Het eerste logje :
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 13:24:23
—————————–
13:24:23.406 OS Version: Windows 5.1.2600 Service Pack 3
13:24:23.406 Number of processors: 2 586 0x1C02
13:24:23.406 ComputerName: LAPTOPGEERT UserName: Geert
13:24:23.781 Initialize success
13:24:27.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:24:27.500 Disk 0 Vendor: SAMSUNG_HM160HI HH100-06 Size: 152627MB BusType: 3
13:24:27.515 Disk 0 MBR read successfully
13:24:27.515 Disk 0 MBR scan
13:24:27.531 Disk 0 unknown MBR code
13:24:27.531 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
13:24:27.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30765 MB offset 12594960
13:24:27.562 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 115711 MB offset 75601920
13:24:27.562 Disk 0 scanning sectors +312578048
13:24:27.609 Disk 0 malicious Win32:MBRoot code @ sector 312578051 !
13:24:27.656 Disk 0 scanning C:\WINDOWS\system32\drivers
13:24:33.765 Service scanning
13:24:41.718 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
13:24:44.421 Modules scanning
13:24:52.203 Disk 0 trace - called modules:
13:24:52.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spna.sys >>UNKNOWN <<
13:24:52.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0
13:24:52.234 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\00000073
13:24:52.234 5 ACPI.sys -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3
13:24:52.250 Scan finished successfully
13:25:16.437 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Geert\Bureaublad\MBR.dat”
13:25:16.453 The log file has been saved successfully to “C:\Documents and Settings\Geert\Bureaublad\scan.txt”
Wordt een beetje moedeloos van die Combofix, wederom geeft hij aan dat er een ernstig probleem verholpen is..ook geen log hiervan …..
Gr.
Geert
Hallo Tessa,
Nee met Combo zit het niet mee,
Maakt hij wel de scan af?
Is je de Laptop opnieuw opgestart?
1. Staat het logje hier:
c:\combofix.txt
c:\combofix\combofix.txt of ergens anders in de combofix map?
2. Doe ook nog even een nieuwe scan met TDSS en plaats dat logje.
Vertel erbij hoe het gaat met je LapTop.
Gr.Ben
Hoi Ben,
De combofix log is echt nergens te vinden… Die combofix heeft zich nog steeds tussen mijn mappenstruktuur genesteld.
De laptop is wel aanmerkelijk sneller, maar die Combofix heeft toch iets achtergelaten vrees ik….
Het logje van TDSS :
15:53:22.0437 3456 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:53:22.0578 3456 ============================================================
15:53:22.0578 3456 Current date / time: 2012/04/15 15:53:22.0578
15:53:22.0578 3456 SystemInfo:
15:53:22.0578 3456
15:53:22.0578 3456 OS Version: 5.1.2600 ServicePack: 3.0
15:53:22.0578 3456 Product type: Workstation
15:53:22.0578 3456 ComputerName: LAPTOPGEERT
15:53:22.0578 3456 UserName: Geert
15:53:22.0578 3456 Windows directory: C:\WINDOWS
15:53:22.0578 3456 System windows directory: C:\WINDOWS
15:53:22.0578 3456 Processor architecture: Intel x86
15:53:22.0578 3456 Number of processors: 2
15:53:22.0578 3456 Page size: 0x1000
15:53:22.0578 3456 Boot type: Normal boot
15:53:22.0578 3456 ============================================================
15:53:24.0843 3456 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000054
15:53:24.0859 3456 \Device\Harddisk0\DR0:
15:53:24.0859 3456 MBR used
15:53:24.0859 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x3C168F0
15:53:24.0859 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4819800, BlocksNum 0xE1FF800
15:53:24.0937 3456 Initialize success
15:53:24.0937 3456 ============================================================
15:53:33.0296 3872 ============================================================
15:53:33.0296 3872 Scan started
15:53:33.0296 3872 Mode: Manual; SigCheck; TDLFS;
15:53:33.0296 3872 ============================================================
15:53:33.0625 3872 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:53:33.0875 3872 !SASCORE - ok
15:53:33.0953 3872 Abiosdsk - ok
15:53:33.0968 3872 abp480n5 - ok
15:53:34.0031 3872 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:53:34.0671 3872 ACPI - ok
15:53:34.0750 3872 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:53:34.0968 3872 ACPIEC - ok
15:53:35.0046 3872 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:35.0093 3872 AdobeFlashPlayerUpdateSvc - ok
15:53:35.0093 3872 adpu160m - ok
15:53:35.0140 3872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:53:35.0359 3872 aec - ok
15:53:35.0390 3872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:53:35.0437 3872 AFD - ok
15:53:35.0453 3872 Aha154x - ok
15:53:35.0468 3872 aic78u2 - ok
