hansenjoke

27 mei 2012

Geachte Kweezie Wabbit,

Heb inmiddels de laatste handelingen afgewerkt.

Heb vanmorgen al een spelletje ge klaverjast (helaasverloren) en de computer is daarbij niet vastgelopen. Ook de snelheid van decomputer is groter.

Mag ik u vanaf deze plaats enorm bedanken voor uwmedewerking, u had al snel door dat het naar mij toe, eenvoudig uitgelegd moestworden, zodoende heb ik het hele proces tot een goed einde kunnen brengen.

Bijzonder knap dat iemand zoveel tijd besteed aan de(computer)problemen van iemand die hij totaal niet kent.

Hopelijk mag ik een volgen keer met dit of een andercomputer probleem, weer een beroep op u doen. Nogmaals BEDANKT.

Mvrgr. Hans.

27 mei 2012

Goede morgen,

Terwijl combofix bezig was kreeg ik twee meldingen:

1 Virus ontdekt, gebeurtenis opgetreden door applicatieC;/combo fix, het bestand is verplaatst naar quarantaine.

2 Pev. 3XE werkt niet meer.

Ik weet niet of dit belangrijk is, daarom vermeld ik dit ermaar bij.

Mvrgr. Hans van hansenjoke/

ComboFix 12-05-27.01 - hansenjoke 27-05-2012 8:48.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.767.232 [GMT 2:00]

Gestart vanuit: c:\users\hansenjoke\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\hansenjoke\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\PriceGong

c:\program files\PriceGong\2.6.4\PriceGong.crx

c:\program files\PriceGong\uninst.exe

c:\users\HANSEN~1\AppData\Local\Temp\ppcrlui_2724_2

c:\users\hansenjoke\AppData\Local\Temp\ppcrlui_2724_2

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-27 to 2012-05-27 ))))))))))))))))))))))))))))))

.

2012-05-27 07:09 . 2012-05-27 07:10 -------- d-----w- c:\users\hansenjoke\AppData\Local\temp

2012-05-27 07:09 . 2012-05-27 07:09 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2012-05-27 07:09 . 2012-05-27 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 07:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556B0F63-0CBB-4580-B91A-77B08176EBB8}\mpengine.dll

2012-05-24 16:42 . 2012-05-24 16:42 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\Malwarebytes

2012-05-24 16:41 . 2012-05-24 16:41 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 16:41 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 16:41 . 2012-05-24 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 11:06 . 2012-05-24 11:06 -------- d-----w- c:\program files\Nieuwe map

2012-05-23 16:16 . 2012-05-23 16:16 -------- d-----w- c:\program files\Oracle

2012-05-23 16:16 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-20 07:42 . 2012-05-16 10:07 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-05-20 07:42 . 2012-05-20 07:42 -------- d-----w- c:\program files\Soluto

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\searchplugins

2012-05-14 18:50 . 2012-05-14 18:50 -------- d-----w- c:\users\hansenjoke\bProtectorForWindows

2012-05-14 18:32 . 2012-05-15 19:21 -------- d-----w- c:\users\hansenjoke\AppData\Roaming\PerformerSoft

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\searchplugins

2012-05-14 18:31 . 2012-05-14 18:31 -------- d-----w- c:\windows\system32\bProtectorForWindows

2012-05-14 18:31 . 2012-05-15 19:21 -------- d-----w- c:\program files\PC Performer

2012-05-14 18:30 . 2012-05-14 18:30 -------- d-----w- c:\programdata\bProtectorForWindows

2012-05-14 17:59 . 2012-05-20 08:00 -------- d-----w- c:\programdata\Soluto

2012-05-11 12:58 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 12:58 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-11 12:58 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 13:54 . 2012-04-09 06:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 13:54 . 2011-06-02 13:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-26 14:27 . 2012-04-26 14:27 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-20 13:33 . 2012-04-20 13:33 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-14 18:41 . 2010-05-21 15:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-08 16:32 . 2012-04-26 14:33 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-02-29 15:11 . 2012-04-12 06:33 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-12 06:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-12 06:33 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-12 06:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-12 06:35 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 06:35 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 06:35 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 06:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-21 01:18 . 2012-05-16 07:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2012-03-02 67960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-09-21 949376]

"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-18 462848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]

2010-03-08 07:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARDigitalEntertainer]

2009-04-29 11:22 3498712 ----a-w- c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:54]

.

2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:35]

.

2012-05-26 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor Defrag.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-02-03 c:\windows\Tasks\PC Health Advisor.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-05-27 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-03-17 13:52]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Translate this web page with Babylon

IE: Translate with Babylon

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\hansenjoke\AppData\Roaming\Mozilla\Firefox\Profiles\mj5hzvnh.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-05-27 09:10

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-05-27 09:18:13

ComboFix-quarantined-files.txt 2012-05-27 07:17

ComboFix2.txt 2012-05-26 08:07

.

Pre-Run: 46.851.399.680 bytes beschikbaar

Post-Run: 46.493.986.816 bytes beschikbaar

.

- - End Of File - - 622390EA3BF2D87FB7BFBA98608032A0

26 mei 2012

heb via link 2 combofix gedownload (via 1 kon dat niet, computer gaf fout melding aan )verder heb ik niks (kunnen doen) maar ik denk dat het hele proces wel afgewerkt is.

Hierbij de inhoud van loqbestand.

ComboFix 12-05-26.02 - hansenjoke 26-05-2012 9:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.767.201 [GMT 2:00]

Gestart vanuit: c:\users\hansenjoke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FV0XVQ3\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe

c:\program files\facemoods.com\sqlite3.dll

c:\program files\Windows Searchqu Toolbar

c:\program files\Windows Searchqu Toolbar\DataMngr\datamngr.dll

c:\program files\Windows Searchqu Toolbar\DataMngr\datamngrUI.exe

c:\program files\Windows Searchqu Toolbar\del_DM_DLL_57.dll

c:\program files\Windows Searchqu Toolbar\del_DM_DLL_88.dll

c:\program files\Windows Searchqu Toolbar\del_DM_EXE_19.dll

c:\program files\Windows Searchqu Toolbar\del_DM_EXE_93.dll

c:\program files\Windows Searchqu Toolbar\INSTALL.LOG

c:\program files\Windows Searchqu Toolbar\main.ico

c:\program files\Windows Searchqu Toolbar\uninstall.exe

c:\program files\Windows Searchqu Toolbar\UNWISE.EXE

c:\program files\Windows Searchqu Toolbar\UnwiseLauncher.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk

c:\users\HANSEN~1\AppData\Local\Temp\ppcrlui_1888_2

c:\users\hansenjoke\AppData\Local\Temp\ppcrlui_1888_2

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\nzbchronicle.net.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\Place2Use.net.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\SpotLite website.url

c:\users\hansenjoke\AppData\Roaming\Microsoft\Windows\Recent\WWW.WICKEDREACTION.WS.url

c:\users\hansenjoke\Documents\~WRL0002.tmp

c:\users\hansenjoke\Favorites\Download programs.url

c:\users\Public\sdelevURL.tmp

c:\windows\system32\gFj0ntf.vbs

c:\windows\system32\mSSVP.vbs

c:\windows\system32\roboot.exe

K:\install.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-26 to 2012-05-26 ))))))))))))))))))))))))))))))

.

2012-05-26 07:44 . 2012-05-26 07:52 -------- d-----w- c:\users\hansenjoke\AppData\Local\temp

2012-05-26 07:44 . 2012-05-26 07:44 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2012-05-26 07:44 . 2012-05-26 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp