Vraag & Antwoord

Beveiliging & privacy

Hijack Log

Anoniem
None
30 antwoorden
  • Mijn vrouw heeft op haar PC nog Windows XP.
    Binnenkort wil ik deze herbouwen of van een moderne stuurprogramma voorzien.
    Maar voordat ik dit doe wil ik haar persoonlijke gegevens opladen op een Externe schijf.
    Dit lukt niet en ik krijg het volgende bericht.
    "Help en Ondersteuning kan niet worden geopend omdat een systeemservice niet is gestart. Start de service met de naam Help en Support om dit probleem op te lossen"
    Wat ik ook doe ik kan dit probleem niet oplossen, doordat ik de Service.msc wegens een "http-fout 500 Interne servicefout"niet" niet kan vinden.
    Ook blijkt Windows en Microsoft update en andere ondersteuningsfuncties niet meer te werken.
    Ik heb een HiJack van mijn vrouws PC gemaakt.
    Door een vraag hierover op Breekpunt ben ik voor de plaatsing cq beoordeling naar deze site verwezen.

    Mijn VRAAG is: Waar kan ik de HiJacklog plaatsen en zijn er nog andere gegevens nodig.

    Bijvoorbaat mijn dank Piet.
  • Hallo Piet, gewoon de data kopiëren naar de externe lokatie!
  • Hallo Moderator
    Sorry dat ik het vergeten ben het te vermelden, maar de externe schijf (die wel werkt op andere PC's) is op de PC van mijn vrouw ook niet meer te vinden.
    In feite vind ik dit het grootste probleem.
    Daarom heb ik een Hijack gemaakt.

    Groetend Piet.
  • Sluit de HD via USB aan.
    Ga vervolgens naar Apparaatbeheer en klik daar de USB open.
    Klik nu met rechts op elke USB-controller en kies voor "Installatie ongedaan maken".

    Zijn alle USB-controllers op die wijze dan verdwenen - dan start je de PC opnieuw op.
    Nadat de desktop weer toont en alles is opgestart, wordt de USB-sectie opnieuw geïnstalleerd.
    Zeer waarschijnlijk, dat de HD dan ook weer vindbaar is en werkt.
  • Hallo Moderator

    Ik heb het voorgestelde gedaan maar zonder resultaat.
    Ook heb ik ontdekt, dat WindowsXP op de PC van mijn vrouw ook geen updates ontvangt.
    Mijn eerste vraag is nu "Is het zinvol een Hijacklog ter beoordeling toe te zenden.
    Zo ja waar moet deze geplaatst worden?
    Groetend Piet

    Sorry voor het late antwoord.
  • Doe het volgende:

    [b:92e7d2550f]Welk programma[/b:92e7d2550f]: [img:92e7d2550f]http://www.imgdumper.nl/uploads7/51e81da73ab8c/51e81da73a79e-51a5f5d096dae-icon_RSIT_Canned.png[/img:92e7d2550f]
  • Wil het lukken?
  • Hallo Moderator
    Het heeft even geduurd om de log te kunnen plaatsen.
    Maar uiteindelijk volgt de log uitgevoerd met RSIT 32 bt nu

    Logfile of random's system information tool 1.09 (written by random/random)
    Run by GLADyS bimmel at 2013-07-26 16:13:55
    WIN_XP Service Pack 3
    System drive C: has 51 GB (65%) free of 79 GB
    Total RAM: 2015 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:15:02, on 26-7-2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\GLADyS bimmel\Local Settings\Temporary Internet Files\Content.IE5\12PSS81V\RSIT[1].exe
    C:\Program Files\trend micro\GLADyS bimmel.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.wanadoo.nl/pigla/vorigjaa.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: FileConverter 1.4 - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files\FileConverter_1.4\prxtbFil0.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: FileConverter 1.4 Toolbar - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files\FileConverter_1.4\prxtbFil0.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] \HPOTDD01.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-1177238915-562591055-725345543-1005\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1359370247609
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 7859 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\1-Click PC Care Reminder.job
    C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
    McAfee Phishing Filter