15:53:35.0484 3872 aic78xx - ok
15:53:35.0515 3872 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
15:53:35.0734 3872 Alerter - ok
15:53:35.0765 3872 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
15:53:35.0859 3872 ALG - ok
15:53:35.0875 3872 AliIde - ok
15:53:35.0890 3872 amsint - ok
15:53:35.0906 3872 AppMgmt - ok
15:53:35.0968 3872 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
15:53:36.0109 3872 AR5416 - ok
15:53:36.0125 3872 asc - ok
15:53:36.0140 3872 asc3350p - ok
15:53:36.0156 3872 asc3550 - ok
15:53:36.0234 3872 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:53:36.0265 3872 aspnet_state - ok
15:53:36.0281 3872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:53:36.0515 3872 AsyncMac - ok
15:53:36.0546 3872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:53:36.0781 3872 atapi - ok
15:53:36.0796 3872 Atdisk - ok
15:53:36.0828 3872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:53:37.0015 3872 Atmarpc - ok
15:53:37.0062 3872 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
15:53:37.0250 3872 AudioSrv - ok
15:53:37.0296 3872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:53:37.0484 3872 audstub - ok
15:53:37.0515 3872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:53:37.0703 3872 Beep - ok
15:53:37.0750 3872 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
15:53:38.0000 3872 BITS - ok
15:53:38.0031 3872 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
15:53:38.0250 3872 Browser - ok
15:53:38.0296 3872 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
15:53:38.0515 3872 btaudio - ok
15:53:38.0562 3872 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:53:38.0578 3872 BTDriver - ok
15:53:38.0640 3872 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:53:38.0718 3872 BTKRNL - ok
15:53:38.0812 3872 btwdins (80349cb09ddc2f99e16d0f8919e2dca3) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:53:38.0859 3872 btwdins - ok
15:53:38.0890 3872 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:53:38.0937 3872 BTWDNDIS - ok
15:53:38.0953 3872 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
15:53:38.0984 3872 btwmodem - ok
15:53:39.0000 3872 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
15:53:39.0031 3872 BTWUSB - ok
15:53:39.0078 3872 catchme - ok
15:53:39.0093 3872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:53:39.0359 3872 cbidf2k - ok
15:53:39.0390 3872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:53:39.0593 3872 CCDECODE - ok
15:53:39.0609 3872 cd20xrnt - ok
15:53:39.0656 3872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:53:39.0859 3872 Cdaudio - ok
15:53:39.0890 3872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:53:40.0078 3872 Cdfs - ok
15:53:40.0093 3872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:53:40.0281 3872 Cdrom - ok
15:53:40.0296 3872 Changer - ok
15:53:40.0328 3872 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
15:53:40.0515 3872 CiSvc - ok
15:53:40.0531 3872 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
15:53:40.0718 3872 ClipSrv - ok
15:53:40.0812 3872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:40.0828 3872 clr_optimization_v2.0.50727_32 - ok
15:53:40.0906 3872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:40.0921 3872 clr_optimization_v4.0.30319_32 - ok
15:53:40.0968 3872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:53:41.0156 3872 CmBatt - ok
15:53:41.0171 3872 CmdIde - ok
15:53:41.0203 3872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:53:41.0421 3872 Compbatt - ok
15:53:41.0437 3872 COMSysApp - ok
15:53:41.0468 3872 Cpqarray - ok
15:53:41.0500 3872 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
15:53:41.0703 3872 CryptSvc - ok
15:53:41.0718 3872 dac2w2k - ok
15:53:41.0734 3872 dac960nt - ok
15:53:41.0796 3872 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:53:41.0859 3872 DcomLaunch - ok
15:53:41.0890 3872 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
15:53:42.0093 3872 Dhcp - ok
15:53:42.0109 3872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:53:42.0328 3872 Disk - ok
15:53:42.0328 3872 dmadmin - ok
15:53:42.0406 3872 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:53:42.0625 3872 dmboot - ok
15:53:42.0671 3872 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:53:42.0875 3872 dmio - ok
15:53:42.0906 3872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:53:43.0109 3872 dmload - ok
15:53:43.0140 3872 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
15:53:43.0328 3872 dmserver - ok
15:53:43.0375 3872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:53:43.0562 3872 DMusic - ok
