Vraag & Antwoord

Beveiliging & privacy

c:\disk

12 antwoorden
  • Dag Malwarebytes geeft aan dat het bestand c:\disk bij opstarten verwijderd zal worden, enige weken geleden ook al. Wat is dit voor bestand en wat doet het? Googelen gaf geen resultaat
  • Met alleen deze informatie kan ik het je niet vertellen. Met een HijackThis log, zou ik je al een stap dichterbij kunnen brengen met het verwijderen.
  • Heeft even geduurd maar hier is de log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:32, on 8-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\clipsrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 4030 bytes
  • vandaag vindt mbam de file opnieuw c:\disk hieronder de log opnieuwLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:56, on 10-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 4363 bytes
  • vandaag opnieuw weer c:\disk hierbij de log fileLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58:32, on 28-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\clipsrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 4878 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:802e761b09][color=blue:802e761b09]Combofix[/color:802e761b09][/b:802e761b09][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:802e761b09][color=Red:802e761b09]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:802e761b09]download Combofix opnieuw[/b:802e761b09]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:802e761b09][/i:802e761b09][list:802e761b09][*:802e761b09]Dubbelklik op [b:802e761b09]Combofix.exe[/b:802e761b09] om het te starten. [*:802e761b09][i:802e761b09]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:802e761b09] [*:802e761b09]Klik op [b:802e761b09]OK[/b:802e761b09] in het "NirCmd" venstertje. [*:802e761b09][i:802e761b09]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:802e761b09]JA[/b:802e761b09] te klikken in het "Query - Recovery Console" venster.[/i:802e761b09] [*:802e761b09]Klik op [b:802e761b09]OK[/b:802e761b09] en [b:802e761b09]Ja[/b:802e761b09] om automatisch de Recovery Console te laten installeren. [*:802e761b09]Klik na afloop terug op [b:802e761b09]Ja[/b:802e761b09] om het scannen op malware te starten. [*:802e761b09]Tijdens het runnen van de fix, [b:802e761b09]NIET[/b:802e761b09] in het venster klikken, want dit zal je pc doen vasthangen. [*:802e761b09]Wanneer de fix voltooid is en na herstart, zal de log [b:802e761b09]Combofix.txt[/b:802e761b09] openen.[/list:u:802e761b09]Post dit logje in je volgende antwoord.
  • ComboFix 09-04-29.07 - Beneden 30-04-2009 18:00.18 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1983.1468 [GMT 2:00] Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))) . 2009-04-30 08:50 . 2009-04-30 09:49 -------- d--h--r c:\documents and settings\Beneden\Onlangs geopend 2009-04-24 10:06 . 2009-04-28 10:17 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-18 12:57 . 2009-04-18 12:57 -------- d-----w C:\[NDS]PokemonRanger 2009-04-17 15:09 . 2009-04-17 15:09 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-17 15:09 . 2009-04-17 15:09 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-17 15:09 . 2009-04-17 15:09 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-17 15:09 . 2009-04-30 08:27 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-17 15:08 . 2009-04-17 15:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-15 10:28 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 10:28 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 10:28 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 10:28 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 10:28 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 10:28 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 10:28 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 10:28 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 10:28 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 10:28 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 08:48 . 2009-04-14 08:48 607640 ----a-w C:\jre-6u13-windows-i586-p-iftw.exe 2009-04-11 11:56 . 2009-04-11 11:56 20262733 ----a-w C:\[NDS]MetroidPrimePinball.zip 2009-04-10 15:55 . 2009-04-10 15:55 -------- d-----w c:\program files\Sweet Home 3D 2009-04-05 07:02 . 2009-04-05 07:02 -------- d-sh--w c:\documents and settings\LocalService\IETldCache . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-30 08:29 . 2006-03-02 12:00 84432 ----a-w c:\windows\system32\perfc013.dat 2009-04-30 08:29 . 2006-03-02 12:00 475216 ----a-w c:\windows\system32\perfh013.dat 2009-04-30 08:25 . 2008-05-10 20:00 -------- d-----w c:\program files\SPAMfighter 2009-04-28 07:13 . 2008-11-01 10:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-14 08:56 . 2008-09-28 07:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-14 08:54 . 2007-05-17 17:29 -------- d-----w c:\program files\Java 2009-04-06 13:32 . 2008-11-01 10:38 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-11-01 10:38 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 07:12 . 