Internet verbinding

city bags

29-02-2012 16:18

Beste Prikkers ik kom vanaf het hardware prikbord met de vraag waarom mijn verbinding met het internet het niet doet.
Zowel draadloos als met kabel doet hij niets. Ikzelf heb vermoeden dat de instellingen zijn gewijzigd nadat ik met Combofix en tdsskiller een automatische redirecting naar abnow heb geprobeert te herstellen.
Omdat ik het niet voor elkaar kreeg heb ik wat printscreens gemaakt van Hijackthis. (for some reason your system denied write acces to the host file. If any Hijacked domains are in this file, Hijack this may NOT be able to fix this.)
Dit zijn de fotos
http://www.citybags.es/deel1.jpg
http://www.citybags.es/deel2.jpg
http://www.citybags.es/deel3.jpg
http://www.citybags.es/deel4.jpg
http://www.citybags.es/deel5.jpg
http://www.citybags.es/deel6.jpg
http://www.citybags.es/deel7.jpg
http://www.citybags.es/deel8.jpg
http://www.citybags.es/deel9.jpg
Hier het malwarebytes logje
Malwarebytes' Anti-Malware 1.43
Versión de la Base de Datos: 3458
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29/02/2012 16:06:29
mbam-log-2012-02-29 (16-06-29).txt
Tipo de examen : Examen Rápido
Objetos examinados: 97503
Tiempo transcurrido: 7 minute(s), 21 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
(No se han detectado elementos maliciosos)
Kortom vertaald naar simpel NL “niets gevonden”
Met vriendelijke groeten,
Nico
Ben

29-02-2012 16:33

Hallo Nico,
Ikzelf heb vermoeden dat de instellingen zijn gewijzigd nadat ik met Combofix en tdsskiller een automatische redirecting naar abnow heb geprobeert te herstellen.
Heb je dit uit eigen beweging gedaan. http://antivirus.startpagina.nl/prikbord/15114177/draai-combofix-nooit-op-eigen-initiatief!!#msg-15114177
Ik hoop dat je niks verkeerds heb verwijderd
Start HijackThis;
Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren “Rechtermuisknop uitvoeren als”,
indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit via:
(C:\Program Files\Trend Micro\HiJackThis) klik met rechtermuisknop op HijackThis icoontje en kies voor uitvoeren als admin.
Klik ofwel op “Do a systemscan and save a logfile”, ofwel eerst op “Scan” en dan op “Savelog”.
Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd.
Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.
Plaats hierna een nieuw HijackThis logje.
En plaats ook de logjes van:
Combofix
TDSS
Gr.Ben
Antivirusprikbord
fazantje

29-02-2012 16:42

Hoi Nico,
Laat nooit zomaar programma's draaien waarvan je niet weet wat er gebeurt, lees:
http://antivirus.startpagina.nl/prikbord/15114177/draai-combofix-nooit-op-eigen-initiatief!!#msg-15114177
Verder graag de nederlandse versies van HijackThis en MBAM uitvoeren en die logjes hier plaatsen.
De melding die je van HijackThis kreeg is dat je niet als administrator hebt uit gevoerd.
Doe het volgende voor HijackThis:
Ga naar jou C schijf, dan naar program files, dan naar Trend Micro, klik daar op HijachThis en dan met de rechter muisknop klik je op het rode hijackthis exe en kies “Als administrator uitvoeren”
Klik nu op “scan”. Als de scan klaar is klik je op “save log”.
Je logje word nu opgeslagen in de hierboven genoemde map, en wordt ook direct getoond.
Dit logje kopiëren en hier plakken.
Succes,
Huib;)
city bags

29-02-2012 17:40

Kaspersky TDSSKiller geeft geen log file maar dit is wat er staat bij scan results:
Infected:DfsC (Virus.Win32.ZAccess.c)
Suspicious: sptd ( LockedFile.Multi.Generic)
Copied to quaratine: C:\Windows\system32\Drivers\dfsc.sys
Will be cured after reboot: C:\Windows\system32\Drivers\dfsc.sys
Skipped by user: sptd (LockedFile.Multi.Generic)
Combofix:
Combo fix zegt alleen he volgende: Cobofix has detected the following realtime scanner to be active
AVG Antivirus free edition.
Als je dan op acept drukt dan krijg je de volgende waarschuwing:
The above real time scanner are still active but Combofix shall continue to run. Kindly note that this is at your own risk.
Vervolgens komt er een blauw ms dos scherm met als titel Administrator
en dan een nieuwe waarschuwing:
Current date is 29-02-2012 combofix has expired.
Click yes to run in reduced funcionality mode or click no to exit
Yes geclicked en en dan verdwijne alle vensters van het scherm
Hier het nieuwe logje van hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:49, on 29/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: “C:\Program Files\Orange\Internet Everywhere\SessionManager\SessionManager.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICIO LOCAL’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘SERVICIO LOCAL’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘Servicio de red’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘Servicio de red’)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra ‘Tools’ menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Hamachi (acdservice) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spsmqvsm (ATIVTUTW) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Dmusic (avgfwsrv) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Idebusdr (cfosspeeds) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ipssvc (CVirtA) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Lexbces (eectrl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Iaimfp0 (enxpsvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: YahooAUService (ESDCR) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FreshIO (FTDIBUS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wlancfg (kbstuff) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: OVT511Plus (lvpr2mon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Zunenetworksvc (lxcr_device) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Vpnva (mediaviewer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: KR3NPXP (mnmdd) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Hsxhwazl (nisvcloc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Sit_mdm (NVXBAR) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Icm10blk (oracleorahome92pagingserver) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ati2mtaa (OVT511Plus) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Siside (paamsrv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Si3114r5 (patrolagent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SE2Emdm (pctfw1) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Avgascln (pelusblf) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MA_CMIDI (pnkbstrk) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Hprfdev (procexp90) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DgiVecp (regmon701) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Tsp (se59mdfl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: Asc (spcflt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wampapache (srescan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: Inetaccs (U81xobex) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: P17 (Usb20Scan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Rbfilter (w800mdfl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Axsnmsvc (w800mdm) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Usnsvc (winproxy) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wscsvc (xfactorae1) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AdobeActiveFileMonitor6.0 (zntport) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: K750mdm (ZTEusbnmea) - Unknown owner - C:\Windows\system32\svchost.exe
–
End of file - 25926 bytes
Met vriendelijke groeten,
Nico
Ben

