Vraag & Antwoord
Hijack Log
30 antwoorden
- Hallo Moderator
Sorry dat ik het vergeten ben het te vermelden, maar de externe schijf (die wel werkt op andere PC's) is op de PC van mijn vrouw ook niet meer te vinden.
In feite vind ik dit het grootste probleem.
Daarom heb ik een Hijack gemaakt.
Groetend Piet. - Mijn vrouw heeft op haar PC nog Windows XP.
Binnenkort wil ik deze herbouwen of van een moderne stuurprogramma voorzien.
Maar voordat ik dit doe wil ik haar persoonlijke gegevens opladen op een Externe schijf.
Dit lukt niet en ik krijg het volgende bericht.
"Help en Ondersteuning kan niet worden geopend omdat een systeemservice niet is gestart. Start de service met de naam Help en Support om dit probleem op te lossen"
Wat ik ook doe ik kan dit probleem niet oplossen, doordat ik de Service.msc wegens een "http-fout 500 Interne servicefout"niet" niet kan vinden.
Ook blijkt Windows en Microsoft update en andere ondersteuningsfuncties niet meer te werken.
Ik heb een HiJack van mijn vrouws PC gemaakt.
Door een vraag hierover op Breekpunt ben ik voor de plaatsing cq beoordeling naar deze site verwezen.
Mijn VRAAG is: Waar kan ik de HiJacklog plaatsen en zijn er nog andere gegevens nodig.
Bijvoorbaat mijn dank Piet. - Hallo Piet, gewoon de data kopiëren naar de externe lokatie!
- Sluit de HD via USB aan.
Ga vervolgens naar Apparaatbeheer en klik daar de USB open.
Klik nu met rechts op elke USB-controller en kies voor "Installatie ongedaan maken".
Zijn alle USB-controllers op die wijze dan verdwenen - dan start je de PC opnieuw op.
Nadat de desktop weer toont en alles is opgestart, wordt de USB-sectie opnieuw geïnstalleerd.
Zeer waarschijnlijk, dat de HD dan ook weer vindbaar is en werkt. - Hallo Moderator
Ik heb het voorgestelde gedaan maar zonder resultaat.
Ook heb ik ontdekt, dat WindowsXP op de PC van mijn vrouw ook geen updates ontvangt.
Mijn eerste vraag is nu "Is het zinvol een Hijacklog ter beoordeling toe te zenden.
Zo ja waar moet deze geplaatst worden?
Groetend Piet
Sorry voor het late antwoord. - Doe het volgende:
[b:92e7d2550f]Welk programma[/b:92e7d2550f]: [img:92e7d2550f]http://www.imgdumper.nl/uploads7/51e81da73ab8c/51e81da73a79e-51a5f5d096dae-icon_RSIT_Canned.png[/img:92e7d2550f] - Wil het lukken?
- Hallo Moderator
Het heeft even geduurd om de log te kunnen plaatsen.
Maar uiteindelijk volgt de log uitgevoerd met RSIT 32 bt nu
Logfile of random's system information tool 1.09 (written by random/random)
Run by GLADyS bimmel at 2013-07-26 16:13:55
WIN_XP Service Pack 3
System drive C: has 51 GB (65%) free of 79 GB
Total RAM: 2015 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:02, on 26-7-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GLADyS bimmel\Local Settings\Temporary Internet Files\Content.IE5\12PSS81V\RSIT[1].exe
C:\Program Files\trend micro\GLADyS bimmel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.wanadoo.nl/pigla/vorigjaa.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: FileConverter 1.4 - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files\FileConverter_1.4\prxtbFil0.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: FileConverter 1.4 Toolbar - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files\FileConverter_1.4\prxtbFil0.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] \HPOTDD01.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1359370247609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
–
End of file - 7859 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click PC Care Reminder.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]
FileConverter 1.4 Toolbar - C:\Program Files\FileConverter_1.4\prxtbFil0.dll [2013-07-09 226592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-31 509776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09 387040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-12 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-12 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{296aa17d-c89e-4242-a5a4-44bfe76914a2} - FileConverter 1.4 Toolbar - C:\Program Files\FileConverter_1.4\prxtbFil0.dll [2013-07-09 226592]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-31 509776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"=C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe [2008-01-30 90112]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"DeviceDiscovery"=\HPOTDD01.EXE []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"PrnSys Executable"=C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe [2002-08-01 36864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 204288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [2013-06-12 814472]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-22 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.PIXL"=pclepixl.dll
"VIDC.NTN1"=NUVision.ax
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-07-26 16:13:55 —-D—- C:\rsit
2013-07-17 19:05:25 —-SHD—- C:\Config.Msi
2013-07-08 23:08:15 —-D—- C:\Program Files\Trend Micro
