe
  + 2006-08-24 21:42:14 8,704 —-a-w c:\windows\system32\wdfmgr.exe
  - 2004-08-11 00:45:04 380,144 —-a-w c:\windows\system32\wmadmod.dll
  + 2006-08-24 21:30:22 757,248 —-a-w c:\windows\system32\WMADMOD.dll
  - 2004-08-11 00:45:04 712,704 —-a-w c:\windows\system32\wmadmoe.dll
  + 2006-08-24 21:30:22 1,118,208 —-a-w c:\windows\system32\WMADMOE.dll
  - 2007-10-20 05:01:32 227,328 —-a-w c:\windows\system32\wmasf.dll
  + 2006-08-24 21:30:22 222,208 —-a-w c:\windows\system32\WMASF.dll
  - 2004-08-11 00:45:04 30,208 —-a-w c:\windows\system32\WMDMLOG.dll
  + 2006-08-24 21:30:22 33,792 —-a-w c:\windows\system32\wmdmlog.dll
  - 2004-08-11 00:45:04 34,304 —-a-w c:\windows\system32\WMDMPS.dll
  + 2006-08-24 21:30:22 37,376 —-a-w c:\windows\system32\wmdmps.dll
  - 2004-08-11 00:45:04 344,064 —-a-w c:\windows\system32\WMDRMdev.dll
  + 2006-08-24 21:30:22 428,032 —-a-w c:\windows\system32\wmdrmdev.dll
  - 2004-08-11 00:45:04 290,816 —-a-w c:\windows\system32\WMDRMNet.dll
  + 2006-08-24 21:30:24 347,648 —-a-w c:\windows\system32\wmdrmnet.dll
  + 2006-08-24 21:30:24 532,992 ——w c:\windows\system32\wmdrmsdk.dll
  - 2004-08-11 00:45:04 150,016 —-a-w c:\windows\system32\wmidx.dll
  + 2006-08-24 21:30:24 157,184 —-a-w c:\windows\system32\wmidx.dll
  - 2008-06-10 10:37:02 1,026,048 —-a-w c:\windows\system32\WMNetmgr.dll
  + 2006-08-24 21:30:24 937,984 —-a-w c:\windows\system32\WMNetMgr.dll
  - 2004-08-11 00:45:04 773,368 —-a-w c:\windows\system32\wmsdmod.dll
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmsdmod.dll
  - 2004-08-11 00:45:04 1,116,160 —-a-w c:\windows\system32\wmsdmoe2.dll
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmsdmoe2.dll
  - 2004-08-11 00:45:06 531,192 —-a-w c:\windows\system32\wmspdmod.dll
  + 2006-08-24 21:30:26 603,648 —-a-w c:\windows\system32\WMSPDMOD.dll
  - 2004-08-11 00:45:06 936,960 —-a-w c:\windows\system32\wmspdmoe.dll
  + 2006-08-24 21:30:26 1,327,616 —-a-w c:\windows\system32\WMSPDMOE.dll
  - 2004-08-11 00:45:06 1,181,944 —-a-w c:\windows\system32\wmvadvd.dll
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\WMVADVD.dll
  - 2004-08-11 00:45:06 1,509,376 —-a-w c:\windows\system32\WMVADVE.DLL
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\WMVADVE.DLL
  - 2008-06-10 10:57:40 2,364,472 —-a-w c:\windows\system32\WMVCore.dll
  + 2006-08-24 21:30:26 2,450,944 —-a-w c:\windows\system32\wmvcore.dll
  + 2006-08-24 21:30:26 1,539,584 ——w c:\windows\system32\WMVDECOD.dll
  - 2004-08-11 00:45:06 871,160 —-a-w c:\windows\system32\wmvdmod.dll
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmvdmod.dll
  - 2004-08-11 00:45:06 999,424 —-a-w c:\windows\system32\wmvdmoe2.dll
  + 2006-08-24 21:30:26 4,096 —-a-w c:\windows\system32\wmvdmoe2.dll
  + 2006-08-24 21:30:26 1,532,416 ——w c:\windows\system32\WMVENCOD.dll
  + 2006-08-24 21:30:26 1,392,128 ——w c:\windows\system32\WMVSDECD.dll
  + 2006-08-24 21:30:26 790,016 ——w c:\windows\system32\WMVSENCD.dll
  + 2006-08-24 21:30:26 656,896 ——w c:\windows\system32\WMVXENCD.dll
  - 2004-08-11 00:45:06 38,912 —-a-w c:\windows\system32\wpd_ci.dll
  + 2006-08-24 21:30:28 629,760 —-a-w c:\windows\system32\wpd_ci.dll
  - 2004-08-11 00:45:06 61,952 —-a-w c:\windows\system32\wpdconns.dll
  + 2006-08-24 21:30:26 35,840 —-a-w c:\windows\system32\wpdconns.dll
  - 2004-08-11 00:45:06 114,176 —-a-w c:\windows\system32\wpdmtp.dll
  + 2006-08-24 21:30:26 154,624 —-a-w c:\windows\system32\wpdmtp.dll
  - 2004-08-11 00:45:06 66,560 —-a-w c:\windows\system32\wpdmtpus.dll
  + 2006-08-24 21:30:28 63,488 —-a-w c:\windows\system32\wpdmtpus.dll
  + 2006-08-24 21:30:28 2,589,184 ——w c:\windows\system32\WpdShext.dll
  + 2006-08-24 19:26:22 17,408 ——w c:\windows\system32\wpdshextautoplay.exe
  + 2006-08-24 21:30:28 133,120 ——w c:\windows\system32\WPDShServiceObj.dll
  - 2004-08-11 00:45:06 327,680 —-a-w c:\windows\system32\wpdsp.dll
  + 2006-08-24 21:30:28 349,184 —-a-w c:\windows\system32\wpdsp.dll
  + 2006-02-03 07:41:26 14,032 —-a-w c:\windows\system32\x3daudio1_0.dll
  + 2006-02-03 07:42:06 230,096 —-a-w c:\windows\system32\xactengine2_0.dll
  + 2006-03-31 11:39:48 229,584 —-a-w c:\windows\system32\xactengine2_1.dll
  + 2006-05-31 06:24:16 230,168 —-a-w c:\windows\system32\xactengine2_2.dll
  + 2006-03-31 11:39:24 62,672 —-a-w c:\windows\system32\xinput1_1.dll
  + 2005-12-05 17:07:30 61,136 —-a-w c:\windows\system32\xinput9_1_0.dll
  + 2007-04-10 21:46:52 505,192 —-a-w c:\windows\twain_32\VX1000\TwainUI.dll
  .
  – Snapshot teruggezet naar huidige datum –
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
  "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
  "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
  "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
  "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
  "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
  "C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
  "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
  "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

