Mededeling

Collapse
No announcement yet.

Thunderbird (en méér) Gehackt?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Thunderbird (en méér) Gehackt?

    Gisteren (22/02) was ik ineens mijn e-mail account plus bijbehorende instellingen én adresboek kwijt. Bij het opstarten van Thunderbird trof ik een scherm met het logo van Gandi.Net waarin mij - in samenwerking met diverse providers - de suggestie werd gedaan om een nieuw account aan te maken dan wel gebruik te maken van een bestaand adres. Ik heb geprobeerd de hele handel te herstellen, maar zit intussen nog steeds 1. zonder mijn oorspronkelijke adressen en instellingen; 2. een extra Postvak In (cursief weergegeven) dat zich niet laat verwijderen, en 3. géén map Prullenbak waar mijn verwijderde bestanden in zouden moeten belanden.

    Ik wijs er nog op dat ik na het activeren van Thunderbird (zie boven) de met een onverwachte smiley versierde mededeling ontving dat mijn hard disk zou zijn beschadigd en zou moeten worden gerepareerd.

    Wat kan ik c.q. kan Nucia voor mij doen? Hieronder mijn recente log files ...

    - MalwareBytes

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 22-2-2015
    Scantijd: 17:44:13
    Logbestand:
    Beheerder: Ja

    Versie: 2.00.4.1028
    Malwaredatabase: v2015.02.22.04
    Rootkitdatabase: v2015.02.20.01
    Licentie: Premium
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 8.1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: WillemJMartin

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 343566
    Verstreken Tijd: 24 m, 22 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    -AdwCleaner

    # AdwCleaner v4.111 - Logfile created 23/02/2015 at 14:22:35
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : WillemJMartin - TAPIR
    # Running from : C:\Users\WillemJMartin\Downloads\adwcleaner_4.111.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : BackupStack

    ***** [ Files / Folders ] *****

    File Found : C:\Users\WillemJMartin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
    Folder Found : C:\Users\WillemJMartin\AppData\Local\DriverTuner

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\DriverTuner
    Key Found : HKCU\Software\DriverTuner_Init
    Key Found : [x64] HKCU\Software\DriverTuner
    Key Found : [x64] HKCU\Software\DriverTuner_Init
    Key Found : HKLM\SOFTWARE\Classes\driverscanner

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v35.0.1 (x86 nl)


    -\\ Pale Moon v25.2.1 (en-US)

    *************************

    AdwCleaner[R0].txt - [1068 bytes] - [23/02/2015 14:22:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1127 bytes] ##########

    - E-Peek
    E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
    E Dev
    Run at ma 23 feb 2015 14:36
    .
    Windows 8.1 (64 bits)
    C:\WINDOWS [NTFS - Fixed]
    Default Browser: Firefox 35.0.1 (x86 nl)
    Boot mode: Normal boot
    User logged in: WillemJMartin
    .
    Java x86: n/a
    Java x64: n/a
    .
    AV : Windows Defender [Updated - Not Running]
    AV : ZoneAlarm Internet Security Suite Antivirus [Updated - Running]
    AS : ZoneAlarm Internet Security Suite Anti-Spyware [Updated - Running]
    AS : Windows Defender [Updated - Not Running]
    FW : FW : ZoneAlarm Internet Security Suite Firewall [Updated - Running]

    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    23-02-2015 ##### r-h-s-d+a- C:\Users\WillemJMartin\AppData\Roaming\E Dev
    23-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
    23-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
    23-02-2015 ##### r-h-s-d+a- C:\AdwCleaner
    22-02-2015 ##### r-h+s+d+a- C:\found.002
    22-02-2015 ##### r-h+s+d+a- C:\found.001

    Files Modified Last 7 days :

    22-02-2015 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
    22-02-2015 00806500 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
    22-02-2015 00723316 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
    22-02-2015 00162500 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
    22-02-2015 00135930 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat

    Files Created Last 7 days :