======List of files/folders modified in the last 1 month======
2013-07-26 16:14:39 —-D—- C:\WINDOWS\Temp
2013-07-26 16:14:10 —-D—- C:\WINDOWS\Prefetch
2013-07-26 16:12:43 —-D—- C:\Documents and Settings\GLADyS bimmel\Application Data\PriceGong
2013-07-26 15:52:48 —-SHD—- C:\System Volume Information
2013-07-26 00:09:56 —-A—- C:\WINDOWS\SchedLgU.Txt
2013-07-22 16:20:15 —-D—- C:\WINDOWS\system32\CatRoot2
2013-07-17 19:18:25 —-D—- C:\Program Files\FileConverter_1.4
2013-07-17 19:09:47 —-AC—- C:\WINDOWS\system32\MsiExec.exe.log
2013-07-17 19:09:37 —-SHD—- C:\WINDOWS\Installer
2013-07-17 19:07:50 —-D—- C:\Program Files\Common Files\Nero
2013-07-17 19:07:48 —-D—- C:\Documents and Settings\All Users\Application Data\Nero
2013-07-17 19:07:43 —-D—- C:\WINDOWS\system32\drivers
2013-07-17 19:07:43 —-D—- C:\WINDOWS\system32
2013-07-17 19:07:42 —-D—- C:\WINDOWS
2013-07-08 23:08:15 —-RD—- C:\Program Files
2013-07-08 21:01:30 —-AC—- C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-08 20:59:31 —-A—- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-10 82380]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys []
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\WINDOWS\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1404000.028\SRTSPX.SYS [2013-03-05 32344]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1404000.028\SYMTDI.SYS [2013-04-25 396760]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-13 43008]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130724.001\IDSxpx86.sys []
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130725.023\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130725.023\NAVEX15.SYS []
R3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1404000.028\SRTSP.SYS [2013-05-16 603224]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-04-23 120960]
S3 catchme;catchme; \??\C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MPE;BDA MPE-filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nuvaud2;Pinnacle DVC 80 Audio; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-12-03 26560]
S3 NUVision;Pinnacle DVC 80 Video; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;easycap video adapter; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-16 378880]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-02-06 28288]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WLAN_USB; Wireless LAN USB Driver; C:\WINDOWS\system32\DRIVERS\wlanUSB.sys []
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-02-12 170912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SNMP;SNMP-service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hpdj;hpdj; C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product= []
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe []
S2 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;SNMP Trap-service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
—————–EOF—————–
Hopende dat het Goed is.
Groeten Piet - Graag de drie logs in één keer posten.
- Ik heb de drie stappen uitgevoevoerd.
Bij stap 1 AdwCleaner was de log:
# AdwCleaner v2.306 - Verslag gemaakt op 28/07/2013 om 18:15:29
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : GLADyS bimmel - ANGELDESK
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\GLADyS bimmel\Bureaublad\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Application Data\PriceGong
Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\Conduit
Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\FileConverter_1.4
Map Verwijderd : C:\Program Files\Conduit
Map Verwijderd : C:\Program Files\FileConverter_1.4
Map Verwijderd : C:\Program Files\Wondershare
***** [Register] *****
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\ConduitSearchScopes
Sleutel Verwijderd : HKCU\Software\FileConverter_1.4
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{988ABD7F-C363-4605-A81F-5751A690548E}
Sleutel Verwijderd : HKCU\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
Sleutel Verwijderd : HKCU\Toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{988ABD7F-C363-4605-A81F-5751A690548E}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3241951
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\FileConverter_1.4
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A5DDFDC-7228-4C5E-9AA0-D230A63CBD8E}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD933DD1-66A2-4A3B-ACC0-CF56CC04AAC0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.4 Toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{988ABD7F-C363-4605-A81F-5751A690548E}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.4 Toolbar
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{296AA17D-C89E-4242-A5A4-44BFE76914A2}]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{296AA17D-C89E-4242-A5A4-44BFE76914A2}]
***** [Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[S1].txt - [3385 octets] - [28/07/2013 18:15:29]
########## EOF - C:\AdwCleaner[S1].txt - [3445 octets] ##########
Bij Stap 2 Junkware Removal Tool kreeg ik geen resultaat.
