Hoi Ben,
nu zie ik iets raars :
Als ik op Deze Computer klik in de verkenner en dan Lokaal station C:, dan zie ik gewoon de boomstruktuur met Program Files e.d. , tevens staat hier dan Combofix (als map) als ik deze dan aanklik, krijg ik weer een gehele boomstruktuur met Lokaal Station C: en D: ???
Het lijkt of er zich een map Combofix tussen heeft geworsteld en alle stations gekopieerd heeft.
Ik kan geen combofix.txt vinden….
Gr.
Hoi Geert,
Download OTC exe hier, om combo weer helemaal te verwijderen.
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Lukt dat niet , dan dubbelklikken op het icoon.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
We gaan het anders proberen:
Download de Emsisoft Emergency Kit hier naar het bureaublad en pak het ZIP bestand uit.
Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe".
Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door op ja te klikken .
Als de update gereed is en de melding "Update process is succesvol afgerond“ verschijnt klikt u op ”menu“ en dan op ”Scan PC".
Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen (wel tot 5 uur) dus wacht dit geduldig af, of ga lekker vissen.
Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
Opmerking:
Als u deze melding ziet:
C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde“ u zal nu de volgende melding krijgen maar klik hier op ”Ja".
Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
Plaats de inhoud van dit logje straks in het volgende bericht samen met een nieuw HijackThis logje.
Succes,
Huib;)
Herstart nu de computer.
Zo eindelijk klaar met vissen (
)
Hierbij de gevraagde logjes :
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 13-4-2012 18:13:00
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 13-4-2012 18:14:50
Value: HKEY_CLASSES_ROOT\.kla\ShellNew –> NullFile Ontdekt: Trace.Registry.SC-KeyLog PRO!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.kla\ShellNew –> NullFile Ontdekt: Trace.Registry.SC-KeyLog PRO!A2
Key: HKEY_CLASSES_ROOT\.kla Ontdekt: Trace.Registry.Sc-KeylogPro!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304323219549000 Ontdekt: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304324849924000 Ontdekt: Trace.TrackingCookie.reuters.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733243665 Ontdekt: Trace.TrackingCookie.d1.openx.org!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733270320 Ontdekt: Trace.TrackingCookie.ads.monster.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733317055 Ontdekt: Trace.TrackingCookie.www.telechargement!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733317056 Ontdekt: Trace.TrackingCookie.www.telechargement!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733333250 Ontdekt: Trace.TrackingCookie.ads.as4x.tmcs.ticketmaster.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733337125 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733337128 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733337132 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733359590 Ontdekt: Trace.TrackingCookie.ads.cnn.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733376728 Ontdekt: Trace.TrackingCookie.www.netpoll.nl!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733395608 Ontdekt: Trace.TrackingCookie.cookie.monster.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733396663 Ontdekt: Trace.TrackingCookie.www.ndparking.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451330 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451331 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451334 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451340 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451342 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451363 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451472 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733451473 Ontdekt: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733459784 Ontdekt: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733488780 Ontdekt: Trace.TrackingCookie.d1.openx.org!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733528307 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550312 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550405 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550576 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550642 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550643 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550806 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550807 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733550819 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733551051 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733552800 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733552841 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553103 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553105 Ontdekt: Trace.TrackingCookie.de.sitestat.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553144 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553336 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553385 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733553386 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733555477 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733555692 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Geert\Application Data\Mozilla\Firefox\Profiles\vdnd6c1n.default\cookies.sqlite:1304786733555693 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
Gescand
Bestanden: 162382
Sporen: 590262
Cookies: 3006
Processen: 47
Gevonden
Bestanden: 0
Sporen: 3
Cookies: 47
Processen: 0
Registersleutels: 0
Scan Geëindigd: 13-4-2012 20:48:08
Scantijd: 2:33:18
En de hijack log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:13:38, on 13-4-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\DOCUME~1\Geert\LOCALS~1\Temp\Rar$EX00.500\start.exe
C:\DOCUME~1\Geert\LOCALS~1\Temp\Rar$EX00.500\Run\a2emergencykit.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geert\Local Settings\Temporary Internet Files\Content.IE5\2DNWZ019\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocaching.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updateservice (gupdate1ca27bd76236014) (gupdate1ca27bd76236014) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
–
End of file - 10177 bytes
Ik ga weer ff een hengeltje uitgooien !
Gr.
Geert
Hoi Geert,
Zeker een klein hengeltje nu(
Maar er is al een mooie opruiming geweest.
Zou je alsnog eens combofix willen proberen, wellicht dat na deze opruiming het wel goed gaat.
Schakel eerst even jou scanner uit, dit doe je rechts onderin jou taakbalk.
Download combofix hier en plaats het op jou bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
De scan werkt met een cijferreeks en gaat tot 51, dan heb je een idee hoever de scan ongeveer is.