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]
    FileConverter 1.4 Toolbar - C:\Program Files\FileConverter_1.4\prxtbFil0.dll [2013-07-09 226592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-31 509776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09 387040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-12 461216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-12 170912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {296aa17d-c89e-4242-a5a4-44bfe76914a2} - FileConverter 1.4 Toolbar - C:\Program Files\FileConverter_1.4\prxtbFil0.dll [2013-07-09 226592]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-31 509776]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "TrayServer"=C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe [2008-01-30 90112]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
    "DeviceDiscovery"=\HPOTDD01.EXE []
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
    "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
    "PrnSys Executable"=C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe [2002-08-01 36864]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 204288]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [2013-06-12 814472]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-22 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1
    "NoDriveAutoRun"=67108863
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0
    "NoRun"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "midimapper"=midimap.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msadpcm"=msadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.trspch"=tssoft32.acm
    "vidc.cvid"=iccvid.dll
    "vidc.iv31"=ir32_32.dll
    "vidc.iv32"=ir32_32.dll
    "vidc.iv41"=ir41_32.ax
    "VIDC.IYUV"=iyuv_32.dll
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "VIDC.UYVY"=msyuv.dll
    "VIDC.YUY2"=msyuv.dll
    "VIDC.YVU9"=tsbyuv.dll
    "VIDC.YVYU"=msyuv.dll
    "wavemapper"=msacm32.drv
    "msacm.msg723"=msg723.acm
    "vidc.M263"=msh263.drv
    "vidc.M261"=msh261.drv
    "msacm.msaudio1"=msaud32.acm
    "msacm.sl_anet"=sl_anet.acm
    "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
    "vidc.iv50"=ir50_32.dll
    "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "VIDC.PIXL"=pclepixl.dll
    "VIDC.NTN1"=NUVision.ax
    "MSVideo8"=VfWWDM32.dll
    "wave1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "VIDC.MPG4"=mpg4c32.dll
    "VIDC.MP42"=mpg4c32.dll
    "wave2"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer2"=wdmaud.drv
    "aux"=wdmaud.drv
    "wave3"=wdmaud.drv
    "midi2"=wdmaud.drv
    "mixer3"=wdmaud.drv
    "aux1"=wdmaud.drv

    ======List of files/folders created in the last 1 month======

    2013-07-26 16:13:55 —-D—- C:\rsit
    2013-07-17 19:05:25 —-SHD—- C:\Config.Msi
    2013-07-08 23:08:15 —-D—- C:\Program Files\Trend Micro

    ======List of files/folders modified in the last 1 month======

    2013-07-26 16:14:39 —-D—- C:\WINDOWS\Temp
    2013-07-26 16:14:10 —-D—- C:\WINDOWS\Prefetch
    2013-07-26 16:12:43 —-D—- C:\Documents and Settings\GLADyS bimmel\Application Data\PriceGong
    2013-07-26 15:52:48 —-SHD—- C:\System Volume Information
    2013-07-26 00:09:56 —-A—- C:\WINDOWS\SchedLgU.Txt
    2013-07-22 16:20:15 —-D—- C:\WINDOWS\system32\CatRoot2
    2013-07-17 19:18:25 —-D—- C:\Program Files\FileConverter_1.4
    2013-07-17 19:09:47 —-AC—- C:\WINDOWS\system32\MsiExec.exe.log
    2013-07-17 19:09:37 —-SHD—- C:\WINDOWS\Installer
    2013-07-17 19:07:50 —-D—- C:\Program Files\Common Files\Nero
    2013-07-17 19:07:48 —-D—- C:\Documents and Settings\All Users\Application Data\Nero
    2013-07-17 19:07:43 —-D—- C:\WINDOWS\system32\drivers
    2013-07-17 19:07:43 —-D—- C:\WINDOWS\system32
    2013-07-17 19:07:42 —-D—- C:\WINDOWS
    2013-07-08 23:08:15 —-RD—- C:\Program Files
    2013-07-08 21:01:30 —-AC—- C:\WINDOWS\system32\PerfStringBackup.INI
    2013-07-08 20:59:31 —-A—- C:\WINDOWS\imsins.BAK