  c:\documents and settings\Beheerder\Menu Start\Programma's\Opstarten\
  MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-28 546816]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
  2009-01-29 20:36 10520 c:\windows\system32\avgrsstx.dll

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  @="Driver"

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "%windir%\\system32\\sessmgr.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\Linksys\\KiSS PC-Link\\KiSS_PC-Link.exe"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\mIRC\\mirc.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
  "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
  "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
  "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
  "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
  "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
  "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-16 325128]
  R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-16 107272]
  R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-05-15 12:07:00 61424]
  R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-16 903960]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 298264]
  S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\software\Diagnostics\everesthome220\kerneld.wnt –> e:\software\Diagnostics\everesthome220\kerneld.wnt [?]
  S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-07 138112]
  S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-07 8320]
  S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-01-16 166720]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.google.nl/
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-03-15 17:41:52
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
  "ImagePath"="\??\e:\software\Diagnostics\everesthome220\kerneld.wnt"

  [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
  "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
  .
  Voltooingstijd: 2009-03-15 17:43:03
  ComboFix-quarantined-files.txt 2009-03-15 16:43:00
  ComboFix2.txt 2009-03-13 16:57:09

  Pre-Run: 4.709.113.856 bytes beschikbaar
  Post-Run: 4,726,333,440 bytes beschikbaar

  528 — E O F — 2009-03-14 23:26:50
  [/code:1:8f2d0095b9]
 • Zijn er nog problemen?
 • Zonder dat ik met de pc werk, hoor ik de harddisk regelmatig werken. Ik had zelfs de automatische updates uitgezet om dat gedownload uit te sluiten.

  Tijdens het branden van een CD of DVD liep het buffer regelmatig naar 10% zonder dat ik verder iets deed (ook msn etc stond dan uit)

  Kan je me iets meer vertellen over die rootkit en mountpoint?

  Zoals, hoe kan ik het voorkomen of herkennen? Mijn virusscanner is AVG en ik draai regelmatig S&D an ad-aware.
 • Een rootkit kan je niet herkennen, die schuilt zich diep.
  Ook besmtette mounpoints zijn niet te herkennen als je niet diep zoekt in het Register.


  Gebruik is rootkit hook analyzer en kijk welke regels in het rood worden aangegeven.
  Plaats die regels hier.
 • Dit?

  The process pnkbstra.exe does not have any product, company or description information.

  Information about the responsible process pnkbstra.exe:

  file path: C:\windows\system32\pnkbstra.exe
  Click here to do a Google search on pnkbstra.exe  System routines are being intercepted

  One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up.


  The module spfh.sys is hooking the kernel to intercept base system services.

  Information about the responsible module spfh.sys:

  file path: spfh.sys
  This file is no longer available. We suggest you try to find this file in another location on your hard disk.
  Click here to do a Google search on spfh.sys


  Ok, ik snap dat dat lastig te zien is maar toch gaf je mij de instructies naar aanleiding van mijn hijack log. Kwam dat door die 3 regels?
 • Nee die regels waren volkomen legitiem.
  Hoe je rootkits in bijv. HijackThis logs en ComboFix logs kan herkennen kan ik je niet in 1 post uitleggen, daarvoor kan je een opleiding volgen op HijackThis.nl

  Jouw problemen lijken me niet malware gerelateerd want je logs zijn schoon.
  Maar misschien kan je dit eens proberen.


  Download en bewaar SDFix
  op je bureaublad.
  Dubbelklik op [b:f972d6939d]SDFix.exe[/b:f972d6939d] en kies voor [b:f972d6939d]Install[/b:f972d6939d] om het tooltje uit te pakken in een eigen map op je bureaublad.

  Start de computer opnieuw op, maar dan in veilige modus.

  [list:f972d6939d][*:f972d6939d] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:f972d6939d]RunThis.bat[/b:f972d6939d] om het tooltje te starten.
  [*:f972d6939d] Typ [b:f972d6939d]Y[/b:f972d6939d] om het clean proces te starten.
  [*:f972d6939d] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
  [*:f972d6939d] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:f972d6939d]Finished[/b:f972d6939d] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
  [*:f972d6939d] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:f972d6939d]Report.txt[/b:f972d6939d].[/list:u:f972d6939d]


  Post dit logje in je volgende bericht.
 • Othuroyo, bedankt voor de reminder, ik ben er alleen nog niet aan toegekomen.

  Deze pc gaat binnenkort toch weg, hij wordt vervangen door een sneller, ander exemplaar.

  Wat me nog wel verbaast is dat dit systeem MSN Live 50% van de processorkracht pakt. (het is een 2.2GHZ P4).

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.