Vraag & Antwoord

Beveiliging & privacy

c:\disk

Anoniem
juisterr
12 antwoorden
  • Dag
    Malwarebytes geeft aan dat het bestand c:\disk bij opstarten verwijderd zal worden, enige weken geleden ook al.

    Wat is dit voor bestand en wat doet het? Googelen gaf geen resultaat
  • Met alleen deze informatie kan ik het je niet vertellen.

    Met een HijackThis log, zou ik je al een stap dichterbij kunnen brengen met het verwijderen.
  • Heeft even geduurd maar hier is de log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:40:32, on 8-4-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 4030 bytes
  • vandaag vindt mbam de file opnieuw c:\disk
    hieronder de log opnieuwLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:56, on 10-4-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 4363 bytes
  • vandaag opnieuw weer c:\disk
    hierbij de log fileLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:58:32, on 28-4-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 4878 bytes
  • Download [b:802e761b09] naar je Bureaublad en gebruik het volgens deze handleiding.

    [i:802e761b09]
  • ComboFix 09-04-29.07 - Beneden 30-04-2009 18:00.18 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1983.1468 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-30 ))))))))))))))))))))))))))))))
    .

    2009-04-30 08:50 . 2009-04-30 09:49 ——– d–h–r c:\documents and settings\Beneden\Onlangs geopend
    2009-04-24 10:06 . 2009-04-28 10:17 ——– d–h–w C:\$AVG8.VAULT$
    2009-04-18 12:57 . 2009-04-18 12:57 ——– d—–w C:\[NDS]PokemonRanger
    2009-04-17 15:09 . 2009-04-17 15:09 10520 —-a-w c:\windows\system32\avgrsstx.dll
    2009-04-17 15:09 . 2009-04-17 15:09 108552 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-04-17 15:09 . 2009-04-17 15:09 325640 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-04-17 15:09 . 2009-04-30 08:27 ——– d—–w c:\windows\system32\drivers\Avg
    2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-04-15 10:28 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 10:28 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 10:28 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
    2009-04-15 10:28 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 10:28 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 10:28 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 10:28 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 10:28 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 10:28 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 10:28 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
    2009-04-14 08:48 . 2009-04-14 08:48 607640 —-a-w C:\jre-6u13-windows-i586-p-iftw.exe
    2009-04-11 11:56 . 2009-04-11 11:56 20262733 —-a-w C:\[NDS]MetroidPrimePinball.zip
    2009-04-10 15:55 . 2009-04-10 15:55 ——– d—–w c:\program files\Sweet Home 3D
    2009-04-05 07:02 . 2009-04-05 07:02 ——– d-sh–w c:\documents and settings\LocalService\IETldCache

