Mijn laptop start na de vakantie zeer langzaam op. Met name ook outlook doet er heel lang over. Malwarebytes vond 3 PUP bestanden die zijn verwijderd. De laptop is ook schoongemaakt en vrij van stof.
Willen jullie svp de logbestanden bekijken?
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 20:50:27
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: f3iru5bp.exe; Driver: C:\Users\PAULLO~1\AppData\Local\Temp\pwloikod.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\WLANExt.exe [1592:1640] 000000018000b6d4
Thread C:\Windows\system32\WLANExt.exe [1592:1644] 000000018000b6f0
Thread C:\Windows\system32\WLANExt.exe [1592:1648] 000000018000b6b8
Thread C:\Windows\system32\WLANExt.exe [1592:1652] 00000001800221a0
Thread C:\Windows\system32\WLANExt.exe [1592:1656] 000007fef9322f9c
Thread C:\Windows\System32\spoolsv.exe [1900:2624] 000007fef7b510c8
Thread C:\Windows\System32\spoolsv.exe [1900:2632] 000007fef7b16144
Thread C:\Windows\System32\spoolsv.exe [1900:2636] 000007fef7905fd0
Thread C:\Windows\System32\spoolsv.exe [1900:2640] 000007fef78f3438
Thread C:\Windows\System32\spoolsv.exe [1900:2644] 000007fef79063ec
Thread C:\Windows\System32\spoolsv.exe [1900:2652] 000007fef7cf5e5c
Thread C:\Windows\System32\spoolsv.exe [1900:2656] 000007fef7d2484c
Thread C:\Windows\System32\spoolsv.exe [1900:3044] 000007fef7cd56dc
Thread C:\Windows\SysWOW64\ctfmon.exe [4940:2396] 00000000771a2e3e
Thread C:\Windows\SysWOW64\ctfmon.exe [4940:3648] 0000000075f68bec
Thread C:\Windows\system32\svchost.exe [3052:3956] 000007fefd58a808
Thread C:\Windows\system32\DllHost.exe [6368:5128] 000007fefde43570
Thread C:\Windows\system32\DllHost.exe [6368:6352] 000007feee7dae60
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071c10000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071b70000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071880000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 00000000717e0000
Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [2200](2010-09-29 01:33:40) 0000000000400000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071c10000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071b70000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071880000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 00000000717e0000
Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [3888] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-09-29 01:33:34) 0000000000400000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2014-08-15 18:46:08) 0000000003fd0000
Library c:\users\paullo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pjzj_.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2014-08-18 13:21:25) 0000000004420000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2013-08-23 19:01:44) 0000000059350000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000005fc40000
---- EOF - GMER 2.1 ----
Willen jullie svp de logbestanden bekijken?
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 20:50:27
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: f3iru5bp.exe; Driver: C:\Users\PAULLO~1\AppData\Local\Temp\pwloikod.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\WLANExt.exe [1592:1640] 000000018000b6d4
Thread C:\Windows\system32\WLANExt.exe [1592:1644] 000000018000b6f0
Thread C:\Windows\system32\WLANExt.exe [1592:1648] 000000018000b6b8
Thread C:\Windows\system32\WLANExt.exe [1592:1652] 00000001800221a0
Thread C:\Windows\system32\WLANExt.exe [1592:1656] 000007fef9322f9c
Thread C:\Windows\System32\spoolsv.exe [1900:2624] 000007fef7b510c8
Thread C:\Windows\System32\spoolsv.exe [1900:2632] 000007fef7b16144
Thread C:\Windows\System32\spoolsv.exe [1900:2636] 000007fef7905fd0
Thread C:\Windows\System32\spoolsv.exe [1900:2640] 000007fef78f3438
Thread C:\Windows\System32\spoolsv.exe [1900:2644] 000007fef79063ec
Thread C:\Windows\System32\spoolsv.exe [1900:2652] 000007fef7cf5e5c
Thread C:\Windows\System32\spoolsv.exe [1900:2656] 000007fef7d2484c
Thread C:\Windows\System32\spoolsv.exe [1900:3044] 000007fef7cd56dc
Thread C:\Windows\SysWOW64\ctfmon.exe [4940:2396] 00000000771a2e3e
Thread C:\Windows\SysWOW64\ctfmon.exe [4940:3648] 0000000075f68bec
Thread C:\Windows\system32\svchost.exe [3052:3956] 000007fefd58a808
Thread C:\Windows\system32\DllHost.exe [6368:5128] 000007fefde43570
Thread C:\Windows\system32\DllHost.exe [6368:6352] 000007feee7dae60
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071c10000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071b70000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071880000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1080] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 00000000717e0000
Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [2200](2010-09-29 01:33:40) 0000000000400000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071c10000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071b70000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 0000000071880000
Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [3260] (Microsoft® C Runtime Library/Microsoft Corporation)(2013-07-02 15:36:37) 00000000717e0000
Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [3888] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-09-29 01:33:34) 0000000000400000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2014-08-15 18:46:08) 0000000003fd0000
Library c:\users\paullo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pjzj_.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2014-08-18 13:21:25) 0000000004420000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624](2013-08-23 19:01:44) 0000000059350000
Library C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Paul Loomans\AppData\Roaming\Dropbox\bin\Dropbox.exe [7624] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000005fc40000
---- EOF - GMER 2.1 ----
Comment