15:53:43.0593 3872 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
15:53:43.0671 3872 Dnscache - ok
15:53:43.0718 3872 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
15:53:43.0734 3872 DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
15:53:43.0734 3872 DNSeFilter - detected UnsignedFile.Multi.Generic (1)
15:53:43.0781 3872 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
15:53:43.0796 3872 DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
15:53:43.0796 3872 DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
15:53:43.0843 3872 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
15:53:44.0046 3872 Dot3svc - ok
15:53:44.0046 3872 dpti2o - ok
15:53:44.0078 3872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:53:44.0359 3872 drmkaud - ok
15:53:44.0421 3872 e.dentifier2 (30e8affed744ec4c79b4961f5fe10134) C:\WINDOWS\system32\DRIVERS\aabed2.sys
15:53:44.0468 3872 e.dentifier2 - ok
15:53:44.0500 3872 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
15:53:44.0687 3872 EapHost - ok
15:53:44.0703 3872 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
15:53:44.0937 3872 ERSvc - ok
15:53:44.0984 3872 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:53:45.0000 3872 Eventlog - ok
15:53:45.0031 3872 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
15:53:45.0093 3872 EventSystem - ok
15:53:45.0125 3872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:53:45.0343 3872 Fastfat - ok
15:53:45.0390 3872 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:53:45.0437 3872 FastUserSwitchingCompatibility - ok
15:53:45.0468 3872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:53:45.0703 3872 Fdc - ok
15:53:45.0718 3872 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:53:45.0937 3872 Fips - ok
15:53:45.0953 3872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:53:46.0156 3872 Flpydisk - ok
15:53:46.0203 3872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:53:46.0390 3872 FltMgr - ok
15:53:46.0468 3872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:53:46.0484 3872 FontCache3.0.0.0 - ok
15:53:46.0531 3872 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
15:53:46.0562 3872 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:53:46.0562 3872 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:53:46.0578 3872 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\WINDOWS\system32\FsUsbExService.Exe
15:53:46.0609 3872 FsUsbExService - ok
15:53:46.0625 3872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:53:46.0812 3872 Fs_Rec - ok
15:53:46.0859 3872 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:53:47.0062 3872 Ftdisk - ok
15:53:47.0109 3872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:53:47.0312 3872 Gpc - ok
15:53:47.0328 3872 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
15:53:47.0375 3872 grmnusb - ok
15:53:47.0453 3872 gupdate1ca27bd76236014 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:53:47.0484 3872 gupdate1ca27bd76236014 - ok
15:53:47.0500 3872 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:53:47.0515 3872 gupdatem - ok
15:53:47.0531 3872 gusvc (a420ee812d88aef8c03e11edd4b353dd) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:53:47.0562 3872 gusvc - ok
15:53:48.0000 3872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:53:48.0218 3872 HDAudBus - ok
15:53:48.0234 3872 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:53:48.0453 3872 helpsvc - ok
15:53:48.0453 3872 HidServ - ok
15:53:48.0500 3872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:53:48.0703 3872 HidUsb - ok
15:53:48.0734 3872 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
15:53:48.0937 3872 hkmsvc - ok
15:53:48.0953 3872 hpn - ok
15:53:49.0000 3872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:53:49.0062 3872 HTTP - ok
15:53:49.0109 3872 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
15:53:49.0312 3872 HTTPFilter - ok
15:53:49.0328 3872 i2omgmt - ok
15:53:49.0343 3872 i2omp - ok
15:53:49.0390 3872 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:53:49.0609 3872 i8042prt - ok
15:53:49.0796 3872 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:53:50.0187 3872 ialm - ok
15:53:50.0343 3872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:53:50.0437 3872 idsvc - ok
15:53:50.0515 3872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:53:50.0828 3872 Imapi - ok
15:53:50.0875 3872 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
15:53:51.0078 3872 ImapiService - ok
15:53:51.0093 3872 ini910u - ok
15:53:51.0265 3872 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:53:51.0609 3872 IntcAzAudAddService - ok
15:53:51.0671 3872 IntelIde - ok