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
    R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
    R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-10 82380]
    R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys []
    R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\WINDOWS\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
    R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1404000.028\SRTSPX.SYS [2013-03-05 32344]
    R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
    R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1404000.028\SYMTDI.SYS [2013-04-25 396760]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-13 43008]
    R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130724.001\IDSxpx86.sys []
    R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
    R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130725.023\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130725.023\NAVEX15.SYS []
    R3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
    R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1404000.028\SRTSP.SYS [2013-05-16 603224]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-04-23 120960]
    S3 catchme;catchme; \??\C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
    S3 MPE;BDA MPE-filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nuvaud2;Pinnacle DVC 80 Audio; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-12-03 26560]
    S3 NUVision;Pinnacle DVC 80 Video; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB28xxBGA;easycap video adapter; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-16 378880]
    S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-02-06 28288]
    S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WLAN_USB; Wireless LAN USB Driver; C:\WINDOWS\system32\DRIVERS\wlanUSB.sys []
    S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-02-12 170912]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
    R2 SNMP;SNMP-service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 hpdj;hpdj; C:\DOCUME~1\GLADYS~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product= []
    S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe []
    S2 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
    S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SNMPTRAP;SNMP Trap-service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
    S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    —————–EOF—————–

    Hopende dat het Goed is.

    Groeten Piet
  • Graag de drie logs in één keer posten.

  • Ik heb de drie stappen uitgevoevoerd.
    Bij stap 1 AdwCleaner was de log:

    # AdwCleaner v2.306 - Verslag gemaakt op 28/07/2013 om 18:15:29
    # Geactualiseerd op 19/07/2013 door Xplode
    # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
    # Gebruiker : GLADyS bimmel - ANGELDESK
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Documents and Settings\GLADyS bimmel\Bureaublad\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Application Data\PriceGong
    Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\Conduit
    Map Verwijderd : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\FileConverter_1.4
    Map Verwijderd : C:\Program Files\Conduit
    Map Verwijderd : C:\Program Files\FileConverter_1.4
    Map Verwijderd : C:\Program Files\Wondershare

    ***** [Register] *****

    Sleutel Verwijderd : HKCU\Software\Conduit
    Sleutel Verwijderd : HKCU\Software\ConduitSearchScopes
    Sleutel Verwijderd : HKCU\Software\FileConverter_1.4
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{988ABD7F-C363-4605-A81F-5751A690548E}
    Sleutel Verwijderd : HKCU\Software\PriceGong
    Sleutel Verwijderd : HKCU\Software\SmartBar
    Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
    Sleutel Verwijderd : HKCU\Toolbar
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{988ABD7F-C363-4605-A81F-5751A690548E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3241951
    Sleutel Verwijderd : HKLM\Software\Conduit
    Sleutel Verwijderd : HKLM\Software\FileConverter_1.4
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A5DDFDC-7228-4C5E-9AA0-D230A63CBD8E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD933DD1-66A2-4A3B-ACC0-CF56CC04AAC0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.4 Toolbar
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296AA17D-C89E-4242-A5A4-44BFE76914A2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{988ABD7F-C363-4605-A81F-5751A690548E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.4 Toolbar
    Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{296AA17D-C89E-4242-A5A4-44BFE76914A2}]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{296AA17D-C89E-4242-A5A4-44BFE76914A2}]

    ***** [Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [3385 octets] - [28/07/2013 18:15:29]

    ########## EOF - C:\AdwCleaner[S1].txt - [3445 octets] ##########

    Bij Stap 2 Junkware Removal Tool kreeg ik geen resultaat.
    Wit op zwart stond er de tekst Creating registry backup'
    Checking Startup.

    Fout: Systeem kan opgegeven registersleutel niet vinden.

    Checking Processen
    Checking Services
    Checking Files
    Checking folders
    Checking Registry

    Hierna bleef het streepje flikkeren en een afdruk was niet mogelijk.
    Bij het draaien hiervan was mijn Antivirus uitgeschakeld.