Ook het log aanmaken kan de nodige minuten in beslag nemen.
Start je computer niet uit zichzelf op, dan handmatig opnieuw opstarten.
Plaats het combofix logje samen met een nieuw HijackThis logje in jou volgende post.
Vertel ook even hoe het nu al met de traagheid is.
Succes,
Huib;)
Hallo,
Combofix gedraaid, na opstarten wederom een ernstige foutmelding van Microsoft Windows :
Het systeem is hersteld van een ernstige fout.
C:\DOCUME~1\Geert\LOCALS~1\Temp\WER3be3.dir00\Mini041412-01.dmp
C:\DOCUME~1\Geert\LOCALS~1\Temp\WER3be3.dir00\sysdata.xml
Dus weer geen log van de Combifix……
Gr.
Geert
Hoi,
Download TDSSKiller hier en sla het op je Bureaublad op.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op je Bureaublad op.
Start TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
Klik op de knop "Start Scan" en volg de instructies.
Als er "Threats" gevonden worden volgt er automatisch een vervolgscherm na de scan.
Bij een "Fail signature" melding hoef je geen actie te ondernemen.( Gebruik Skip.)
Standaard wordt bij een “Suspicious object” Skip ingevuld. Laat deze actie zo staan.
Eventueel zeggen we later wat je hiermee moet doen.
Bij een "Malicious object" wordt er automatisch de actie Cure of Delete ingevuld.
Kies hierbij altijd voor Cure.
Wanneer dit niet mogelijk is, selecteer dan Skip.
Alleen bij een "TDSS File System" kies je voor Delete als Cure niet mogelijk is.
Als je niet weet wat in te vullen, gebruik dan Skip en wacht even op wat we adviseren, voordat je iets Delete.
Klik nu op Continue om verder te gaan.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand.
Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.___log.txt
Heeft TDSS killer besmettingen gevonden en verwijderd, dan is het zeer verstandig om naar het antivirus prikbord te gaan en daar de stappen uit te voeren.
Plaats daar ook het verkregen TDSSlogje.
Succes,
Huib;)
De TDDSkiller log :
12:49:14.0609 3444 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:49:14.0687 3444 ============================================================
12:49:14.0687 3444 Current date / time: 2012/04/14 12:49:14.0687
12:49:14.0687 3444 SystemInfo:
12:49:14.0687 3444
12:49:14.0687 3444 OS Version: 5.1.2600 ServicePack: 3.0
12:49:14.0687 3444 Product type: Workstation
12:49:14.0687 3444 ComputerName: LAPTOPGEERT
12:49:14.0687 3444 UserName: Geert
12:49:14.0687 3444 Windows directory: C:\WINDOWS
12:49:14.0687 3444 System windows directory: C:\WINDOWS
12:49:14.0687 3444 Processor architecture: Intel x86
12:49:14.0687 3444 Number of processors: 2
12:49:14.0687 3444 Page size: 0x1000
12:49:14.0687 3444 Boot type: Normal boot
12:49:14.0687 3444 ============================================================
12:49:17.0484 3444 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000054
12:49:17.0765 3444 \Device\Harddisk0\DR0:
12:49:17.0765 3444 MBR used
12:49:17.0765 3444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x3C168F0
12:49:17.0765 3444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4819800, BlocksNum 0xE1FF800
12:49:17.0828 3444 Initialize success
12:49:17.0828 3444 ============================================================
12:49:56.0281 1836 ============================================================
12:49:56.0281 1836 Scan started
12:49:56.0281 1836 Mode: Manual; SigCheck; TDLFS;
12:49:56.0281 1836 ============================================================
12:49:56.0531 1836 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:50:02.0015 1836 !SASCORE - ok
12:50:02.0125 1836 Abiosdsk - ok
12:50:02.0125 1836 abp480n5 - ok
12:50:02.0203 1836 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:50:02.0921 1836 ACPI - ok
12:50:03.0000 1836 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:50:03.0218 1836 ACPIEC - ok
12:50:03.0281 1836 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:03.0593 1836 AdobeFlashPlayerUpdateSvc - ok
12:50:03.0593 1836 adpu160m - ok
12:50:03.0656 1836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:50:03.0968 1836 aec - ok
12:50:04.0015 1836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:50:04.0156 1836 AFD - ok
12:50:04.0171 1836 Aha154x - ok
12:50:04.0187 1836 aic78u2 - ok
12:50:04.0187 1836 aic78xx - ok
12:50:04.0234 1836 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
12:50:04.0500 1836 Alerter - ok
12:50:04.0531 1836 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
12:50:04.0734 1836 ALG - ok
12:50:04.0750 1836 AliIde - ok
12:50:04.0765 1836 amsint - ok
12:50:04.0781 1836 AppMgmt - ok
12:50:04.0828 1836 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
12:50:05.0078 1836 AR5416 - ok
12:50:05.0093 1836 asc - ok
12:50:05.0125 1836 asc3350p - ok
12:50:05.0140 1836 asc3550 - ok
12:50:05.0250 1836 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:50:05.0375 1836 aspnet_state - ok
12:50:05.0421 1836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:50:05.0656 1836 AsyncMac - ok
12:50:05.0687 1836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:50:06.0234 1836 atapi - ok
12:50:06.0250 1836 Atdisk - ok
12:50:06.0296 1836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:50:06.0593 1836 Atmarpc - ok
12:50:06.0640 1836 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
12:50:06.0921 1836 AudioSrv - ok