15:53:51.0718 3872 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:53:51.0984 3872 intelppm - ok
15:53:52.0015 3872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:53:52.0281 3872 Ip6Fw - ok
15:53:52.0312 3872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:53:52.0500 3872 IpFilterDriver - ok
15:53:52.0515 3872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:53:52.0703 3872 IpInIp - ok
15:53:52.0734 3872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:53:52.0953 3872 IpNat - ok
15:53:53.0000 3872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:53:53.0187 3872 IPSec - ok
15:53:53.0234 3872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:53:53.0312 3872 IRENUM - ok
15:53:53.0359 3872 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:53:53.0562 3872 isapnp - ok
15:53:53.0609 3872 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:53:53.0812 3872 Kbdclass - ok
15:53:53.0843 3872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:53:54.0031 3872 kmixer - ok
15:53:54.0062 3872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:53:54.0109 3872 KSecDD - ok
15:53:54.0156 3872 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
15:53:54.0203 3872 LanmanServer - ok
15:53:54.0265 3872 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
15:53:54.0296 3872 lanmanworkstation - ok
15:53:54.0312 3872 lbrtfdc - ok
15:53:54.0359 3872 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
15:53:54.0562 3872 LmHosts - ok
15:53:54.0593 3872 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:53:54.0625 3872 MBAMProtector - ok
15:53:54.0734 3872 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:53:54.0812 3872 MBAMService - ok
15:53:54.0906 3872 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
15:53:55.0140 3872 Messenger - ok
15:53:55.0218 3872 Microsoft SharePoint Workspace Audit Service - ok
15:53:55.0265 3872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:53:55.0546 3872 mnmdd - ok
15:53:55.0593 3872 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
15:53:55.0843 3872 mnmsrvc - ok
15:53:55.0890 3872 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:53:56.0093 3872 Modem - ok
15:53:56.0109 3872 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:53:56.0296 3872 Mouclass - ok
15:53:56.0343 3872 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:53:56.0531 3872 mouhid - ok
15:53:56.0562 3872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:53:56.0750 3872 MountMgr - ok
15:53:56.0781 3872 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:53:56.0812 3872 MpFilter - ok
15:53:56.0921 3872 MpKsl378c8a2b (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A6F051F-79D5-42A6-9633-C0679D373654}\MpKsl378c8a2b.sys
15:53:56.0953 3872 MpKsl378c8a2b - ok
15:53:56.0953 3872 mraid35x - ok
15:53:57.0000 3872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:53:57.0203 3872 MRxDAV - ok
15:53:57.0250 3872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:53:57.0343 3872 MRxSmb - ok
15:53:57.0375 3872 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
15:53:57.0609 3872 MSDTC - ok
15:53:57.0656 3872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:53:57.0843 3872 Msfs - ok
15:53:57.0859 3872 MSIServer - ok
15:53:57.0890 3872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:53:58.0078 3872 MSKSSRV - ok
15:53:58.0187 3872 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:53:58.0203 3872 MsMpSvc - ok
15:53:58.0234 3872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:53:58.0453 3872 MSPCLOCK - ok
15:53:58.0453 3872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:53:58.0656 3872 MSPQM - ok
15:53:58.0687 3872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:53:58.0875 3872 mssmbios - ok
15:53:58.0906 3872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:53:59.0093 3872 MSTEE - ok
15:53:59.0140 3872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:53:59.0203 3872 Mup - ok
15:53:59.0218 3872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:53:59.0406 3872 NABTSFEC - ok
15:53:59.0453 3872 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
15:53:59.0656 3872 napagent - ok
15:53:59.0703 3872 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
15:53:59.0750 3872 NDIS - ok
15:53:59.0781 3872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:53:59.0984 3872 NdisIP - ok
15:54:00.0031 3872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:54:00.0078 3872 NdisTapi - ok
15:54:00.0125 3872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:54:00.0328 3872 Ndisuio - ok
15:54:00.0359 3872 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:54:00.0390 3872 NdisWan - ok