Wit op zwart stond er de tekst Creating registry backup'
Checking Startup.
Fout: Systeem kan opgegeven registersleutel niet vinden.
Checking Processen
Checking Services
Checking Files
Checking folders
Checking Registry
Hierna bleef het streepje flikkeren en een afdruk was niet mogelijk.
Bij het draaien hiervan was mijn Antivirus uitgeschakeld.
Bij Stap 3 Malwarebytes MBAM vond ik de volgende log:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.04.04.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
GLADyS bimmel :: ANGELDESK [administrator]
Bescherming: Uitgeschakeld
28-7-2013 18:40:18
mbam-log-2013-07-28 (18-40-18).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 221685
Verstreken tijd: 12 minuut/minuten, 6 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hopende dat mijn antwoord in orde is.
Bovendien ging het opstarten na een onderberbreking van de PC niet van een leien dakje.
Groetend piet - Gaat het opstarten nog steeds een beetje vreemd?
Ik mis het JRT-log.
Maar we graven verder:
[b:ebf42c8569]Welk programma[/b:ebf42c8569]: [img:ebf42c8569]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:ebf42c8569] - Hallo Abraham
Alvorens ik de log van Combofix plaats enkele opmerkingen. Voor het laden hiervan heb ik de site Bleepingcomputer gebruikt.
Tijden het scannen het maken van een herstelpunt vrij lang geduurd en omdat Systeemherstel niet bereikbaar was vreesde ik dat Combofix zou eindigen.
Systeemherstel was iets wat namelijk niet meer mogelijk was.
Bij een controle hierna bleek, dat dit hersteld was.
Ook werden tijdens het sluiten van de PC 67 updates voor WindowsXP geïnstaleerd.
Hoewel ik niet alle fouten heb gecontroleerd heb ik het idee dat er verbeteringen zijn.
Alleen is Help en Ondersteuening nog niet bereikbaar.
Moet ik ook noog een scan met JRT doen? Misschien lukt deze nu wel.
NU PROBEER IK DE COMBO FIX LOG TE PLAATSEN.
ComboFix 13-07-27.01 - GLADyS bimmel 29-07-2013 21:28:42.2.1 - x86
Gestart vanuit: c:\documents and settings\GLADyS bimmel\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\GLADyS bimmel\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\unin0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-29 ))))))))))))))))))))))))))))))
.
.
2013-07-28 17:35 . 2013-07-28 17:35 ——– d—–w- c:\program files\Common Files\Java
2013-07-28 17:34 . 2013-07-28 17:34 144896 —-a-w- c:\windows\system32\javacpl.cpl
2013-07-28 17:34 . 2013-07-28 17:34 94632 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-28 16:30 . 2013-07-28 16:56 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-07-28 16:30 . 2013-04-04 12:50 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 16:20 . 2013-07-28 16:20 ——– d—–w- c:\windows\ERUNT
2013-07-26 14:13 . 2013-07-26 14:15 ——– d—–w- C:\rsit
2013-07-08 21:08 . 2013-07-26 14:15 ——– d—–w- c:\program files\Trend Micro
2013-07-08 21:08 . 2013-07-08 21:08 388096 —-a-r- c:\documents and settings\GLADyS bimmel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 17:34 . 2013-02-12 16:59 867240 —-a-w- c:\windows\system32\npDeployJava1.dll
2013-07-28 17:34 . 2010-06-15 08:27 789416 -c–a-w- c:\windows\system32\deployJava1.dll
2013-06-19 05:05 . 2013-01-25 10:02 142496 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-12 18:48 . 2012-03-29 16:25 692104 -c–a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 18:48 . 2011-11-21 17:29 71048 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 18:48 . 2013-06-12 18:48 8610696 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-23 05:25 . 2013-06-13 19:32 934488 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\symefa.sys
2013-05-21 05:02 . 2013-06-13 19:32 367704 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\symds.sys
2013-05-16 05:02 . 2013-06-13 19:32 603224 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\srtsp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"PrnSys Executable"="c:\program files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [2002-08-01 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-2-23 98304]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-05-31 1002072]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-25 106656]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSxpx86.sys [2013-01-24 373728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:48]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://home.wanadoo.nl/pigla/vorigjaa.htm
IE: E&xporteren naar Microsoft Excel
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-DeviceDiscovery - \HPOTDD01.EXE - Doe nu het volgende:
[b:ad897f4983]Welk programma[/b:ad897f4983]: [img:ad897f4983]http://www.imgdumper.nl/uploads7/51e3a68dbbece/51e3a68db6cb8-SecurityCheck_icon_Canned_m1348768721.jpg[/img:ad897f4983] - Hier komt de uitslag van de Security check.