12:50:06.0968 1836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:50:07.0171 1836 audstub - ok
12:50:07.0218 1836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:50:07.0468 1836 Beep - ok
12:50:07.0515 1836 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
12:50:07.0890 1836 BITS - ok
12:50:07.0937 1836 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
12:50:08.0234 1836 Browser - ok
12:50:08.0296 1836 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
12:50:08.0750 1836 btaudio - ok
12:50:08.0796 1836 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
12:50:08.0890 1836 BTDriver - ok
12:50:08.0953 1836 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:50:09.0093 1836 BTKRNL - ok
12:50:09.0203 1836 btwdins (80349cb09ddc2f99e16d0f8919e2dca3) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:50:09.0421 1836 btwdins - ok
12:50:09.0453 1836 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:50:09.0562 1836 BTWDNDIS - ok
12:50:09.0593 1836 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:50:09.0687 1836 btwmodem - ok
12:50:09.0703 1836 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
12:50:09.0781 1836 BTWUSB - ok
12:50:09.0828 1836 catchme - ok
12:50:09.0843 1836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:50:10.0109 1836 cbidf2k - ok
12:50:10.0140 1836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:50:10.0375 1836 CCDECODE - ok
12:50:10.0390 1836 cd20xrnt - ok
12:50:10.0437 1836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:50:10.0718 1836 Cdaudio - ok
12:50:10.0750 1836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:50:11.0078 1836 Cdfs - ok
12:50:11.0093 1836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:50:11.0390 1836 Cdrom - ok
12:50:11.0406 1836 Changer - ok
12:50:11.0437 1836 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
12:50:11.0718 1836 CiSvc - ok
12:50:11.0734 1836 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
12:50:12.0046 1836 ClipSrv - ok
12:50:12.0140 1836 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:12.0312 1836 clr_optimization_v2.0.50727_32 - ok
12:50:12.0375 1836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:12.0484 1836 clr_optimization_v4.0.30319_32 - ok
12:50:12.0531 1836 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:50:12.0781 1836 CmBatt - ok
12:50:12.0796 1836 CmdIde - ok
12:50:12.0828 1836 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:50:13.0078 1836 Compbatt - ok
12:50:13.0109 1836 COMSysApp - ok
12:50:13.0125 1836 Cpqarray - ok
12:50:13.0171 1836 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
12:50:13.0453 1836 CryptSvc - ok
12:50:13.0468 1836 dac2w2k - ok
12:50:13.0484 1836 dac960nt - ok
12:50:13.0531 1836 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
12:50:13.0687 1836 DcomLaunch - ok
12:50:13.0734 1836 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
12:50:14.0031 1836 Dhcp - ok
12:50:14.0046 1836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:50:14.0343 1836 Disk - ok
12:50:14.0343 1836 dmadmin - ok
12:50:14.0406 1836 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
12:50:14.0734 1836 dmboot - ok
12:50:14.0765 1836 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
12:50:15.0046 1836 dmio - ok
12:50:15.0078 1836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:50:15.0328 1836 dmload - ok
12:50:15.0343 1836 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
12:50:15.0609 1836 dmserver - ok
12:50:15.0656 1836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:50:15.0921 1836 DMusic - ok
12:50:15.0968 1836 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
12:50:16.0109 1836 Dnscache - ok
12:50:16.0156 1836 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
12:50:16.0234 1836 DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
12:50:16.0234 1836 DNSeFilter - detected UnsignedFile.Multi.Generic (1)
12:50:16.0281 1836 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
12:50:16.0328 1836 DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
12:50:16.0328 1836 DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
12:50:16.0375 1836 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
12:50:16.0734 1836 Dot3svc - ok
12:50:16.0750 1836 dpti2o - ok
12:50:16.0796 1836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:50:17.0046 1836 drmkaud - ok
12:50:17.0093 1836 e.dentifier2 (30e8affed744ec4c79b4961f5fe10134) C:\WINDOWS\system32\DRIVERS\aabed2.sys
12:50:17.0234 1836 e.dentifier2 - ok
12:50:17.0265 1836 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
12:50:17.0562 1836 EapHost - ok
12:50:17.0593 1836 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
12:50:17.0859 1836 ERSvc - ok
12:50:17.0906 1836 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
12:50:18.0046 1836 Eventlog - ok
12:50:18.0078 1836 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
12:50:18.0234 1836 EventSystem - ok
12:50:18.0265 1836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:50:18.0531 1836 Fastfat - ok
12:50:18.0578 1836 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
12:50:18.0703 1836 FastUserSwitchingCompatibility - ok
12:50:18.0734 1836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:50:19.0000 1836 Fdc - ok
12:50:19.0031 1836 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
12:50:19.0312 1836 Fips - ok