    ==================== RUNNING PROCESSES =========================================

    [ActivateDesktop] -WillemJMartin- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe - ()
    [AdminService] -SYSTEM- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe - (Windows (R) Win 7 DDK provider)
    [AkSA] -WillemJMartin- C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe - (Check Point Software Technologies LTD)
    [AkSVC] -SYSTEM- C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe - (Check Point Software Technologies LTD)
    [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
    [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD)
    [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD)
    [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
    [BtvStack] -WillemJMartin- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe - (Qualcomm®Atheros®)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [DeliveryService] -SYSTEM- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe - (Dell Products, LP.)
    [DellOSDService] -SYSTEM- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe - ()
    [DellSystemDetect] -WillemJMartin- C:\Users\WillemJMartin\AppData\Local\Apps\2.0\C2CO1BTZ.ZR9\593Z4C5J.YB7\dell..tion_0f612f649c4a10af_ 0005.0004_3ddfe37344028d2c\DellSystemDetect.exe - (Dell)
    [DellUpService] -SYSTEM- C:\Program Files (x86)\Dell Update\DellUpService.exe - (Dell Inc.)
    [DellUpTray] -WillemJMartin- C:\Program Files (x86)\Dell Update\DellUpTray.exe - (Dell Inc.)
    [dllhost] -WillemJMartin- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation)
    [dwm] -DWM-2- C:\WINDOWS\System32\dwm.exe - (Microsoft Corporation)
    [E-Peek 1.9.9.0] -WillemJMartin- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
    [explorer] -WillemJMartin- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
    [firefox] -WillemJMartin- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
    [HeciServer] -SYSTEM- c:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
    [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
    [igfxCUIService] -SYSTEM- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation)
    [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
    [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
    [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
    [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
    [mbam] -WillemJMartin- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
    [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
    [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
    [MediaButtons] -SYSTEM- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe - (DELL INC.)
    [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation)
    [PresentationFontCache] -LOCAL SERVICE- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
    [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
    [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
    [RAVBg64] -WillemJMartin- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
    [RAVBg64] -WillemJMartin- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
    [RtkAudioService64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe - (Realtek Semiconductor)
    [RtkNGUI64] -WillemJMartin- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - (Realtek Semiconductor)
    [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation)
    [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
    [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
    [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
    [soffice.bin] -WillemJMartin- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin - (Apache Software Foundation)
    [soffice] -WillemJMartin- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe - (Apache Software Foundation)
    [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
    [swriter] -WillemJMartin- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe - (Apache Software Foundation)
    [System] -N/A- - (System)
    [TabTip] -WillemJMartin- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - (Microsoft Corporation)
    [TabTip32] -WillemJMartin- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe - (Microsoft Corporation)
    [taskhostex] -WillemJMartin- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
    [uaclauncher] -WillemJMartin- C:\Program Files\My Dell\uaclauncher.exe - (PC-Doctor, Inc.)
    [vsmon] -SYSTEM- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe - (Check Point Software Technologies Ltd.)
    [VSSVC] -SYSTEM- C:\WINDOWS\system32\vssvc.exe - (Microsoft Corporation)
    [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation)
    [winlogon] -SYSTEM- C:\WINDOWS\System32\WinLogon.exe - (Microsoft Corporation)
    [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
    [WmiPrvSE] -SYSTEM- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
    [ZAPrivacyService] -SYSTEM- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe - (Check Point Software Technologies, Ltd.)
    [zatray] -WillemJMartin- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe - (Check Point Software Technologies Ltd.)

    ==================== IE PAGES ==================================================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\SysWOW64\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {B29E07C4-6E62-4E54-8933-6DA701BC360D}

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B29E07C4-6E62-4E54-8933-6DA701BC360D}
    DisplayName = Bing
    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB

    ==================== IE PAGES x64 ==============================================

    HKLM\Software\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\System32\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {B29E07C4-6E62-4E54-8933-6DA701BC360D}

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B29E07C4-6E62-4E54-8933-6DA701BC360D}
    DisplayName = Bing
    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB

    ==================== Auto Load =================================================

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = userinit.exe
    Shell = explorer.exe

    ==================== Auto Load x64 =============================================

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\Windows\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Firefox ===================================================

    FF - ProfilePath - C:\Users\WillemJMartin\AppData\Roaming\Mozilla\firefox\Profiles\ae4dkwg9.default-1412762062147
    FF - Ext: [Adblock Plus 2.6.7 ] - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} visible: True active: True
    FF - Ext: [Default 35.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

    FF - PlugIn: [Adobe® Flash® Player 16.0.0.305 Plugin] - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
    FF - PlugIn: [McAfee Total Protection] - C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
    FF - PlugIn: [Ag Player] - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

    FF - prefs.js: user_pref("browser.startup.homepage", "hxxps://www.google.nl/");

    ==================== Windows Host File =========================================


    ==================== Auto Start Programs =======================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    CLMLServer_For_P2G8 = "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
    CLVirtualDrive = "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    ZoneAlarm = C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    DellSystemDetect = C:\Users\WillemJMartin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

    ==================== Auto Start Programs x64 ===================================

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    CanonSolutionMenu = C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
    IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    ISW = "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon="hidden"
    RtHDVBg = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
    RtHDVBg_PushButton = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
    RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
    CanonMyPrinter = 3
    CanonSolutionMenu = 3
    HotKeysCmds = 6
    IAStorIcon = 3
    IgfxTray = 6
    ISW = 2
    Persistence = 6
    RtHDVBg = 6
    RtHDVBg_PushButton = 6
    RTHDVCPL = 6
    Adobe ARM = 3
    CanonSolutionMenu = 3
    CLMLServer_For_P2G8 = 3
    CLVirtualDrive = 3
    RemoteControl10 = 3
    StartCCC = 3
    ZoneAlarm = 2

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    DellSystemDetect = C:\Users\WillemJMartin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

    ==================== Extra Items IE ============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Extra Items IE x64 ========================================

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Internet Default Prefix ===================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Internet Default Prefix x64 ===============================

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Protocol Hijackers ========================================

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
    CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
    => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [90ee8dfae644f46bc917a712953e7423]



    ==================== ShellServiceObjectDelayLoad ===============================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== ShellServiceObjectDelayLoad x64 =========================

