Ga naar inhoud

Aanbevolen berichten

Geplaatst: (aangepast)

Prima :top:

Er zit wel veel "rommel" op je systeem die voor problemen kan zorgen, maar dat gaan we direct aanpakken.

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "Planner voor Automatische LiveUpdate" en druk op Enter.

Tik in: sc delete "Planner voor Automatische LiveUpdate" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op als administrator. (Zie afbeelding in bericht nr 8)

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Shareware.Pro-NE Toolbar - {11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3} - C:\Program Files\Shareware.Pro-NE\tbShar.dll

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: Shareware.Pro-NE Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog0.dll

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: TVersitybar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll

O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)

O2 - BHO: SupremoAdsForYou - {86055018-74AE-883B-A640-2D5E44D9BFE8} - (no file)

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

O2 - BHO: SearchElf 1.2 Toolbar - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O3 - Toolbar: Shareware.Pro-NE Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog0.dll

O3 - Toolbar: Shareware.Pro-NE Toolbar - {11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3} - C:\Program Files\Shareware.Pro-NE\tbShar.dll

O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)

O3 - Toolbar: SearchElf 1.2 Toolbar - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder het programma Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... Dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

aangepast door kweezie wabbit
  • Reacties 22
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

is wel goed gegaan denk ik,daar is niet gevraagt om op nieuw op te starten.

dit was het rezultaat na de scan + vewijderen:Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.05.24.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

hansenjoke :: PC_VAN_HANSENJO [administrator]

Realtime bescherming: Ingeschakeld

24-5-2012 18:56:54

mbam-log-2012-05-24 (18-56-54).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 237516

Verstreken tijd: 23 minuut/minuten, 27 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 6

HKCR\AppID\{418D86BE-7386-4F1A-83E0-53604ADBDA74} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86055018-74AE-883B-A640-2D5E44D9BFE8} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\AppID\SupremoAdsForYou.DLL (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\SupremoAdsForYou (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 4

C:\Users\hansenjoke\AppData\Roaming\02000000e0523e9f658C.manifest (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\hansenjoke\AppData\Roaming\02000000e0523e9f658O.manifest (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\hansenjoke\AppData\Roaming\02000000e0523e9f658P.manifest (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\hansenjoke\AppData\Roaming\02000000e0523e9f658S.manifest (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Geplaatst:

oke zo ??

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:13:22, on 25-5-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Windows Searchqu Toolbar\DataMngr\datamngrUI.exe

C:\Program Files\ESET\UpdateReminder.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Eset\nod32kui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\hansenjoke\Downloads\HijackThis (1).exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-4165291114-3087629697-1407380208-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NETGEAR Receiver Service (recvrsvc.exe) - NETGEAR, Inc. - C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

--

End of file - 7754 bytes

Geplaatst:

Heel goed maar er zijn nog enkele lijntjes die weg moeten.

Start Hijackthis op als administrator.

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

Klik op 'Fix checked' om de items te verwijderen.

Maak een nieuw logje.

Geplaatst:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:57:21, on 25-5-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Windows Searchqu Toolbar\DataMngr\datamngrUI.exe

C:\Program Files\ESET\UpdateReminder.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Spotnet\Spotnet.exe

C:\Program Files\Spotnet\SABnzbd.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\Users\hansenjoke\Downloads\HijackThis (1).exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-4165291114-3087629697-1407380208-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NETGEAR Receiver Service (recvrsvc.exe) - NETGEAR, Inc. - C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

--

End of file - 7517 bytes

Geplaatst:

Het logje ziet er nu pico bello uit.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Geplaatst:

heb via link 2 combofix gedownload (via 1 kon dat niet, computer gaf fout melding aan )verder heb ik niks (kunnen doen) maar ik denk dat het hele proces wel afgewerkt is.

Hierbij de inhoud van loqbestand.

ComboFix 12-05-26.02 - hansenjoke 26-05-2012 9:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.767.201 [GMT 2:00]