12:50:19.0328 1836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:50:19.0578 1836 Flpydisk - ok
12:50:19.0640 1836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:50:19.0890 1836 FltMgr - ok
12:50:19.0968 1836 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:20.0031 1836 FontCache3.0.0.0 - ok
12:50:20.0078 1836 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
12:50:20.0203 1836 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:50:20.0203 1836 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:50:20.0234 1836 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\WINDOWS\system32\FsUsbExService.Exe
12:50:20.0453 1836 FsUsbExService - ok
12:50:20.0453 1836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:50:20.0687 1836 Fs_Rec - ok
12:50:20.0718 1836 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:50:20.0984 1836 Ftdisk - ok
12:50:21.0015 1836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:50:21.0265 1836 Gpc - ok
12:50:21.0296 1836 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
12:50:21.0375 1836 grmnusb - ok
12:50:21.0453 1836 gupdate1ca27bd76236014 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:50:21.0609 1836 gupdate1ca27bd76236014 - ok
12:50:21.0625 1836 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:50:21.0781 1836 gupdatem - ok
12:50:21.0812 1836 gusvc (a420ee812d88aef8c03e11edd4b353dd) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:50:22.0046 1836 gusvc - ok
12:50:22.0093 1836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:50:22.0421 1836 HDAudBus - ok
12:50:22.0468 1836 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:50:22.0734 1836 helpsvc - ok
12:50:22.0734 1836 HidServ - ok
12:50:22.0781 1836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:50:23.0031 1836 HidUsb - ok
12:50:23.0062 1836 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
12:50:23.0375 1836 hkmsvc - ok
12:50:23.0390 1836 hpn - ok
12:50:23.0437 1836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:50:23.0546 1836 HTTP - ok
12:50:23.0593 1836 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
12:50:23.0890 1836 HTTPFilter - ok
12:50:23.0890 1836 i2omgmt - ok
12:50:23.0906 1836 i2omp - ok
12:50:23.0953 1836 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:50:24.0265 1836 i8042prt - ok
12:50:24.0468 1836 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:50:24.0953 1836 ialm - ok
12:50:25.0078 1836 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:25.0421 1836 idsvc - ok
12:50:25.0500 1836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:50:25.0796 1836 Imapi - ok
12:50:25.0843 1836 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
12:50:26.0187 1836 ImapiService - ok
12:50:26.0218 1836 ini910u - ok
12:50:26.0375 1836 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:50:26.0843 1836 IntcAzAudAddService - ok
12:50:26.0906 1836 IntelIde - ok
12:50:26.0953 1836 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:50:27.0281 1836 intelppm - ok
12:50:27.0312 1836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:50:27.0578 1836 Ip6Fw - ok
12:50:27.0593 1836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:50:27.0843 1836 IpFilterDriver - ok
12:50:27.0859 1836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:50:28.0125 1836 IpInIp - ok
12:50:28.0140 1836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:50:28.0390 1836 IpNat - ok
12:50:28.0421 1836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:50:28.0750 1836 IPSec - ok
12:50:28.0796 1836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:50:28.0921 1836 IRENUM - ok
12:50:28.0953 1836 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:50:29.0203 1836 isapnp - ok
12:50:29.0250 1836 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:50:29.0515 1836 Kbdclass - ok
12:50:29.0562 1836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:50:29.0765 1836 kmixer - ok
12:50:29.0796 1836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:50:29.0937 1836 KSecDD - ok
12:50:29.0984 1836 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
12:50:30.0093 1836 LanmanServer - ok
12:50:30.0140 1836 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
12:50:30.0265 1836 lanmanworkstation - ok
12:50:30.0281 1836 lbrtfdc - ok
12:50:30.0312 1836 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
12:50:30.0609 1836 LmHosts - ok
12:50:30.0656 1836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:50:30.0734 1836 MBAMProtector - ok
12:50:30.0859 1836 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:50:31.0109 1836 MBAMService - ok
12:50:31.0156 1836 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
12:50:31.0453 1836 Messenger - ok
12:50:31.0531 1836 Microsoft SharePoint Workspace Audit Service - ok
12:50:31.0609 1836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:50:31.0828 1836 mnmdd - ok
12:50:31.0875 1836 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
12:50:32.0187 1836 mnmsrvc - ok
12:50:32.0234 1836 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
12:50:32.0531 1836 Modem - ok
12:50:32.0546 1836 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:50:32.0781 1836 Mouclass - ok
12:50:32.0828 1836 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:50:33.0046 1836 mouhid - ok