15:54:00.0437 3872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:54:00.0484 3872 NDProxy - ok
15:54:00.0515 3872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:54:00.0765 3872 NetBIOS - ok
15:54:00.0796 3872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:54:00.0984 3872 NetBT - ok
15:54:01.0015 3872 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:54:01.0218 3872 NetDDE - ok
15:54:01.0234 3872 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:54:01.0421 3872 NetDDEdsdm - ok
15:54:01.0468 3872 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:01.0656 3872 Netlogon - ok
15:54:01.0703 3872 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
15:54:01.0890 3872 Netman - ok
15:54:01.0953 3872 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:01.0984 3872 NetTcpPortSharing - ok
15:54:02.0031 3872 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
15:54:02.0078 3872 Nla - ok
15:54:02.0109 3872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:54:02.0312 3872 Npfs - ok
15:54:02.0359 3872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:54:02.0562 3872 Ntfs - ok
15:54:02.0609 3872 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:02.0812 3872 NtLmSsp - ok
15:54:02.0843 3872 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
15:54:03.0046 3872 NtmsSvc - ok
15:54:03.0078 3872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:54:03.0281 3872 Null - ok
15:54:03.0312 3872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:54:03.0500 3872 NwlnkFlt - ok
15:54:03.0515 3872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:54:03.0718 3872 NwlnkFwd - ok
15:54:03.0812 3872 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:03.0828 3872 ose - ok
15:54:04.0046 3872 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:54:04.0375 3872 osppsvc - ok
15:54:04.0484 3872 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
15:54:04.0687 3872 Parport - ok
15:54:04.0718 3872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:54:04.0921 3872 PartMgr - ok
15:54:04.0968 3872 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:54:05.0156 3872 ParVdm - ok
15:54:05.0187 3872 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:54:05.0390 3872 PCI - ok
15:54:05.0406 3872 PCIDump - ok
15:54:05.0421 3872 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:54:05.0609 3872 PCIIde - ok
15:54:05.0640 3872 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:54:05.0843 3872 Pcmcia - ok
15:54:05.0859 3872 PDCOMP - ok
15:54:05.0875 3872 PDFRAME - ok
15:54:05.0890 3872 PDRELI - ok
15:54:05.0906 3872 PDRFRAME - ok
15:54:05.0921 3872 perc2 - ok
15:54:05.0937 3872 perc2hib - ok
15:54:06.0000 3872 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:54:06.0031 3872 PlugPlay - ok
15:54:06.0062 3872 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:06.0234 3872 PolicyAgent - ok
15:54:06.0265 3872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:54:06.0468 3872 PptpMiniport - ok
15:54:06.0484 3872 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:06.0671 3872 ProtectedStorage - ok
15:54:06.0687 3872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:54:06.0875 3872 PSched - ok
15:54:06.0890 3872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:54:07.0093 3872 Ptilink - ok
15:54:07.0109 3872 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:54:07.0140 3872 PxHelp20 - ok
15:54:07.0156 3872 ql1080 - ok
15:54:07.0171 3872 Ql10wnt - ok
15:54:07.0187 3872 ql12160 - ok
15:54:07.0203 3872 ql1240 - ok
15:54:07.0218 3872 ql1280 - ok
15:54:07.0234 3872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:54:07.0421 3872 RasAcd - ok
15:54:07.0453 3872 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
15:54:07.0656 3872 RasAuto - ok
15:54:07.0671 3872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:54:07.0875 3872 Rasl2tp - ok
15:54:07.0890 3872 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
15:54:08.0093 3872 RasMan - ok
15:54:08.0109 3872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:54:08.0312 3872 RasPppoe - ok
15:54:08.0328 3872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:54:08.0546 3872 Raspti - ok
15:54:08.0593 3872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:54:08.0781 3872 Rdbss - ok
15:54:08.0828 3872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:54:09.0015 3872 RDPCDD - ok
15:54:09.0078 3872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:54:09.0140 3872 RDPWD - ok
15:54:09.0187 3872 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
15:54:09.0390 3872 RDSessMgr - ok
15:54:09.0437 3872 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:54:09.0656 3872 redbook - ok