2007-05-11 21:48 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-05 06:53 . 2008-11-12 13:31 -------- d-----w c:\program files\Yahoo! 2009-04-05 06:51 . 2007-10-26 11:23 -------- d-----w c:\program files\GV_Killer 2009-04-05 06:50 . 2008-06-18 15:04 -------- d-----w c:\program files\Citrix 2009-04-05 06:50 . 2007-05-20 09:08 -------- d-----w c:\program files\Google 2009-04-05 06:48 . 2007-09-16 10:17 -------- d-----w c:\program files\AVI DivX MPEG to DVD Converter & Burner Pro 2009-03-28 20:56 . 2009-03-20 15:29 -------- d-----w c:\program files\LG PC Suite II 2009-03-27 11:37 . 2007-05-17 17:29 -------- d-----w c:\program files\LimeWire 2009-03-22 11:31 . 2009-03-22 11:31 -------- d-----w c:\program files\IE New Window Maximizer 2009-03-20 15:33 . 2009-03-20 15:33 -------- d-----w c:\program files\LG Electronics 2009-03-08 03:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 03:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 03:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 03:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 03:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 03:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 03:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 03:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 03:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 03:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:23 . 2006-03-02 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-02-16 22:17 . 2007-05-11 21:46 453152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2006-03-02 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2006-03-02 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2006-03-02 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2006-03-02 12:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2006-03-02 12:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-03-02 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-11-02 14:07 . 2008-11-02 14:07 15628 ----a-w c:\program files\Furnish Lite uninstal.log . ------- Sigcheck ------- [-] 2006-03-02 12:00 14336 AB8C6D89A897BACBA4657FDF00E344A6 c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\system32\svchost.exe [-] 2005-03-02 18:21 578560 0B62745CE93E8C6F56547F70269DBABC c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2007-03-08 15:51 579584 FA35431E333943F4B2A6D33FA4EE3CE9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\$NtServicePackUninstall$\user32.dll [-] 2006-03-02 12:00 578560 8E5D344FD717D35EE7ED1C8E0AD0CBE6 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2005-03-02 18:19 578560 A9F2EBFC6EF9C1FB38CEDCF747162B6C c:\windows\$NtUninstallKB925902$\user32.dll [-] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\system32\user32.dll [-] 2006-03-02 12:00 82944 06EBCBE58321E924980148B7E3DBD753 c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\system32\ws2_32.dll [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys [-] 2006-03-02 12:00 504832 732ED791711DF9C9DD15E5515BC681B8 c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\system32\winlogon.exe [-] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [-] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [-] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\explorer.exe [-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2006-03-02 12:00 1035776 A1D7304A87FC3093150F5E3CC7B0F338 c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe [-] 2006-03-02 12:00 13312 34A82DEBEFB057FCCCBE15F619FC98A7 c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\system32\lsass.exe [-] 2006-03-02 12:00 15360 7DE46C9C40ABB58C8FDFE0212A3BF2B4 c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\system32\ctfmon.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2006-03-02 12:00 57856 CCCB8B94B17466EFB9DC27F42625B0E5 c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\system32\spoolsv.exe [-] 2006-03-02 12:00 24576 DE7A0EE4A6A28E6DFE3118EB22468DA6 c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\system32\userinit.exe [-] 2006-03-02 12:00 297472 E2CE999886A4636026F157DEB886AA94 c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\system32\termsrv.dll [-] 2006-03-02 12:00 17408 D5A792DB732622A393A0469FE6EAA728 c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\system32\powrprof.dll [-] 2006-03-02 12:00 110080 7ADE4584ED6657CAE3D523CF101992BD c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\system32\imm32.dll [-] 2006-03-02 12:00 1548288 486594A19F7AEDEBEA600855FFD5E914 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-17 1932568] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-17 15:09 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "ose"=3 (0x3) "NVSvc"=2 (0x2) "MDM"=2 (0x2) "AdobeActiveFileMonitor5.0"=2 (0x2) "ERSvc"=2 (0x2) "CryptSvc"=3 (0x3) "WSearch"=2 (0x2) "gusvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Beneden\\Mijn documenten\\Downloads\\utorrent.