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
[b:3e182e3fd5][u:3e182e3fd5]``````````````Antivirus/Firewall Check:``````````````[/b:3e182e3fd5][/u:3e182e3fd5]
Norton Internet Security
McAfee Shredder
[b:3e182e3fd5][u:3e182e3fd5]`````````Anti-malware/Other Utilities Check:`````````[/b:3e182e3fd5][/u:3e182e3fd5]
Spybot - Search & Destroy
CCleaner (remove only)
TweakNow RegCleaner Standard
TweakNow RegCleaner
Java 7 Update 25
[b:3e182e3fd5][u:3e182e3fd5]````````Process Check: objlist.exe by Laurent````````[/b:3e182e3fd5][/u:3e182e3fd5]
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b:3e182e3fd5][u:3e182e3fd5]`````````````````System Health check`````````````````[/b:3e182e3fd5][/u:3e182e3fd5]
Total Fragmentation on Drive C::
[b:3e182e3fd5][u:3e182e3fd5]````````````````````End of Log``````````````````````[/b:3e182e3fd5][/u:3e182e3fd5] - Dat ziet er op zich up-to-date uit.
Ook het geven dat je Malwarebytes MBAM hebt, is prima.
Gebruik je deze ondemandscanner elke week na updaten met de snelle scan?
En dan Spybot: waardeloos, te geringe virusherkenning.
En Spybot 2, de opvolger is wat dat betreft hetzelfde.
Wil je een ondemandscanner die ook cookies analyseert, verwijder dan Spybot en installeer dan daarvoor SuperAntispyware.
Deaktiveer vervolgens alle aktieve processen.
Dat scheelt een aantal processen in Windows, daarna gebruik je het tool op dezelfde wijze als MBAM.
Dus handmatig updaten en dan scannen.
En doe ook het volgende:
[b:4de3efae2d]Welk programma[/b:4de3efae2d]: [img:4de3efae2d]http://www.imgdumper.nl/uploads7/51ee66972cd38/51ee66972b5a8-RogueKiller_icon_Nieuw.jpg[/img:4de3efae2d] - Hallo Moderator
Allereereerst antwoord op de vraag.
Malewarebytes MBAM gebruik ik praktisch niet.
Wel draai ik ongeveer eens per maand op de PC van mijn vrouw.
Spybot S&D, CCleaner, Cleanup, DesktopManager en TweakNowRegCleanerStd.
Van de laatste gebruik ikniet de laatste versie, omdat hier niet duidelijk is wat ik veilig kan verwijderen.
Op uw advies zal ik Spybot op alle PC,s vervanvangen door SuperAntispyware.
Voordat ik de RogueKiller plaats even een opmerking ipv CheckFaked stond er hier Verificeer Drivers.
RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
besturingssysteem : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : GLADyS bimmel [Administrator rechten]
Modus : Scan – Datum : 07/31/2013 16:19:52
| ARK || FAK || MBR |
¤¤¤ Kwaadaardige processen : 0 ¤¤¤
¤¤¤ Register verwijzingen : 6 ¤¤¤
[HJ POL] HKLM\[…]\System : DisableRegistryTools (0) -> gevonden
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowRecentDocs (0) -> gevonden
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowPrinters (0) -> gevonden
[HJ DESK] HKCU\[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
[HJ DESK] HKCU\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
[HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
¤¤¤ geplande taken : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ webbrowsers : 0 ¤¤¤
¤¤¤ Speciale Files / Folders: ¤¤¤
[ZeroAccess][map] U : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> gevonden
[ZeroAccess][map] U : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> gevonden
[ZeroAccess][map] L : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> gevonden
[ZeroAccess][map] L : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> gevonden
¤¤¤ Driver : [Geladen] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x80630108 -> HOOKED (Unknown @ 0x89897CE0)
[Address] SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x89897ED0)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8989A9F8)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A1387 -> HOOKED (Unknown @ 0x89898C20)
[Address] SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x89788BE0)
[Address] SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x89A73598)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E796 -> HOOKED (Unknown @ 0x89AABFC0)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x896A0708)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x8065C259 -> HOOKED (Unknown @ 0x89898D00)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0x896C8270)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x89782A58)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x89A404A0)
[Address] SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x89897C00)
[Address] SSDT[97] : NtLoadDriver @ 0x805A29BD -> HOOKED (Unknown @ 0x8975B888)
[Address] SSDT[108] : unknown @ 0x8057CB31 -> HOOKED (Unknown @ 0x897026F8)
[Address] SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x89A734B8)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0x89866AC8)
[Address] SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8989AAC8)
[Address] SSDT[125] : NtOpenSection @ 0x8056E583 -> HOOKED (Unknown @ 0x89898EB0)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0x89868CB8)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x80574F70 -> HOOKED (Unknown @ 0x89898788)
[Address] SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x89897F90)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E937 -> HOOKED (Unknown @ 0x89891F48)
[Address] SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x897321F0)
[Address] SSDT[240] : NtSetSystemInformation @ 0x805A6AA9 -> HOOKED (Unknown @ 0x898989C0)
[Address] SSDT[253] : NtSuspendProcess @ 0x8063004D -> HOOKED (Unknown @ 0x89898F90)
[Address] SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x898969F0)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x897001E0)
[Address] SSDT[258] : unknown @ 0x80578037 -> HOOKED (Unknown @ 0x89896AB0)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x897322E0)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x89782B28)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89903170)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x899020B0)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x898F38C8)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89901DC8)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x899533F8)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A9A690)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A3D5E8)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A48550)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8995E140)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x899CA990)
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infectie : ZeroAccess ¤¤¤
¤¤¤ HOSTS Bestand: ¤¤¤
–> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Controle: ¤¤¤
+++++ PhysicalDrive0: HDS728080PLAT20 +++++
— User —
[MBR] acba3ecea3b54ffccf0037334b92b75b
[BSP] f435501b94b969da7f5b742dc8a22360 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
User = LL1 … OK!
User = LL2 … OK!
Gereed : << RKreport[0]_S_07312013_161952.txt >> - Ik had al een vermoeden dat Zero-Acces in het spel was.
[img:dc098b3d83]http://www.imgdumper.nl/uploads7/51f8d0367469c/51f8d03670fd5-RogueKiller_icon_Canned_def.jpg[/img:dc098b3d83][b:dc098b3d83] RogueKiller opstarten[/b:dc098b3d83]:
[list:dc098b3d83][*:dc098b3d83]Sluit nu eerst alle nog openstaande programmavensters!
[*:dc098b3d83][b:dc098b3d83] - Hierbij de gevraagde log.
Alleen heb ik de vier (ZeroAcces)….. mappen niet gezien.
RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
besturingssysteem : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : GLADyS bimmel [Administrator rechten]
Modus : Verwijder – Datum : 07/31/2013 18:36:02
| ARK || FAK || MBR |
¤¤¤ Kwaadaardige processen : 0 ¤¤¤
¤¤¤ Register verwijzingen : 6 ¤¤¤
[HJ POL] HKLM\[…]\System : DisableRegistryTools (0) -> Verwijderd
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowRecentDocs (0) -> VERVANGEN (1)
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowPrinters (0) -> VERVANGEN (1)
[HJ DESK] HKCU\[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)
[HJ DESK] HKCU\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)
[HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)
¤¤¤ geplande taken : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ webbrowsers : 0 ¤¤¤
¤¤¤ Speciale Files / Folders: ¤¤¤
[ZeroAccess][map] U : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> Verwijderd
[ZeroAccess][map] U : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> Verwijderd
[ZeroAccess][map] L : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> Verwijderd