15:54:09.0687 3872 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
15:54:09.0921 3872 RemoteAccess - ok
15:54:09.0953 3872 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
15:54:10.0140 3872 RpcLocator - ok
15:54:10.0187 3872 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:54:10.0250 3872 RpcSs - ok
15:54:10.0281 3872 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
15:54:10.0484 3872 RSVP - ok
15:54:10.0531 3872 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:10.0734 3872 SamSs - ok
15:54:10.0812 3872 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:54:10.0843 3872 SASDIFSV - ok
15:54:10.0843 3872 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:54:10.0875 3872 SASKUTIL - ok
15:54:10.0906 3872 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
15:54:11.0140 3872 SCardSvr - ok
15:54:11.0187 3872 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
15:54:11.0421 3872 Schedule - ok
15:54:11.0453 3872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:54:11.0562 3872 Secdrv - ok
15:54:11.0609 3872 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
15:54:11.0828 3872 seclogon - ok
15:54:11.0828 3872 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
15:54:12.0031 3872 SENS - ok
15:54:12.0078 3872 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
15:54:12.0281 3872 Serial - ok
15:54:12.0328 3872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:54:12.0531 3872 Sfloppy - ok
15:54:12.0578 3872 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
15:54:12.0781 3872 SharedAccess - ok
15:54:12.0812 3872 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:54:12.0859 3872 ShellHWDetection - ok
15:54:12.0859 3872 Simbad - ok
15:54:12.0906 3872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:54:13.0093 3872 SLIP - ok
15:54:13.0109 3872 Sparrow - ok
15:54:13.0156 3872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:54:13.0359 3872 splitter - ok
15:54:13.0390 3872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:54:13.0437 3872 Spooler - ok
15:54:13.0500 3872 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
15:54:13.0500 3872 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
15:54:13.0500 3872 sptd ( LockedFile.Multi.Generic ) - warning
15:54:13.0500 3872 sptd - detected LockedFile.Multi.Generic (1)
15:54:13.0531 3872 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:54:13.0625 3872 sr - ok
15:54:13.0656 3872 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
15:54:13.0765 3872 srservice - ok
15:54:13.0796 3872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:54:13.0843 3872 Srv - ok
15:54:13.0890 3872 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:54:13.0984 3872 ssadbus - ok
15:54:14.0031 3872 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:54:14.0093 3872 ssadmdfl - ok
15:54:14.0140 3872 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:54:14.0187 3872 ssadmdm - ok
15:54:14.0234 3872 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
15:54:14.0343 3872 SSDPSRV - ok
15:54:14.0390 3872 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
15:54:14.0421 3872 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:54:14.0421 3872 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:54:14.0484 3872 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
15:54:14.0750 3872 stisvc - ok
15:54:14.0796 3872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:54:14.0968 3872 streamip - ok
15:54:15.0015 3872 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
15:54:15.0015 3872 SUEPD ( UnsignedFile.Multi.Generic ) - warning
15:54:15.0015 3872 SUEPD - detected UnsignedFile.Multi.Generic (1)
15:54:15.0062 3872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:54:15.0265 3872 swenum - ok
15:54:15.0312 3872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:54:15.0500 3872 swmidi - ok
15:54:15.0515 3872 SwPrv - ok
15:54:15.0531 3872 symc810 - ok
15:54:15.0546 3872 symc8xx - ok
15:54:15.0562 3872 sym_hi - ok
15:54:15.0578 3872 sym_u3 - ok
15:54:15.0625 3872 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:54:15.0671 3872 SynTP - ok
15:54:15.0703 3872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:54:15.0890 3872 sysaudio - ok
15:54:15.0921 3872 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
15:54:16.0125 3872 SysmonLog - ok
15:54:16.0156 3872 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
15:54:16.0375 3872 TapiSrv - ok
15:54:16.0421 3872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:54:16.0468 3872 Tcpip - ok
15:54:16.0515 3872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:54:16.0718 3872 TDPIPE - ok