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-30 08:29 . 2006-03-02 12:00 84432 —-a-w c:\windows\system32\perfc013.dat
    2009-04-30 08:29 . 2006-03-02 12:00 475216 —-a-w c:\windows\system32\perfh013.dat
    2009-04-30 08:25 . 2008-05-10 20:00 ——– d—–w c:\program files\SPAMfighter
    2009-04-28 07:13 . 2008-11-01 10:38 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-04-14 08:56 . 2008-09-28 07:37 410984 —-a-w c:\windows\system32\deploytk.dll
    2009-04-14 08:54 . 2007-05-17 17:29 ——– d—–w c:\program files\Java
    2009-04-06 13:32 . 2008-11-01 10:38 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 13:32 . 2008-11-01 10:38 15504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-04-05 07:12 . 2007-05-11 21:48 ——– d–h–w c:\program files\InstallShield Installation Information
    2009-04-05 06:53 . 2008-11-12 13:31 ——– d—–w c:\program files\Yahoo!
    2009-04-05 06:51 . 2007-10-26 11:23 ——– d—–w c:\program files\GV_Killer
    2009-04-05 06:50 . 2008-06-18 15:04 ——– d—–w c:\program files\Citrix
    2009-04-05 06:50 . 2007-05-20 09:08 ——– d—–w c:\program files\Google
    2009-04-05 06:48 . 2007-09-16 10:17 ——– d—–w c:\program files\AVI DivX MPEG to DVD Converter & Burner Pro
    2009-03-28 20:56 . 2009-03-20 15:29 ——– d—–w c:\program files\LG PC Suite II
    2009-03-27 11:37 . 2007-05-17 17:29 ——– d—–w c:\program files\LimeWire
    2009-03-22 11:31 . 2009-03-22 11:31 ——– d—–w c:\program files\IE New Window Maximizer
    2009-03-20 15:33 . 2009-03-20 15:33 ——– d—–w c:\program files\LG Electronics
    2009-03-08 03:34 . 2006-03-02 12:00 914944 —-a-w c:\windows\system32\wininet.dll
    2009-03-08 03:34 . 2006-03-02 12:00 43008 —-a-w c:\windows\system32\licmgr10.dll
    2009-03-08 03:33 . 2006-03-02 12:00 18944 —-a-w c:\windows\system32\corpol.dll
    2009-03-08 03:33 . 2006-03-02 12:00 420352 —-a-w c:\windows\system32\vbscript.dll
    2009-03-08 03:32 . 2006-03-02 12:00 72704 —-a-w c:\windows\system32\admparse.dll
    2009-03-08 03:32 . 2006-03-02 12:00 71680 —-a-w c:\windows\system32\iesetup.dll
    2009-03-08 03:31 . 2006-03-02 12:00 34816 —-a-w c:\windows\system32\imgutil.dll
    2009-03-08 03:31 . 2006-03-02 12:00 48128 —-a-w c:\windows\system32\mshtmler.dll
    2009-03-08 03:31 . 2006-03-02 12:00 45568 —-a-w c:\windows\system32\mshta.exe
    2009-03-08 03:22 . 2006-03-02 12:00 156160 —-a-w c:\windows\system32\msls31.dll
    2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
    2009-02-16 22:17 . 2007-05-11 21:46 453152 —-a-w c:\windows\system32\NVUNINST.EXE
    2009-02-10 17:10 . 2004-08-04 00:58 2070400 —-a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
    2009-02-09 11:27 . 2006-03-02 12:00 2193408 —-a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
    2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32\ntdll.dll
    2009-02-06 10:39 . 2006-03-02 12:00 35328 —-a-w c:\windows\system32\sc.exe
    2009-02-03 19:59 . 2006-03-02 12:00 56832 —-a-w c:\windows\system32\secur32.dll
    2008-11-02 14:07 . 2008-11-02 14:07 15628 —-a-w c:\program files\Furnish Lite uninstal.log
    .

    ——- Sigcheck ——-

    [-] 2006-03-02 12:00 14336 AB8C6D89A897BACBA4657FDF00E344A6 c:\windows\$NtServicePackUninstall$\svchost.exe
    [-] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\system32\svchost.exe

    [-] 2005-03-02 18:21 578560 0B62745CE93E8C6F56547F70269DBABC c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2007-03-08 15:51 579584 FA35431E333943F4B2A6D33FA4EE3CE9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\$NtServicePackUninstall$\user32.dll
    [-] 2006-03-02 12:00 578560 8E5D344FD717D35EE7ED1C8E0AD0CBE6 c:\windows\$NtUninstallKB890859$\user32.dll
    [-] 2005-03-02 18:19 578560 A9F2EBFC6EF9C1FB38CEDCF747162B6C c:\windows\$NtUninstallKB925902$\user32.dll
    [-] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\system32\user32.dll

    [-] 2006-03-02 12:00 82944 06EBCBE58321E924980148B7E3DBD753 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    [-] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\system32\ws2_32.dll

    [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
    [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

    [-] 2006-03-02 12:00 504832 732ED791711DF9C9DD15E5515BC681B8 c:\windows\$NtServicePackUninstall$\winlogon.exe
    [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\system32\winlogon.exe

    [-] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
    [-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

    [-] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

    [-] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\explorer.exe
    [-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2006-03-02 12:00 1035776 A1D7304A87FC3093150F5E3CC7B0F338 c:\windows\$NtUninstallKB938828$\explorer.exe
    [-] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2006-03-02 12:00 13312 34A82DEBEFB057FCCCBE15F619FC98A7 c:\windows\$NtServicePackUninstall$\lsass.exe
    [-] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\system32\lsass.exe

    [-] 2006-03-02 12:00 15360 7DE46C9C40ABB58C8FDFE0212A3BF2B4 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [-] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\system32\ctfmon.exe

    [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
    [-] 2006-03-02 12:00 57856 CCCB8B94B17466EFB9DC27F42625B0E5 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    [-] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\system32\spoolsv.exe