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6667:TCP"= 6667:TCP:sha "6346:TCP"= 6346:TCP:sh R3 cpuz130;cpuz130; [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-11-25 8704] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-11-25 3072] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-17 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-17 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-17 298264] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968] S3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600] S3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-01-07 18560] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - CPUZ129 *NewlyCreated* - PROCEXP113 *Deregistered* - PROCEXP113 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a968aa38-25e0-11dd-8bad-0019661a4f22}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-04-24 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:51] 2009-04-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-18 07:02] 2009-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:33] 2007-12-09 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2007-08-02 11:37] 2007-12-09 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2007-08-02 11:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 18:03 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3608) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-04-30 18:06 ComboFix-quarantined-files.txt 2009-04-30 16:06 ComboFix2.txt 2009-02-11 15:45 ComboFix3.txt 2009-01-25 21:26 ComboFix4.txt 2009-01-25 17:52 ComboFix5.txt 2009-04-30 15:59 Pre-Run: 38.445.785.088 bytes beschikbaar Post-Run: 38.469.574.656 bytes beschikbaar 253 --- E O F --- 2009-04-29 21:33
  • c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe combofix moet op het bureaublad staan, verplaats het daar naar toe aub.
  • niettemin ziet het er goed uit zo. Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe]OTMoveIt3[/url] (by OldTimer) naar je Bureaublad. * Dubbelklik op OTMoveIt3.exe om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, code tekst : [code:1:78817feb79] :Processes :Services :Reg :Files :Commands [purity] [emptytemp] [start explorer] [Reboot] [/code:1:78817feb79] * Plak de gekopiëerde tekst (druk Ctrl-V) in het [b:78817feb79]"Paste List of Files/Folders to be moved"[/b:78817feb79] venster * Klik op de rode [b:78817feb79][color=red:78817feb79]MoveIt![/b:78817feb79][/color:78817feb79] knop * [b:78817feb79]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,[/b:78817feb79] (of het logje dat je terugvindt als [b:78817feb79]C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).[/b:78817feb79] * Sluit [b:78817feb79]OTMoveIt3[/b:78817feb79] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:78817feb79]Ja/Yes.[/b:78817feb79]
  • ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66BA.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66D5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6765.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6770.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6879.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6888.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DFB7C4.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\PF5BZE2V\viewtopic[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\IVC9GO95\ads[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\FIFGSE5V\msgrconfig[1].xml scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_510.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Opera cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04302009_183209 Files moved on Reboot... File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66BA.tmp not found! File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF66D5.tmp not found! File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6765.tmp not found! File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6770.tmp not found! File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6879.tmp not found! File C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DF6888.tmp not found! C:\DOCUME~1\Beneden\LOCALS~1\Temp\~DFB7C4.tmp moved successfully. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\PF5BZE2V\viewtopic[1].htm moved successfully. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\IVC9GO95\ads[1].htm moved successfully. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\FIFGSE5V\msgrconfig[1].xml moved successfully. C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_510.dat not found!
  • Nieuw HJT logje en vertel even hoe het nu gaat.
  • Alles gaat nu goed, was ook vorige keer zo. Elke paar weken verschijnt er weer een melding dat c:\disk gevonden is en verwijderd wordt. Ik heb er dus verder geen last van, voorzover ik kan ontdekken. Malwarebytes vindt dat bestand dus elke paar weken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:51:32, on 2-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\clipsrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 4650 bytes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.