15:54:16.0734 3872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:54:16.0937 3872 TDTCP - ok
15:54:16.0984 3872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:54:17.0171 3872 TermDD - ok
15:54:17.0203 3872 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
15:54:17.0421 3872 TermService - ok
15:54:17.0453 3872 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:54:17.0484 3872 Themes - ok
15:54:17.0500 3872 TosIde - ok
15:54:17.0546 3872 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
15:54:17.0734 3872 TrkWks - ok
15:54:17.0781 3872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:54:17.0968 3872 Udfs - ok
15:54:17.0984 3872 ultra - ok
15:54:18.0031 3872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:54:18.0234 3872 Update - ok
15:54:18.0265 3872 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
15:54:18.0375 3872 upnphost - ok
15:54:18.0406 3872 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
15:54:18.0593 3872 UPS - ok
15:54:18.0625 3872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:54:18.0812 3872 usbccgp - ok
15:54:18.0859 3872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:54:19.0062 3872 usbehci - ok
15:54:19.0078 3872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:54:19.0265 3872 usbhub - ok
15:54:19.0296 3872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:54:19.0468 3872 usbprint - ok
15:54:19.0515 3872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:54:19.0687 3872 usbscan - ok
15:54:19.0734 3872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:54:19.0921 3872 USBSTOR - ok
15:54:19.0937 3872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:54:20.0140 3872 usbuhci - ok
15:54:20.0171 3872 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:54:20.0375 3872 usbvideo - ok
15:54:20.0390 3872 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:54:20.0578 3872 usb_rndisx - ok
15:54:20.0625 3872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:54:20.0828 3872 VgaSave - ok
15:54:20.0843 3872 ViaIde - ok
15:54:20.0890 3872 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
15:54:20.0953 3872 VMC326 - ok
15:54:21.0000 3872 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:54:21.0187 3872 VolSnap - ok
15:54:21.0250 3872 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
15:54:21.0359 3872 VSS - ok
15:54:21.0390 3872 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
15:54:21.0609 3872 W32Time - ok
15:54:21.0671 3872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:54:21.0859 3872 Wanarp - ok
15:54:21.0875 3872 WDICA - ok
15:54:21.0921 3872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:54:22.0125 3872 wdmaud - ok
15:54:22.0156 3872 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
15:54:22.0359 3872 WebClient - ok
15:54:22.0406 3872 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:54:22.0609 3872 winmgmt - ok
15:54:22.0656 3872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:54:22.0734 3872 WmdmPmSN - ok
15:54:22.0765 3872 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:54:22.0953 3872 WmiApSrv - ok
15:54:23.0062 3872 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:54:23.0140 3872 WMPNetworkSvc - ok
15:54:23.0171 3872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:54:23.0203 3872 WpdUsb - ok
15:54:23.0328 3872 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:23.0406 3872 WPFFontCache_v0400 - ok
15:54:23.0468 3872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:54:23.0703 3872 WS2IFSL - ok
15:54:23.0734 3872 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
15:54:24.0015 3872 wscsvc - ok
15:54:24.0062 3872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:54:24.0343 3872 WSTCODEC - ok
15:54:24.0390 3872 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
15:54:24.0593 3872 wuauserv - ok
15:54:24.0625 3872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:54:24.0656 3872 WudfPf - ok
15:54:24.0703 3872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:54:24.0718 3872 WudfRd - ok
15:54:24.0750 3872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:54:24.0781 3872 WudfSvc - ok
15:54:24.0812 3872 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
15:54:25.0046 3872 WZCSVC - ok
15:54:25.0093 3872 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
15:54:25.0281 3872 xmlprov - ok
15:54:25.0296 3872 xpsec - ok
15:54:25.0328 3872 yksvc (b074b1ee465a3292636858323d176402) C:\WINDOWS\System32\yk51x86.dll
15:54:25.0406 3872 yksvc - ok
15:54:25.0437 3872 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
15:54:25.0500 3872 yukonwxp - ok
15:54:25.0515 3872 zdlbd60j.sys - ok
15:54:25.0562 3872 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0