Gestart vanuit: c:\users\hansenjoke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FV0XVQ3\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe

c:\program files\facemoods.com\sqlite3.dll

c:\program files\Windows Searchqu Toolbar

c:\program files\Windows Searchqu Toolbar\DataMngr\datamngr.dll

c:\program files\Windows Searchqu Toolbar\DataMngr\datamngrUI.exe

c:\program files\Windows Searchqu Toolbar\del_DM_DLL_57.dll

c:\program files\Windows Searchqu Toolbar\del_DM_DLL_88.dll

c:\program files\Windows Searchqu Toolbar\del_DM_EXE_19.dll

c:\program files\Windows Searchqu Toolbar\del_DM_EXE_93.dll

c:\program files\Windows Searchqu Toolbar\INSTALL.LOG

c:\program files\Windows Searchqu Toolbar\main.ico

c:\program files\Windows Searchqu Toolbar\uninstall.exe

c:\program files\Windows Searchqu Toolbar\UNWISE.EXE

c:\program files\Windows Searchqu Toolbar\UnwiseLauncher.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk

c:\users\HANSEN~1\AppData\Local\Temp\ppcrlui_1888_2

c:\users\hansenjoke\AppData\Local\Temp\ppcrlui_1888_2

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\nzbchronicle.net.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\Place2Use.net.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\SpotLite website.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\WWW.WICKEDREACTION.WS.url

c:\users\hansenjoke\Documents\~WRL0002.tmp

c:\users\hansenjoke\Favorites\Download programs.url

c:\users\Public\sdelevURL.tmp

c:\windows\system32\gFj0ntf.vbs

c:\windows\system32\mSSVP.vbs

c:\windows\system32\roboot.exe

K:\install.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-26 to 2012-05-26 ))))))))))))))))))))))))))))))

.

.

2012-05-26 07:44 . 2012-05-26 07:52 -------- d-----w- c:\users\hansenjoke\AppData\Local\temp

2012-05-26 07:44 . 2012-05-26 07:44 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2012-05-26 07:44 . 2012-05-26 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 07:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556B0F63-0CBB-4580-B91A-77B08176EBB8}\mpengine.dll

2012-05-24 16:42 . 2012-05-24 16:42 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\Malwarebytes

2012-05-24 16:41 . 2012-05-24 16:41 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 16:41 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 16:41 . 2012-05-24 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 11:06 . 2012-05-24 11:06 -------- d-----w- c:\program files\Nieuwe map

2012-05-23 16:16 . 2012-05-23 16:16 -------- d-----w- c:\program files\Oracle

2012-05-23 16:16 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-20 07:42 . 2012-05-16 10:07 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-05-20 07:42 . 2012-05-20 07:42 -------- d-----w- c:\program files\Soluto

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\searchplugins

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\bProtectorForWindows

2012-05-14 18:32 . 2012-05-15 19:21 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\PerformerSoft

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\searchplugins

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\bProtectorForWindows

2012-05-14 18:31 . 2012-05-15 19:21 -------- d-----w- c:\program files\PC Performer

2012-05-14 18:30 . 2012-05-14 18:30 -------- d-----w- c:\programdata\bProtectorForWindows

2012-05-14 18:30 . 2012-05-14 18:30 -------- d-----w- c:\program files\PriceGong

2012-05-14 17:59 . 2012-05-20 08:00 -------- d-----w- c:\programdata\Soluto

2012-05-11 12:58 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 12:58 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-11 12:58 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-04-26 14:33 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-04-26 14:27 . 2012-04-26 14:27 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-26 14:05 . 2012-04-26 14:05 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\b2649eaf1cd23b502\DXSETUP.exe

2012-04-26 14:05 . 2012-04-26 14:05 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\b2649eaf1cd23b502\DSETUP.dll

2012-04-26 14:05 . 2012-04-26 14:05 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\b2649eaf1cd23b502\dsetup32.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 13:54 . 2012-04-09 06:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 13:54 . 2011-06-02 13:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-20 13:33 . 2012-04-20 13:33 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-14 18:41 . 2010-05-21 15:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-29 15:11 . 2012-04-12 06:33 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-12 06:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-12 06:33 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-12 06:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-12 06:35 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 06:35 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 06:35 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 06:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-21 01:18 . 2012-05-16 07:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-03-02 67960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-09-21 949376]

"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-18 462848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]

2010-03-08 07:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARDigitalEntertainer]

2009-04-29 11:22 3498712 ----a-w- c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:54]

.

2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-25 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor Defrag.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-05-26 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-03-17 13:52]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Translate this web page with Babylon

IE: Translate with Babylon

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\hansenjoke\AppData\Roaming\Mozilla\Firefox\Profiles\mj5hzvnh.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - ^hxxp://.*\\.babylon\\.com/\\?AF=110396.*

FF - prefs.js: keyword.URL - ^hxxp://.*\\.babylon\\.com/\\?AF=110396.*

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - (no file)

WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{11E7AB0E-3B77-41F8-A9C3-8B67A04FD4C3} - (no file)

WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)

MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe

AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe

AddRemove-FoxTab Media Player - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-05-26 09:52

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-05-26 10:07:35

ComboFix-quarantined-files.txt 2012-05-26 08:07

.