12:50:33.0078 1836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:50:33.0328 1836 MountMgr - ok
12:50:33.0359 1836 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:50:33.0453 1836 MpFilter - ok
12:50:33.0515 1836 MpKslc2d6bf42 - ok
12:50:33.0531 1836 mraid35x - ok
12:50:33.0562 1836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:50:33.0812 1836 MRxDAV - ok
12:50:33.0859 1836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:50:34.0031 1836 MRxSmb - ok
12:50:34.0093 1836 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
12:50:34.0453 1836 MSDTC - ok
12:50:34.0500 1836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:50:34.0796 1836 Msfs - ok
12:50:34.0796 1836 MSIServer - ok
12:50:34.0843 1836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:50:35.0062 1836 MSKSSRV - ok
12:50:35.0171 1836 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:50:35.0250 1836 MsMpSvc - ok
12:50:35.0296 1836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:50:35.0515 1836 MSPCLOCK - ok
12:50:35.0531 1836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:50:35.0765 1836 MSPQM - ok
12:50:35.0812 1836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:50:36.0046 1836 mssmbios - ok
12:50:36.0078 1836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:50:36.0296 1836 MSTEE - ok
12:50:36.0343 1836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:50:36.0453 1836 Mup - ok
12:50:36.0468 1836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:50:36.0718 1836 NABTSFEC - ok
12:50:36.0765 1836 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
12:50:37.0078 1836 napagent - ok
12:50:37.0125 1836 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
12:50:37.0234 1836 NDIS - ok
12:50:37.0265 1836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:50:37.0500 1836 NdisIP - ok
12:50:37.0546 1836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:50:37.0640 1836 NdisTapi - ok
12:50:37.0671 1836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:50:37.0921 1836 Ndisuio - ok
12:50:37.0937 1836 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:50:38.0078 1836 NdisWan - ok
12:50:38.0125 1836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:50:38.0218 1836 NDProxy - ok
12:50:38.0250 1836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:50:38.0500 1836 NetBIOS - ok
12:50:38.0531 1836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:50:38.0812 1836 NetBT - ok
12:50:38.0859 1836 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
12:50:39.0250 1836 NetDDE - ok
12:50:39.0265 1836 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
12:50:39.0625 1836 NetDDEdsdm - ok
12:50:39.0671 1836 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
12:50:39.0921 1836 Netlogon - ok
12:50:39.0968 1836 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
12:50:40.0250 1836 Netman - ok
12:50:40.0343 1836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:50:40.0421 1836 NetTcpPortSharing - ok
12:50:40.0468 1836 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
12:50:40.0578 1836 Nla - ok
12:50:40.0625 1836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:50:40.0875 1836 Npfs - ok
12:50:40.0921 1836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:50:41.0171 1836 Ntfs - ok
12:50:41.0218 1836 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
12:50:41.0437 1836 NtLmSsp - ok
12:50:41.0468 1836 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
12:50:41.0750 1836 NtmsSvc - ok
12:50:41.0781 1836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:50:42.0000 1836 Null - ok
12:50:42.0015 1836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:50:42.0250 1836 NwlnkFlt - ok
12:50:42.0250 1836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:50:42.0500 1836 NwlnkFwd - ok
12:50:42.0625 1836 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:42.0796 1836 ose - ok
12:50:43.0000 1836 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:50:43.0890 1836 osppsvc - ok
12:50:43.0984 1836 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
12:50:44.0281 1836 Parport - ok
12:50:44.0328 1836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:50:44.0578 1836 PartMgr - ok
12:50:44.0640 1836 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
12:50:44.0875 1836 ParVdm - ok
12:50:44.0921 1836 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
12:50:45.0234 1836 PCI - ok
12:50:45.0234 1836 PCIDump - ok
12:50:45.0250 1836 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:50:45.0453 1836 PCIIde - ok
12:50:45.0484 1836 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:50:45.0734 1836 Pcmcia - ok
12:50:45.0750 1836 PDCOMP - ok
12:50:45.0765 1836 PDFRAME - ok
12:50:45.0781 1836 PDRELI - ok
12:50:45.0796 1836 PDRFRAME - ok
12:50:45.0812 1836 perc2 - ok
12:50:45.0828 1836 perc2hib - ok
12:50:45.0890 1836 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
12:50:46.0015 1836 PlugPlay - ok
12:50:46.0031 1836 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
12:50:46.0265 1836 PolicyAgent - ok
12:50:46.0296 1836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:50:46.0546 1836 PptpMiniport - ok
12:50:46.0562 1836 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
12:50:46.0781 1836 ProtectedStorage - ok
12:50:46.0796 1836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:50:47.0062 1836 PSched - ok