15:54:26.0218 3872 \Device\Harddisk0\DR0 - ok
15:54:26.0250 3872 Boot (0x1200) (83fdaeffbf4e669a6f77a2c19711d1fe) \Device\Harddisk0\DR0\Partition0
15:54:26.0265 3872 \Device\Harddisk0\DR0\Partition0 - ok
15:54:26.0281 3872 Boot (0x1200) (58ce1eaa32c22d109610ac8d93c1e0f8) \Device\Harddisk0\DR0\Partition1
15:54:26.0281 3872 \Device\Harddisk0\DR0\Partition1 - ok
15:54:26.0281 3872 ============================================================
15:54:26.0281 3872 Scan finished
15:54:26.0281 3872 ============================================================
15:54:26.0421 3860 Detected object count: 6
15:54:26.0421 3860 Actual detected object count: 6
15:54:49.0687 3860 DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0687 3860 DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0687 3860 DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0687 3860 DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0687 3860 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0687 3860 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0703 3860 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:54:49.0703 3860 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:54:49.0703 3860 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0703 3860 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0734 3860 SUEPD ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0734 3860 SUEPD ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hallo Tessa,
TDSS ziet er netjes uit.(dus we gaan wel de goede kant op)
maar die Combofix heeft toch iets achtergelaten vrees ik….
Hoe bedoel je dit, merk je wat aan je LapTop?
1. Verwijder van je bureaublad. (met je rechtermuisknop op het exe.bestand klikken en dan op verwijderen.)
EmsisoftEmergencyKit
TDSSKiller.exe
aswMBR.exe
* BELANGRIJK !!! Staat ComboFix.exe op je Bureaublad zo nee, plaats Combofix.exe daar eerst heen!
2. Verwijder Combofix op deze manier aub.
Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
3. Heb je de Windows XP SP3 doe dan:
Ga naar,
Start > uitvoeren type daar sfc /scannow (denk om de spatie). cd van Windows bij de hand houden, als er om gevraagd word in de speler stoppen en laten draaien.
4. Plaats hierna een nieuw HijackThis logje en vertel hoe het gaat.
Gr.Ben
Combofix is eraf !
Windows check ook in orde..
Hierbij (hopelijk) het laatste hijack logje (
)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:57, on 15-4-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geert\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocaching.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: “C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updateservice (gupdate1ca27bd76236014) (gupdate1ca27bd76236014) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
–
End of file - 9681 bytes
Hallo Tessa,
Omdat je toch aardig geïnfecteerd was wil ik toch zekerheid hebben, daarom extra scans.
* Start HijackThis en kies voor “Do a systemscan only”.
Vink vervolgens enkel deze onderstaande regels aan:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Sluit vervolgens alle vensters, behalve HijackThis. Klik daarna op “Fix checked”.
Wanneer je een vraag krijgt of je het zeker weet, bevestig deze dan met "Ja".
En ter afsluiting laat ik deze scan nog doen B) (hierna kunnen we gaan afsluiten)
• Klik op de knop ESET Online Scanner
• Zet een vinkje bij YES, I accept the Terms of Use
• Klik op Start
• Sta het ActiveX control toe om te installeren.
• Zet een vinkje bij de volgende opties:
o Remove found threats
o Scan archives
• Klik vervolgens op “Advanced Settings”
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth technology
• Klik op Start
• De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
• is de scan klaar, klik dan op > List of found threats
• Klik vervolgens op > Export to text file….
• Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
• Daarna mag jij het venster sluiten omdat de scan klaar is.
• Open vervolgens het log dat op je bureaublad staat.
• En kopieer en plak dan de inhoud van dit log in je volgende bericht.
N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
Gr.Ben
Hoi Geert,
Ook dat is dan oke.
De snelheid, is die ook weer beter:S
Zover ik gelezen heb zijn alle scan progamma's weer verwijderd.
Wel moet je jou java updaten.
De versie die je nu hebt is zeer sterk verouderd.
Laat na de updates van java, Ccleaner nogmaals standaard draaien, eerst de cleaner en daarna het register.
Ook adviseer ik jou om alle wachtwoorden te veranderen.
Als je nog problemen ergens ondervind, laat dit even weten.
Succes,
Huib;)
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