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== Extra (Torpig/ConduitSearch) ==============================

    HKCR\Directory\shellex\CopyHookHandlers\Ath_CopyHook @ Default = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
    => HKCR\CLSID\{8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}\InProcServer32 @ Default = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll

    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
    SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\dell wireless\bluetooth suite\adminservice.exe
    SERV - R2 - [Dell WMI Service] - Dell WMI Service - c:\program files (x86)\dell\dellosd\dellosdservice.exe
    SERV - R2 - [DellDigitalDelivery] - Dell Digital Delivery Service - c:\program files (x86)\dell digital delivery\deliveryservice.exe
    SERV - R2 - [DellUpdate] - Dell Update Service - c:\program files (x86)\dell update\dellupservice.exe
    SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
    SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
    SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
    SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
    SERV - R2 - [IswSvc] - ZoneAlarm AntiKeylogger IswSvc - c:\program files (x86)\checkpoint\akl\aksvc.exe
    SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
    SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
    SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
    SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
    SERV - R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
    SERV - R2 - [vsmon] - TrueVector Internet Monitor - c:\program files (x86)\checkpoint\zonealarm\vsmon.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R2 - [ZAPrivacyService] - ZoneAlarm Privacy Service - c:\program files (x86)\checkpoint\zonealarm\zaprivacyservice.exe
    SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - S2 - [BackupStack] - BackupStack - C:\WINDOWS\system32\sysWOW64\Drivers\BackupStack.sys [x]
    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
    SERV - S3 - [iumsvc] - Intel(R) Update Manager - c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe
    SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
    SERV - S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    SERV - S4 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
    SERV - S4 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe
    SERV - S4 - [SftService] - SoftThinks Agent Service - c:\program files (x86)\dell backup and recovery\sftservice.exe

    *** Win32ShareProcess ***

    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
    DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
    DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
    DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
    DRV - R0 - [KL1] - KL1 - C:\WINDOWS\system32\Drivers\KL1.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
    DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
    DRV - S0 - [klelam] - klelam - C:\WINDOWS\system32\Drivers\klelam.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    WOW x64 - All Ok

    ==================== SvcHost x64 - White Listed ================================

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]



    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks at C:\WINDOWS\Tasks =============================

    C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 940 bytes [ 9-12-2013 00:17:22 ]

    C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


    ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

    C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 3828 bytes [ 9-12-2013 00:17:22 ]
    => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2788 bytes [ 3-11-2014 08:07:52 ]
    => "C:\Program Files\CCleaner\CCleaner.exe"

    C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask 3560 bytes [ 8-12-2013 17:30:48 ]
    => C:\Windows\BrowserChoice\browserchoice.exe

    C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 3718 bytes [ 25-9-2014 12:55:44 ]
    => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

    C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 3476 bytes [ 25-9-2014 12:55:45 ]
    => "c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3830158060-1946818181-1625569630-1001 3600 bytes [ 8-12-2013 15:50:31 ]

    C:\WINDOWS\system32\Tasks\PCDEventLauncherTask 3440 bytes [ 8-12-2013 15:18:06 ]
    => "C:\Program Files\My Dell\sessionchecker.exe"

    C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask 3996 bytes [ 8-12-2013 15:18:06 ]
    => "C:\Program Files\My Dell\uaclauncher.exe"

    C:\WINDOWS\system32\Tasks\SystemToolsDailyTest 3206 bytes [ 8-12-2013 15:18:05 ]
    => "uaclauncher.exe"

    C:\WINDOWS\system32\Tasks\{AD14BBBC-1C47-49FC-8BE6-6827E889422C} 3042 bytes [ 12-2-2014 17:23:51 ]
    => C:\WINDOWS\system32\pcalua.exe


    ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

    There are no .job files found.

    ==================== End scanning at ma 23 feb 2015 14:37 (0 Min 37 Sec ) ======

  • #2
    Ik kan niets verdachts in je logs vinden.

    Download of Update Ccleaner

    Start CCleaner op.
    • Run Ccleaner en klik in de linkse kolom op Opties
    • Selecteer het tabblad Geavanceerd
    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
    • Selecteer het tabblad Instellingen
    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
    • Klik in de linkse kolom op Cleaner.
    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
    • Klik vervolgens in de linkse kolom op Register
    • Klik op Scan naar problemen.
    • Op de vraag of je een backup wil maken van het register, klik je "Ja".
    • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

    .

    Zijn er nog problemen?
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Dank voor je snelle reactie. CCleaner had ik al op deze kwestie losgelaten, maar ook dat leverde niets op. De problemen bestaan dus nog steeds ...

      Comment


      • #4
        Vermits er geen malware te bespeuren valt, maak je het best een topic aan in de Windows sectie.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          OK dan zal ik dat eens proberen. Intussen dank voor je moeite!

          Comment


          • #6
            Graag gedaan

            1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

            2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

            Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

            3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

            4) Allerlei tips en hints kan je hier raadplegen.


            Ik zet het topic op opgelost.

            Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
            naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
            Dit is gedaan om het forum netjes en overzichtelijk te houden.

            Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



            Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

            Emphyrio
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X