    Bij Stap 3 Malwarebytes MBAM vond ik de volgende log:

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.04.04.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    GLADyS bimmel :: ANGELDESK [administrator]

    Bescherming: Uitgeschakeld

    28-7-2013 18:40:18
    mbam-log-2013-07-28 (18-40-18).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 221685
    Verstreken tijd: 12 minuut/minuten, 6 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Hopende dat mijn antwoord in orde is.

    Bovendien ging het opstarten na een onderberbreking van de PC niet van een leien dakje.

    Groetend piet
  • Gaat het opstarten nog steeds een beetje vreemd?

    Ik mis het JRT-log.

    Maar we graven verder:

    [b:ebf42c8569]Welk programma[/b:ebf42c8569]: [img:ebf42c8569]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:ebf42c8569]
  • Hallo Abraham
    Alvorens ik de log van Combofix plaats enkele opmerkingen. Voor het laden hiervan heb ik de site Bleepingcomputer gebruikt.
    Tijden het scannen het maken van een herstelpunt vrij lang geduurd en omdat Systeemherstel niet bereikbaar was vreesde ik dat Combofix zou eindigen.
    Systeemherstel was iets wat namelijk niet meer mogelijk was.
    Bij een controle hierna bleek, dat dit hersteld was.
    Ook werden tijdens het sluiten van de PC 67 updates voor WindowsXP geïnstaleerd.
    Hoewel ik niet alle fouten heb gecontroleerd heb ik het idee dat er verbeteringen zijn.
    Alleen is Help en Ondersteuening nog niet bereikbaar.
    Moet ik ook noog een scan met JRT doen? Misschien lukt deze nu wel.

    NU PROBEER IK DE COMBO FIX LOG TE PLAATSEN.


    ComboFix 13-07-27.01 - GLADyS bimmel 29-07-2013 21:28:42.2.1 - x86
    Gestart vanuit: c:\documents and settings\GLADyS bimmel\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\GLADyS bimmel\WINDOWS
    c:\windows\IsUn0413.exe
    c:\windows\unin0413.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-29 ))))))))))))))))))))))))))))))
    .
    .
    2013-07-28 17:35 . 2013-07-28 17:35 ——– d—–w- c:\program files\Common Files\Java
    2013-07-28 17:34 . 2013-07-28 17:34 144896 —-a-w- c:\windows\system32\javacpl.cpl
    2013-07-28 17:34 . 2013-07-28 17:34 94632 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-07-28 16:30 . 2013-07-28 16:56 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2013-07-28 16:30 . 2013-04-04 12:50 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
    2013-07-28 16:20 . 2013-07-28 16:20 ——– d—–w- c:\windows\ERUNT
    2013-07-26 14:13 . 2013-07-26 14:15 ——– d—–w- C:\rsit
    2013-07-08 21:08 . 2013-07-26 14:15 ——– d—–w- c:\program files\Trend Micro
    2013-07-08 21:08 . 2013-07-08 21:08 388096 —-a-r- c:\documents and settings\GLADyS bimmel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-28 17:34 . 2013-02-12 16:59 867240 —-a-w- c:\windows\system32\npDeployJava1.dll
    2013-07-28 17:34 . 2010-06-15 08:27 789416 -c–a-w- c:\windows\system32\deployJava1.dll
    2013-06-19 05:05 . 2013-01-25 10:02 142496 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-06-12 18:48 . 2012-03-29 16:25 692104 -c–a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-12 18:48 . 2011-11-21 17:29 71048 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-12 18:48 . 2013-06-12 18:48 8610696 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-05-23 05:25 . 2013-06-13 19:32 934488 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\symefa.sys
    2013-05-21 05:02 . 2013-06-13 19:32 367704 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\symds.sys
    2013-05-16 05:02 . 2013-06-13 19:32 603224 —-a-w- c:\windows\system32\drivers\NIS\1404000.028\srtsp.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "PrnSys Executable"="c:\program files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [2002-08-01 36864]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-2-23 98304]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
    R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-05-31 1002072]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-25 106656]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSxpx86.sys [2013-01-24 373728]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:48]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://home.wanadoo.nl/pigla/vorigjaa.htm
    IE: E&xporteren naar Microsoft Excel
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 10.0.0.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-DeviceDiscovery - \HPOTDD01.EXE
  • Doe nu het volgende:

    [b:ad897f4983]Welk programma[/b:ad897f4983]: [img:ad897f4983]http://www.imgdumper.nl/uploads7/51e3a68dbbece/51e3a68db6cb8-SecurityCheck_icon_Canned_m1348768721.jpg[/img:ad897f4983]
  • Hier komt de uitslag van de Security check.

    Results of screen317's Security Check version 0.99.71
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    [b:3e182e3fd5][u:3e182e3fd5]``````````````Antivirus/Firewall Check:``````````````[/b:3e182e3fd5][/u:3e182e3fd5]
    Norton Internet Security
    McAfee Shredder
    [b:3e182e3fd5][u:3e182e3fd5]`````````Anti-malware/Other Utilities Check:`````````[/b:3e182e3fd5][/u:3e182e3fd5]
    Spybot - Search & Destroy
    CCleaner (remove only)
    TweakNow RegCleaner Standard
    TweakNow RegCleaner
    Java 7 Update 25
    [b:3e182e3fd5][u:3e182e3fd5]````````Process Check: objlist.exe by Laurent````````[/b:3e182e3fd5][/u:3e182e3fd5]
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    [b:3e182e3fd5][u:3e182e3fd5]`````````````````System Health check`````````````````[/b:3e182e3fd5][/u:3e182e3fd5]
    Total Fragmentation on Drive C::
    [b:3e182e3fd5][u:3e182e3fd5]````````````````````End of Log``````````````````````[/b:3e182e3fd5][/u:3e182e3fd5]
  • Dat ziet er op zich up-to-date uit.
    Ook het geven dat je Malwarebytes MBAM hebt, is prima.
    Gebruik je deze ondemandscanner elke week na updaten met de snelle scan?

    En dan Spybot: waardeloos, te geringe virusherkenning.
    En Spybot 2, de opvolger is wat dat betreft hetzelfde.

    Wil je een ondemandscanner die ook cookies analyseert, verwijder dan Spybot en installeer dan daarvoor SuperAntispyware.

    Deaktiveer vervolgens alle aktieve processen.
    Dat scheelt een aantal processen in Windows, daarna gebruik je het tool op dezelfde wijze als MBAM.
    Dus handmatig updaten en dan scannen.

    En doe ook het volgende:

    [b:4de3efae2d]Welk programma[/b:4de3efae2d]: [img:4de3efae2d]http://www.imgdumper.nl/uploads7/51ee66972cd38/51ee66972b5a8-RogueKiller_icon_Nieuw.jpg[/img:4de3efae2d]
  • Hallo Moderator
    Allereereerst antwoord op de vraag.
    Malewarebytes MBAM gebruik ik praktisch niet.
    Wel draai ik ongeveer eens per maand op de PC van mijn vrouw.
    Spybot S&D, CCleaner, Cleanup, DesktopManager en TweakNowRegCleanerStd.
    Van de laatste gebruik ikniet de laatste versie, omdat hier niet duidelijk is wat ik veilig kan verwijderen.
    Op uw advies zal ik Spybot op alle PC,s vervanvangen door SuperAntispyware.

    Voordat ik de RogueKiller plaats even een opmerking ipv CheckFaked stond er hier Verificeer Drivers.

    RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Gestart vanuit : Normale modus
    Gebruiker : GLADyS bimmel [Administrator rechten]
    Modus : Scan – Datum : 07/31/2013 16:19:52
    | ARK || FAK || MBR |

    &curren;&curren;&curren; Kwaadaardige processen : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Register verwijzingen : 6 &curren;&curren;&curren;
    [HJ POL] HKLM\[…]\System : DisableRegistryTools (0) -> gevonden
    [HJ SMENU] HKCU\[…]\Advanced : Start_ShowRecentDocs (0) -> gevonden
    [HJ SMENU] HKCU\[…]\Advanced : Start_ShowPrinters (0) -> gevonden
    [HJ DESK] HKCU\[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
    [HJ DESK] HKCU\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

    &curren;&curren;&curren; geplande taken : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Startup Entries : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; webbrowsers : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Speciale Files / Folders: &curren;&curren;&curren;
    [ZeroAccess][map] U : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> gevonden
    [ZeroAccess][map] U : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> gevonden
    [ZeroAccess][map] L : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> gevonden
    [ZeroAccess][map] L : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> gevonden

    &curren;&curren;&curren; Driver : [Geladen] &curren;&curren;&curren;
    [Address] SSDT[12] : NtAlertResumeThread @ 0x80630108 -> HOOKED (Unknown @ 0x89897CE0)
    [Address] SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x89897ED0)
    [Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8989A9F8)
    [Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A1387 -> HOOKED (Unknown @ 0x89898C20)
    [Address] SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x89788BE0)
    [Address] SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x89A73598)
    [Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E796 -> HOOKED (Unknown @ 0x89AABFC0)
    [Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x896A0708)
    [Address] SSDT[57] : NtDebugActiveProcess @ 0x8065C259 -> HOOKED (Unknown @ 0x89898D00)
    [Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0x896C8270)
    [Address] SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x89782A58)
    [Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x89A404A0)
    [Address] SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x89897C00)
    [Address] SSDT[97] : NtLoadDriver @ 0x805A29BD -> HOOKED (Unknown @ 0x8975B888)
    [Address] SSDT[108] : unknown @ 0x8057CB31 -> HOOKED (Unknown @ 0x897026F8)
    [Address] SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x89A734B8)
    [Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0x89866AC8)
    [Address] SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8989AAC8)
    [Address] SSDT[125] : NtOpenSection @ 0x8056E583 -> HOOKED (Unknown @ 0x89898EB0)
    [Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0x89868CB8)
    [Address] SSDT[137] : NtProtectVirtualMemory @ 0x80574F70 -> HOOKED (Unknown @ 0x89898788)
    [Address] SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x89897F90)
    [Address] SSDT[213] : NtSetContextThread @ 0x8062E937 -> HOOKED (Unknown @ 0x89891F48)
    [Address] SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x897321F0)
    [Address] SSDT[240] : NtSetSystemInformation @ 0x805A6AA9 -> HOOKED (Unknown @ 0x898989C0)
    [Address] SSDT[253] : NtSuspendProcess @ 0x8063004D -> HOOKED (Unknown @ 0x89898F90)
    [Address] SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x898969F0)
    [Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x897001E0)
    [Address] SSDT[258] : unknown @ 0x80578037 -> HOOKED (Unknown @ 0x89896AB0)
    [Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x897322E0)
    [Address] SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x89782B28)
    [Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89903170)
    [Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x899020B0)
    [Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x898F38C8)
    [Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89901DC8)
    [Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x899533F8)
    [Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A9A690)
    [Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A3D5E8)
    [Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A48550)
    [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8995E140)
    [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x899CA990)

    &curren;&curren;&curren; Externe Hives: &curren;&curren;&curren;

    &curren;&curren;&curren; Infectie : ZeroAccess &curren;&curren;&curren;

    &curren;&curren;&curren; HOSTS Bestand: &curren;&curren;&curren;
    –> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    &curren;&curren;&curren; MBR Controle: &curren;&curren;&curren;

    +++++ PhysicalDrive0: HDS728080PLAT20 +++++
    — User —
    [MBR] acba3ecea3b54ffccf0037334b92b75b
    [BSP] f435501b94b969da7f5b742dc8a22360 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    Gereed : << RKreport[0]_S_07312013_161952.txt >>
  • Ik had al een vermoeden dat Zero-Acces in het spel was.