Pre-Run: 39.246.680.064 bytes beschikbaar

Post-Run: 43.214.635.008 bytes beschikbaar

.

- - End Of File - - 69E2792F5B8731410FC24D6B3DBCC7F9

Geplaatst:

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\PriceGong

Firefox::

FF - ProfilePath - c:\users\hansenjoke\AppData\Roaming\Mozilla\Firefox\Profiles\mj5hzvnh.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Geplaatst:

Goede morgen,

Terwijl combofix bezig was kreeg ik twee meldingen:

1 Virus ontdekt, gebeurtenis opgetreden door applicatieC;/combo fix, het bestand is verplaatst naar quarantaine.

2 Pev. 3XE werkt niet meer.

Ik weet niet of dit belangrijk is, daarom vermeld ik dit ermaar bij.

Mvrgr. Hans van hansenjoke/

ComboFix 12-05-27.01 - hansenjoke 27-05-2012 8:48.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.767.232 [GMT 2:00]

Gestart vanuit: c:\users\hansenjoke\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\hansenjoke\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\PriceGong

c:\program files\PriceGong\2.6.4\PriceGong.crx

c:\program files\PriceGong\uninst.exe

c:\users\HANSEN~1\AppData\Local\Temp\ppcrlui_2724_2

c:\users\hansenjoke\AppData\Local\Temp\ppcrlui_2724_2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-27 to 2012-05-27 ))))))))))))))))))))))))))))))

.

.

2012-05-27 07:09 . 2012-05-27 07:10 -------- d-----w- c:\users\hansenjoke\AppData\Local\temp

2012-05-27 07:09 . 2012-05-27 07:09 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2012-05-27 07:09 . 2012-05-27 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 07:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556B0F63-0CBB-4580-B91A-77B08176EBB8}\mpengine.dll

2012-05-24 16:42 . 2012-05-24 16:42 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\Malwarebytes

2012-05-24 16:41 . 2012-05-24 16:41 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 16:41 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 16:41 . 2012-05-24 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 11:06 . 2012-05-24 11:06 -------- d-----w- c:\program files\Nieuwe map

2012-05-23 16:16 . 2012-05-23 16:16 -------- d-----w- c:\program files\Oracle

2012-05-23 16:16 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-20 07:42 . 2012-05-16 10:07 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-05-20 07:42 . 2012-05-20 07:42 -------- d-----w- c:\program files\Soluto

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\searchplugins

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\bProtectorForWindows

2012-05-14 18:32 . 2012-05-15 19:21 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\PerformerSoft

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\searchplugins

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\bProtectorForWindows

2012-05-14 18:31 . 2012-05-15 19:21 -------- d-----w- c:\program files\PC Performer

2012-05-14 18:30 . 2012-05-14 18:30 -------- d-----w- c:\programdata\bProtectorForWindows

2012-05-14 17:59 . 2012-05-20 08:00 -------- d-----w- c:\programdata\Soluto

2012-05-11 12:58 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 12:58 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-11 12:58 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 13:54 . 2012-04-09 06:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 13:54 . 2011-06-02 13:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-26 14:27 . 2012-04-26 14:27 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-20 13:33 . 2012-04-20 13:33 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-14 18:41 . 2010-05-21 15:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-08 16:32 . 2012-04-26 14:33 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-02-29 15:11 . 2012-04-12 06:33 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-12 06:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-12 06:33 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-12 06:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-12 06:35 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 06:35 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 06:35 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 06:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-21 01:18 . 2012-05-16 07:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2012-03-02 67960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-09-21 949376]

"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-18 462848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]

2010-03-08 07:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARDigitalEntertainer]

2009-04-29 11:22 3498712 ----a-w- c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:54]

.

2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-26 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor Defrag.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-05-27 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-03-17 13:52]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Translate this web page with Babylon

IE: Translate with Babylon

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\hansenjoke\AppData\Roaming\Mozilla\Firefox\Profiles\mj5hzvnh.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-05-27 09:10

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-05-27 09:18:13

ComboFix-quarantined-files.txt 2012-05-27 07:17

ComboFix2.txt 2012-05-26 08:07

.

Pre-Run: 46.851.399.680 bytes beschikbaar

Post-Run: 46.493.986.816 bytes beschikbaar

.

- - End Of File - - 622390EA3BF2D87FB7BFBA98608032A0

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.