12:50:47.0078 1836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:50:47.0312 1836 Ptilink - ok
12:50:47.0328 1836 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:50:47.0406 1836 PxHelp20 - ok
12:50:47.0421 1836 ql1080 - ok
12:50:47.0437 1836 Ql10wnt - ok
12:50:47.0453 1836 ql12160 - ok
12:50:47.0468 1836 ql1240 - ok
12:50:47.0484 1836 ql1280 - ok
12:50:47.0515 1836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:50:47.0718 1836 RasAcd - ok
12:50:47.0750 1836 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
12:50:48.0046 1836 RasAuto - ok
12:50:48.0062 1836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:50:48.0312 1836 Rasl2tp - ok
12:50:48.0343 1836 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
12:50:48.0609 1836 RasMan - ok
12:50:48.0640 1836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:50:48.0890 1836 RasPppoe - ok
12:50:48.0921 1836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:50:49.0171 1836 Raspti - ok
12:50:49.0218 1836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:50:49.0500 1836 Rdbss - ok
12:50:49.0531 1836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:50:49.0750 1836 RDPCDD - ok
12:50:49.0812 1836 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:50:49.0968 1836 RDPWD - ok
12:50:50.0015 1836 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
12:50:50.0359 1836 RDSessMgr - ok
12:50:50.0406 1836 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:50:50.0703 1836 redbook - ok
12:50:50.0750 1836 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
12:50:51.0062 1836 RemoteAccess - ok
12:50:51.0093 1836 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
12:50:51.0406 1836 RpcLocator - ok
12:50:51.0453 1836 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
12:50:51.0578 1836 RpcSs - ok
12:50:51.0640 1836 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
12:50:51.0937 1836 RSVP - ok
12:50:51.0968 1836 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
12:50:52.0187 1836 SamSs - ok
12:50:52.0281 1836 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:50:52.0718 1836 SASDIFSV - ok
12:50:52.0734 1836 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:50:52.0859 1836 SASKUTIL - ok
12:50:52.0906 1836 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
12:50:53.0250 1836 SCardSvr - ok
12:50:53.0296 1836 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
12:50:53.0578 1836 Schedule - ok
12:50:53.0609 1836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:50:53.0734 1836 Secdrv - ok
12:50:53.0781 1836 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
12:50:54.0000 1836 seclogon - ok
12:50:54.0015 1836 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
12:50:54.0265 1836 SENS - ok
12:50:54.0296 1836 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
12:50:54.0609 1836 Serial - ok
12:50:54.0671 1836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:50:54.0921 1836 Sfloppy - ok
12:50:54.0968 1836 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
12:50:55.0281 1836 SharedAccess - ok
12:50:55.0328 1836 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
12:50:55.0437 1836 ShellHWDetection - ok
12:50:55.0453 1836 Simbad - ok
12:50:55.0500 1836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:50:55.0718 1836 SLIP - ok
12:50:55.0734 1836 Sparrow - ok
12:50:55.0781 1836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:50:56.0046 1836 splitter - ok
12:50:56.0078 1836 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:50:56.0218 1836 Spooler - ok
12:50:56.0281 1836 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:50:56.0281 1836 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:50:56.0281 1836 sptd ( LockedFile.Multi.Generic ) - warning
12:50:56.0281 1836 sptd - detected LockedFile.Multi.Generic (1)
12:50:56.0328 1836 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
12:50:56.0546 1836 sr - ok
12:50:56.0578 1836 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
12:50:56.0765 1836 srservice - ok
12:50:56.0812 1836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:50:56.0921 1836 Srv - ok
12:50:56.0984 1836 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
12:50:57.0203 1836 ssadbus - ok
12:50:57.0250 1836 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
12:50:57.0343 1836 ssadmdfl - ok
12:50:57.0390 1836 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
12:50:57.0562 1836 ssadmdm - ok
12:50:57.0609 1836 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
12:50:57.0781 1836 SSDPSRV - ok
12:50:57.0828 1836 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
12:50:57.0906 1836 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:50:57.0906 1836 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:50:57.0968 1836 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
12:50:58.0312 1836 stisvc - ok
12:50:58.0359 1836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:50:58.0593 1836 streamip - ok
12:50:58.0640 1836 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
12:50:58.0734 1836 SUEPD ( UnsignedFile.Multi.Generic ) - warning
12:50:58.0734 1836 SUEPD - detected UnsignedFile.Multi.Generic (1)
12:50:58.0781 1836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:50:59.0000 1836 swenum - ok