    [img:dc098b3d83]http://www.imgdumper.nl/uploads7/51f8d0367469c/51f8d03670fd5-RogueKiller_icon_Canned_def.jpg[/img:dc098b3d83][b:dc098b3d83] RogueKiller opstarten[/b:dc098b3d83]:
    [list:dc098b3d83][*:dc098b3d83]Sluit nu eerst alle nog openstaande programmavensters!
    [*:dc098b3d83][b:dc098b3d83]
  • Hierbij de gevraagde log.
    Alleen heb ik de vier (ZeroAcces)….. mappen niet gezien.

    RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Gestart vanuit : Normale modus
    Gebruiker : GLADyS bimmel [Administrator rechten]
    Modus : Verwijder – Datum : 07/31/2013 18:36:02
    | ARK || FAK || MBR |

    &curren;&curren;&curren; Kwaadaardige processen : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Register verwijzingen : 6 &curren;&curren;&curren;
    [HJ POL] HKLM\[…]\System : DisableRegistryTools (0) -> Verwijderd
    [HJ SMENU] HKCU\[…]\Advanced : Start_ShowRecentDocs (0) -> VERVANGEN (1)
    [HJ SMENU] HKCU\[…]\Advanced : Start_ShowPrinters (0) -> VERVANGEN (1)
    [HJ DESK] HKCU\[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)
    [HJ DESK] HKCU\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)
    [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

    &curren;&curren;&curren; geplande taken : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Startup Entries : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; webbrowsers : 0 &curren;&curren;&curren;

    &curren;&curren;&curren; Speciale Files / Folders: &curren;&curren;&curren;
    [ZeroAccess][map] U : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> Verwijderd
    [ZeroAccess][map] U : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\U [-] –> Verwijderd
    [ZeroAccess][map] L : C:\WINDOWS\Installer\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> Verwijderd
    [ZeroAccess][map] L : C:\Documents and Settings\GLADyS bimmel\Local Settings\Application Data\{27e5659b-f113-0680-2dda-2411e9c12252}\L [-] –> Verwijderd

    &curren;&curren;&curren; Driver : [Geladen] &curren;&curren;&curren;
    [Address] SSDT[12] : NtAlertResumeThread @ 0x80630108 -> HOOKED (Unknown @ 0x896DAA20)
    [Address] SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x896DAB00)
    [Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x896FFA78)
    [Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A1387 -> HOOKED (Unknown @ 0x896A2B80)
    [Address] SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8975CD90)
    [Address] SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x896DA770)
    [Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E796 -> HOOKED (Unknown @ 0x896A29A0)
    [Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8987ECF0)
    [Address] SSDT[57] : NtDebugActiveProcess @ 0x8065C259 -> HOOKED (Unknown @ 0x896A2C60)
    [Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0x896FFC48)
    [Address] SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x896FF830)
    [Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x896DA860)
    [Address] SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x896DA940)
    [Address] SSDT[97] : NtLoadDriver @ 0x805A29BD -> HOOKED (Unknown @ 0x8976C7F0)
    [Address] SSDT[108] : unknown @ 0x8057CB31 -> HOOKED (Unknown @ 0x896D9508)
    [Address] SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x896DA690)
    [Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0x896FFE28)
    [Address] SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x896FFB68)
    [Address] SSDT[125] : NtOpenSection @ 0x8056E583 -> HOOKED (Unknown @ 0x896A2E88)
    [Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0x896FFD38)
    [Address] SSDT[137] : NtProtectVirtualMemory @ 0x80574F70 -> HOOKED (Unknown @ 0x896A2A90)
    [Address] SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x896DABE0)
    [Address] SSDT[213] : NtSetContextThread @ 0x8062E937 -> HOOKED (Unknown @ 0x896DAE80)
    [Address] SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x896DAF60)
    [Address] SSDT[240] : NtSetSystemInformation @ 0x805A6AA9 -> HOOKED (Unknown @ 0x896A2D40)
    [Address] SSDT[253] : NtSuspendProcess @ 0x8063004D -> HOOKED (Unknown @ 0x896A2F48)
    [Address] SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x896DACC0)
    [Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8987D460)
    [Address] SSDT[258] : unknown @ 0x80578037 -> HOOKED (Unknown @ 0x896DADA0)
    [Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x896FF6A8)
    [Address] SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x896FF920)
    [Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x898F8818)
    [Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x898F1DC8)
    [Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x898EE698)
    [Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x898F2C48)
    [Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8995F3B0)
    [Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A74978)
    [Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x898C28C8)
    [Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A720E8)
    [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8996D520)
    [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x899E7AA8)