    [-] 2006-03-02 12:00 24576 DE7A0EE4A6A28E6DFE3118EB22468DA6 c:\windows\$NtServicePackUninstall$\userinit.exe
    [-] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\system32\userinit.exe

    [-] 2006-03-02 12:00 297472 E2CE999886A4636026F157DEB886AA94 c:\windows\$NtServicePackUninstall$\termsrv.dll
    [-] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\system32\termsrv.dll

    [-] 2006-03-02 12:00 17408 D5A792DB732622A393A0469FE6EAA728 c:\windows\$NtServicePackUninstall$\powrprof.dll
    [-] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\system32\powrprof.dll

    [-] 2006-03-02 12:00 110080 7ADE4584ED6657CAE3D523CF101992BD c:\windows\$NtServicePackUninstall$\imm32.dll
    [-] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\system32\imm32.dll

    [-] 2006-03-02 12:00 1548288 486594A19F7AEDEBEA600855FFD5E914 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    [-] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-17 1932568]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-04-17 15:09 10520 —-a-w c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsv

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "MDM"=2 (0x2)
    "AdobeActiveFileMonitor5.0"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CryptSvc"=3 (0x3)
    "WSearch"=2 (0x2)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Documents and Settings\\Beneden\\Mijn documenten\\Downloads\\utorrent.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6667:TCP"= 6667:TCP:sha
    "6346:TCP"= 6346:TCP:sh

    R3 cpuz130;cpuz130; [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-11-25 8704]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-11-25 3072]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-17 325640]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-17 108552]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-17 298264]
    S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968]
    S3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600]
    S3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-01-07 18560]


    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - CPUZ129
    *NewlyCreated* - PROCEXP113
    *Deregistered* - PROCEXP113

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a968aa38-25e0-11dd-8bad-0019661a4f22}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:51]

    2009-04-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-18 07:02]

    2009-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job
    - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:33]

    2007-12-09 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 11:37]

    2007-12-09 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 11:37]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-30 18:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(3608)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-04-30 18:06
    ComboFix-quarantined-files.txt 2009-04-30 16:06
    ComboFix2.txt 2009-02-11 15:45
    ComboFix3.txt 2009-01-25 21:26
    ComboFix4.txt 2009-01-25 17:52
    ComboFix5.txt 2009-04-30 15:59

    Pre-Run: 38.445.785.088 bytes beschikbaar
    Post-Run: 38.469.574.656 bytes beschikbaar

    253 — E O F — 2009-04-29 21:33
  • c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe


    combofix moet op het bureaublad staan, verplaats het daar naar toe aub.
  • niettemin ziet het er goed uit zo.

    Download OTMoveIt3 (by OldTimer) naar je Bureaublad.
    * Dubbelklik op OTMoveIt3.exe om de tool te starten.
    * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, code tekst :
    [code:1:78817feb79]
    :Processes

    :Services
    :Reg
    :Files

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    [/code:1:78817feb79]
    * Plak de gekopiëerde tekst (druk Ctrl-V) in het [b:78817feb79]"Paste List of Files/Folders to be moved"[/b:78817feb79] venster
    * Klik op de rode [b:78817feb79]
  • ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66BA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66D5.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6765.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6770.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6879.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6888.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DFB7C4.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\PF5BZE2V\viewtopic[1].htm scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\IVC9GO95\ads[1].htm scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\FIFGSE5V\msgrconfig[1].xml scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_510.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Opera cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04302009_183209

    Files moved on Reboot…
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66BA.tmp not found!
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66D5.tmp not found!
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6765.tmp not found!
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6770.tmp not found!
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6879.tmp not found!
    File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6888.tmp not found!
    C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DFB7C4.tmp moved successfully.
    C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\PF5BZE2V\viewtopic[1].htm moved successfully.
    C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\IVC9GO95\ads[1].htm moved successfully.
    C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\FIFGSE5V\msgrconfig[1].xml moved successfully.
    C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File C:\WINDOWS\temp\Perflib_Perfdata_510.dat not found!
  • Nieuw HJT logje en vertel even hoe het nu gaat.
  • Alles gaat nu goed, was ook vorige keer zo. Elke paar weken verschijnt er weer een melding dat c:\disk gevonden is en verwijderd wordt. Ik heb er dus verder geen last van, voorzover ik kan ontdekken.
    Malwarebytes vindt dat bestand dus elke paar weken.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:32, on 2-5-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 4650 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.