12:50:59.0046 1836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:50:59.0328 1836 swmidi - ok
12:50:59.0343 1836 SwPrv - ok
12:50:59.0359 1836 symc810 - ok
12:50:59.0375 1836 symc8xx - ok
12:50:59.0390 1836 sym_hi - ok
12:50:59.0406 1836 sym_u3 - ok
12:50:59.0468 1836 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:50:59.0593 1836 SynTP - ok
12:50:59.0625 1836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:50:59.0906 1836 sysaudio - ok
12:50:59.0937 1836 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
12:51:00.0265 1836 SysmonLog - ok
12:51:00.0296 1836 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
12:51:00.0578 1836 TapiSrv - ok
12:51:00.0625 1836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:51:00.0734 1836 Tcpip - ok
12:51:00.0781 1836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:51:01.0000 1836 TDPIPE - ok
12:51:01.0046 1836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:51:01.0312 1836 TDTCP - ok
12:51:01.0343 1836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:51:01.0593 1836 TermDD - ok
12:51:01.0640 1836 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
12:51:01.0890 1836 TermService - ok
12:51:01.0937 1836 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
12:51:02.0031 1836 Themes - ok
12:51:02.0062 1836 TosIde - ok
12:51:02.0093 1836 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
12:51:02.0343 1836 TrkWks - ok
12:51:02.0390 1836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:51:02.0656 1836 Udfs - ok
12:51:02.0671 1836 ultra - ok
12:51:02.0718 1836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:51:02.0953 1836 Update - ok
12:51:02.0984 1836 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
12:51:03.0140 1836 upnphost - ok
12:51:03.0171 1836 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
12:51:03.0515 1836 UPS - ok
12:51:03.0546 1836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:51:03.0796 1836 usbccgp - ok
12:51:03.0843 1836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:51:04.0078 1836 usbehci - ok
12:51:04.0109 1836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:51:04.0390 1836 usbhub - ok
12:51:04.0437 1836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:51:04.0671 1836 usbprint - ok
12:51:04.0718 1836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:51:04.0937 1836 usbscan - ok
12:51:04.0984 1836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:51:05.0218 1836 USBSTOR - ok
12:51:05.0234 1836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:51:05.0468 1836 usbuhci - ok
12:51:05.0515 1836 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:51:05.0750 1836 usbvideo - ok
12:51:05.0796 1836 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:51:06.0046 1836 usb_rndisx - ok
12:51:06.0078 1836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:51:06.0328 1836 VgaSave - ok
12:51:06.0343 1836 ViaIde - ok
12:51:06.0406 1836 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
12:51:06.0546 1836 VMC326 - ok
12:51:06.0609 1836 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
12:51:06.0875 1836 VolSnap - ok
12:51:06.0937 1836 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
12:51:07.0203 1836 VSS - ok
12:51:07.0250 1836 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
12:51:07.0546 1836 W32Time - ok
12:51:07.0578 1836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:51:07.0843 1836 Wanarp - ok
12:51:07.0859 1836 WDICA - ok
12:51:07.0906 1836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:51:08.0203 1836 wdmaud - ok
12:51:08.0234 1836 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
12:51:08.0500 1836 WebClient - ok
12:51:08.0546 1836 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:51:08.0843 1836 winmgmt - ok
12:51:08.0906 1836 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:51:09.0046 1836 WmdmPmSN - ok
12:51:09.0093 1836 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:51:09.0453 1836 WmiApSrv - ok
12:51:09.0546 1836 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:51:10.0390 1836 WMPNetworkSvc - ok
12:51:10.0468 1836 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:51:10.0546 1836 WpdUsb - ok
12:51:10.0656 1836 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:51:10.0781 1836 WPFFontCache_v0400 - ok
12:51:10.0843 1836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:51:11.0093 1836 WS2IFSL - ok
12:51:11.0109 1836 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
12:51:11.0437 1836 wscsvc - ok
12:51:11.0484 1836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:51:11.0718 1836 WSTCODEC - ok
12:51:11.0765 1836 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
12:51:12.0015 1836 wuauserv - ok
12:51:12.0078 1836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:51:12.0203 1836 WudfPf - ok
12:51:12.0218 1836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:51:12.0343 1836 WudfRd - ok
12:51:12.0375 1836 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:51:12.0437 1836 WudfSvc - ok
12:51:12.0515 1836 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
12:51:12.0843 1836 WZCSVC - ok
12:51:12.0906 1836 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
12:51:13.0250 1836 xmlprov - ok
12:51:13.0265 1836 xpsec - ok
12:51:13.0312 1836 yksvc (b074b1ee465a3292636858323d176402) C:\WINDOWS\System32\yk51x86.dll