    &curren;&curren;&curren; Externe Hives: &curren;&curren;&curren;

    &curren;&curren;&curren; Infectie : ZeroAccess &curren;&curren;&curren;

    &curren;&curren;&curren; HOSTS Bestand: &curren;&curren;&curren;
    –> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    &curren;&curren;&curren; MBR Controle: &curren;&curren;&curren;

    +++++ PhysicalDrive0: HDS728080PLAT20 +++++
    — User —
    [MBR] acba3ecea3b54ffccf0037334b92b75b
    [BSP] f435501b94b969da7f5b742dc8a22360 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
    User = LL1 … OK!
  • Download de [img:7ebc049cf2]http://www.imgdumper.nl/uploads7/51e7051a0eef1/51e7051a0eb2f-HitmanPro_iconCanned.jpg[/img:7ebc049cf2][b:7ebc049cf2][/b:7ebc049cf2] naar het bureaublad.
    [b:7ebc049cf2]Klik hier[/b:7ebc049cf2] voor een uitgebreide handleiding van HitmanPro.

    [list:7ebc049cf2]
    [*:7ebc049cf2] Houd de linker [b:7ebc049cf2]CTRL toets[/b:7ebc049cf2] ingedrukt en dubbelklik op "[b:7ebc049cf2]HitmanPro36.exe[/b:7ebc049cf2]" om de "[b:7ebc049cf2]Force Breach[/b:7ebc049cf2]" te starten en klik op "[b:7ebc049cf2]volgende[/b:7ebc049cf2]" als HitmanPro de processen heeft geblokkeerd.
    [*:7ebc049cf2] Vink de optie "[b:7ebc049cf2]Ik accepteer de voorwaarden van de gebruikersovereenkomst aan[/b:7ebc049cf2]" en klik op "[b:7ebc049cf2]Volgende[/b:7ebc049cf2]"
    [*:7ebc049cf2] Klik in het setup scherm nu nogmaals op "[b:7ebc049cf2]Volgende[/b:7ebc049cf2]", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
    [*:7ebc049cf2] Als de scan klaar is klik je op [b:7ebc049cf2]"volgende"[/b:7ebc049cf2]
    [*:7ebc049cf2] Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
    [*:7ebc049cf2] [i:7ebc049cf2]
  • Allereerst moet ik mijn compliment maken voor de zeer snelle reacties.
    Ik hoop het ook te kunnen volhouden, maar ben bang dat dit vrijdag en zaterdag niet lukt.

    Hier komt de HITMAN LOG.

    [code:1:34c220e377]
    HitmanPro 3.7.6.201
    www.hitmanpro.com

    Computer name . . . . : ANGELDESK
    Windows . . . . . . . : 5.1.3.2600.X86/1
    User name . . . . . . : ANGELDESK\GLADyS bimmel
    License . . . . . . . : Free

    Scan date . . . . . . : 2013-07-31 20:46:19
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 6m 5s
    Disk access mode . . : Direct disk access (SRB)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : No

    Threats . . . . . . . : 0
    Traces . . . . . . . : 137

    Objects scanned . . . : 609.358
    Files scanned . . . . : 19.321
    Remnants scanned . . : 110.955 files / 479.082 keys

    Cookies _____________________________________________________________________

    C:\Documents and Settings\GLADyS bimmel\Cookies\0MQC3DK8.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\139122IG.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\3BNBPGW7.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\5DQROSGK.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\5RB7L5PX.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\7B53OJVI.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\EC4TCFCD.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\J0F4RF4E.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\JMY1KXIR.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\M8UCA2JS.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\MP8H2OS5.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\O7TXXU25.txt
    C:\Documents and Settings\GLADyS bimmel\Cookies\WVT93BAR.txt


    [/code:1:34c220e377]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.