[ZeroAccess][map] L : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> Verwijderd
¤¤¤ Driver : [Geladen] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x80630108 -> HOOKED (Unknown @ 0x896DAA20)
[Address] SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x896DAB00)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x896FFA78)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A1387 -> HOOKED (Unknown @ 0x896A2B80)
[Address] SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8975CD90)
[Address] SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x896DA770)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E796 -> HOOKED (Unknown @ 0x896A29A0)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8987ECF0)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x8065C259 -> HOOKED (Unknown @ 0x896A2C60)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0x896FFC48)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x896FF830)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x896DA860)
[Address] SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x896DA940)
[Address] SSDT[97] : NtLoadDriver @ 0x805A29BD -> HOOKED (Unknown @ 0x8976C7F0)
[Address] SSDT[108] : unknown @ 0x8057CB31 -> HOOKED (Unknown @ 0x896D9508)
[Address] SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x896DA690)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0x896FFE28)
[Address] SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x896FFB68)
[Address] SSDT[125] : NtOpenSection @ 0x8056E583 -> HOOKED (Unknown @ 0x896A2E88)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0x896FFD38)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x80574F70 -> HOOKED (Unknown @ 0x896A2A90)
[Address] SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x896DABE0)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E937 -> HOOKED (Unknown @ 0x896DAE80)
[Address] SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x896DAF60)
[Address] SSDT[240] : NtSetSystemInformation @ 0x805A6AA9 -> HOOKED (Unknown @ 0x896A2D40)
[Address] SSDT[253] : NtSuspendProcess @ 0x8063004D -> HOOKED (Unknown @ 0x896A2F48)
[Address] SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x896DACC0)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8987D460)
[Address] SSDT[258] : unknown @ 0x80578037 -> HOOKED (Unknown @ 0x896DADA0)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x896FF6A8)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x896FF920)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x898F8818)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x898F1DC8)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x898EE698)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x898F2C48)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8995F3B0)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A74978)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x898C28C8)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A720E8)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8996D520)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x899E7AA8)
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infectie : ZeroAccess ¤¤¤
¤¤¤ HOSTS Bestand: ¤¤¤
–> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Controle: ¤¤¤
+++++ PhysicalDrive0: HDS728080PLAT20 +++++
— User —
[MBR] acba3ecea3b54ffccf0037334b92b75b
[BSP] f435501b94b969da7f5b742dc8a22360 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
User = LL1 … OK! - Download de [img:7ebc049cf2]http://www.imgdumper.nl/uploads7/51e7051a0eef1/51e7051a0eb2f-HitmanPro_iconCanned.jpg[/img:7ebc049cf2][b:7ebc049cf2][/b:7ebc049cf2] naar het bureaublad.
[b:7ebc049cf2]Klik hier[/b:7ebc049cf2] voor een uitgebreide handleiding van HitmanPro.
[list:7ebc049cf2]
[*:7ebc049cf2] Houd de linker [b:7ebc049cf2]CTRL toets[/b:7ebc049cf2] ingedrukt en dubbelklik op "[b:7ebc049cf2]HitmanPro36.exe[/b:7ebc049cf2]" om de "[b:7ebc049cf2]Force Breach[/b:7ebc049cf2]" te starten en klik op "[b:7ebc049cf2]volgende[/b:7ebc049cf2]" als HitmanPro de processen heeft geblokkeerd.
[*:7ebc049cf2] Vink de optie "[b:7ebc049cf2]Ik accepteer de voorwaarden van de gebruikersovereenkomst aan[/b:7ebc049cf2]" en klik op "[b:7ebc049cf2]Volgende[/b:7ebc049cf2]"
[*:7ebc049cf2] Klik in het setup scherm nu nogmaals op "[b:7ebc049cf2]Volgende[/b:7ebc049cf2]", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
[*:7ebc049cf2] Als de scan klaar is klik je op [b:7ebc049cf2]"volgende"[/b:7ebc049cf2]
[*:7ebc049cf2] Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
[*:7ebc049cf2] [i:7ebc049cf2] - Allereerst moet ik mijn compliment maken voor de zeer snelle reacties.
Ik hoop het ook te kunnen volhouden, maar ben bang dat dit vrijdag en zaterdag niet lukt.
Hier komt de HITMAN LOG.
[code:1:34c220e377]
HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : ANGELDESK
Windows . . . . . . . : 5.1.3.2600.X86/1
User name . . . . . . : ANGELDESK\GLADyS bimmel
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-31 20:46:19
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 137
Objects scanned . . . : 609.358
Files scanned . . . . : 19.321
Remnants scanned . . : 110.955 files / 479.082 keys
Cookies _____________________________________________________________________
C:\Documents and Settings\GLADyS bimmel\Cookies\0MQC3DK8.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\139122IG.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\3BNBPGW7.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\5DQROSGK.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\5RB7L5PX.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\7B53OJVI.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\EC4TCFCD.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\J0F4RF4E.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\JMY1KXIR.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\M8UCA2JS.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\MP8H2OS5.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\O7TXXU25.txt
C:\Documents and Settings\GLADyS bimmel\Cookies\WVT93BAR.txt
[/code:1:34c220e377]
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