12:51:13.0609 1836 yksvc - ok
12:51:13.0640 1836 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:51:13.0750 1836 yukonwxp - ok
12:51:13.0765 1836 zdlbd60j.sys - ok
12:51:13.0812 1836 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0
12:51:13.0859 1836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:51:13.0859 1836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:51:13.0968 1836 Boot (0x1200) (83fdaeffbf4e669a6f77a2c19711d1fe) \Device\Harddisk0\DR0\Partition0
12:51:13.0984 1836 \Device\Harddisk0\DR0\Partition0 - ok
12:51:14.0000 1836 Boot (0x1200) (58ce1eaa32c22d109610ac8d93c1e0f8) \Device\Harddisk0\DR0\Partition1
12:51:14.0000 1836 \Device\Harddisk0\DR0\Partition1 - ok
12:51:14.0000 1836 ============================================================
12:51:14.0000 1836 Scan finished
12:51:14.0000 1836 ============================================================
12:51:14.0109 1452 Detected object count: 7
12:51:14.0109 1452 Actual detected object count: 7
12:52:27.0046 1452 DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:27.0046 1452 DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:27.0046 1452 DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:27.0046 1452 DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:27.0046 1452 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:27.0046 1452 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:27.0046 1452 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:52:27.0046 1452 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:52:27.0062 1452 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:27.0062 1452 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:27.0062 1452 SUEPD ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:27.0062 1452 SUEPD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:27.0875 1452 \Device\Harddisk0\DR0\# - copied to quarantine
12:52:28.0546 1452 \Device\Harddisk0\DR0 - copied to quarantine
12:52:32.0250 1452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
12:52:32.0265 1452 \Device\Harddisk0\DR0 - ok
12:52:32.0265 1452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
12:54:09.0765 2408 Deinitialize success
Hijack log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:10:23, on 14-4-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geert\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocaching.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updateservice (gupdate1ca27bd76236014) (gupdate1ca27bd76236014) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
–
End of file - 10057 bytes
Gr.
Geert
Hoi Geert,
Eindelijk heeft ie de rootkit te pakken maar er blijft altijd nog wat achter.
Graag jou virusscanner helemaal uitschakelen en nogmaals combofix proberen te draaien.
Combo zal de restanten weg moeten halen en anders moet het op een veel moeilijker gebeuren.
Ik weet niet of ik vandaag nog zal reageren, want heb zo een feestje, en anders zal Ben jou verder helpen.
Succes,
Huib;)
Hallo Tessa,
Doe ook nog even deze scan:
Download aswMBR.exe en plaats het op je bureaublad.
• Dubbelklik op "aswMBR.exe" om de tool te starten.
Vista en Windows 7 gebruikers: Reschtsklik -> uitvoeren als Administrator.
• Klik bij het volgende venster op "Nee"
Klik op de knop "scan"
Als de scan gereed is klikt je op de knop "save log"
Plaats dit log bestand in het volgende bericht.
Gr.Ben
Het volgende logje ! :
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 23:50:16
—————————–
23:50:16.750 OS Version: Windows 5.1.2600 Service Pack 3
23:50:16.750 Number of processors: 2 586 0x1C02
23:50:16.750 ComputerName: LAPTOPGEERT UserName: Geert
23:50:17.421 Initialize success
23:50:44.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:50:44.484 Disk 0 Vendor: SAMSUNG_HM160HI HH100-06 Size: 152627MB BusType: 3
23:50:44.515 Disk 0 MBR read successfully
23:50:44.515 Disk 0 MBR scan
23:50:44.515 Disk 0 unknown MBR code
23:50:44.515 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
23:50:44.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30765 MB offset 12594960
23:50:44.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 115711 MB offset 75601920
23:50:44.546 Disk 0 scanning sectors +312578048
23:50:44.593 Disk 0 malicious Win32:MBRoot code @ sector 312578051 !
23:50:44.640 Disk 0 scanning C:\WINDOWS\system32\drivers
23:50:50.937 Service scanning
23:50:56.281 Service MpKsl6625565c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{356A3495-0B97-403B-8C2C-3796D70C8A1F}\MpKsl6625565c.sys **LOCKED** 32
23:50:59.062 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:51:01.812 Modules scanning
23:51:08.765 Disk 0 trace - called modules:
23:51:08.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqz.sys >>UNKNOWN <<
23:51:08.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0
23:51:08.796 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\00000073
23:51:08.812 5 ACPI.sys -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3
23:51:08.812 Scan finished successfully
23:51:23.640 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Geert\Bureaublad\MBR.dat”
23:51:23.656 The log file has been saved successfully to “C:\Documents and Settings\Geert\Bureaublad\aswMBR.txt”
Gr.
Geert
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's