29-02-2012 19:13

Hallo Nico,
Jij schrijft:
Ikzelf heb vermoeden dat de instellingen zijn gewijzigd nadat ik met Combofix en tdsskiller een automatische redirecting naar abnow heb geprobeert te herstellen.
Dus je heb Combo en TDSS al gebruikt ?
Daar wil ik de logjes van zien:
te vinden als:
C:\ComboFix.txt
C:\TDSSKiller.___log.txt
Ik vraag dus niet of je Combo of TDSS opnieuw gebruik !
Update je Mbam en scan daar op nieuw mee (een nieuwe versie via usb stick)
Plaats daarna:
Het oude ComboFix.txt
TDSS logje
nieuw Mbam logje
nieuw HijackThis logje
Gr.Ben
Antivirusprikbord
city bags

29-02-2012 20:04

Beste Ben,
Hier Hijack this logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:51:09, on 29/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: “C:\Program Files\Orange\Internet Everywhere\SessionManager\SessionManager.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICIO LOCAL’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘SERVICIO LOCAL’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘Servicio de red’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘Servicio de red’)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra ‘Tools’ menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Hamachi (acdservice) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spsmqvsm (ATIVTUTW) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Dmusic (avgfwsrv) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Idebusdr (cfosspeeds) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ipssvc (CVirtA) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Lexbces (eectrl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Iaimfp0 (enxpsvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: YahooAUService (ESDCR) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FreshIO (FTDIBUS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wlancfg (kbstuff) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: OVT511Plus (lvpr2mon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Zunenetworksvc (lxcr_device) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Vpnva (mediaviewer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: KR3NPXP (mnmdd) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Hsxhwazl (nisvcloc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Sit_mdm (NVXBAR) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Icm10blk (oracleorahome92pagingserver) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ati2mtaa (OVT511Plus) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Siside (paamsrv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Si3114r5 (patrolagent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SE2Emdm (pctfw1) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Avgascln (pelusblf) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MA_CMIDI (pnkbstrk) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Hprfdev (procexp90) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DgiVecp (regmon701) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Tsp (se59mdfl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: Asc (spcflt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wampapache (srescan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: Inetaccs (U81xobex) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: P17 (Usb20Scan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Rbfilter (w800mdfl) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Axsnmsvc (w800mdm) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Usnsvc (winproxy) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wscsvc (xfactorae1) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AdobeActiveFileMonitor6.0 (zntport) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: K750mdm (ZTEusbnmea) - Unknown owner - C:\Windows\system32\svchost.exe
–
End of file - 25848 bytes
Het Mbam logje
Malwarebytes Anti-Malware (Versión de Prueba) 1.60.1.1000
www.malwarebytes.org
Versión de la Base de Datos: v2012.01.13.04
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
nico :: NICO-HP
Protección: Personas de movilidad reducida
29/02/2012 19:39:52
mbam-log-2012-02-29 (19-39-52).txt
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 166600
Tiempo transcurrido: 8 minuto(s), 11 segundo(s)
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
fin)
Volgt nog een deel
city bags

29-02-2012 20:05

En het TDSSkiller logje
17:17:27.0152 3164 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
17:17:27.0184 3164 ============================================================
17:17:27.0184 3164 Current date / time: 2012/02/29 17:17:27.0184
17:17:27.0184 3164 SystemInfo:
17:17:27.0184 3164
17:17:27.0184 3164 OS Version: 6.1.7600 ServicePack: 0.0
17:17:27.0184 3164 Product type: Workstation
17:17:27.0199 3164 ComputerName: NICO-HP
17:17:27.0199 3164 UserName: nico
17:17:27.0199 3164 Windows directory: C:\Windows
17:17:27.0199 3164 System windows directory: C:\Windows
17:17:27.0199 3164 Processor architecture: Intel x86
17:17:27.0199 3164 Number of processors: 2
17:17:27.0199 3164 Page size: 0x1000
17:17:27.0199 3164 Boot type: Normal boot
17:17:27.0199 3164 ============================================================
17:17:30.0132 3164 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050
17:17:30.0132 3164 Drive \Device\Harddisk1\DR1 - Size: 0x7753F7E00 (29.83 Gb), SectorSize: 0x200, Cylinders: 0xF36, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘W’
17:17:30.0148 3164 \Device\Harddisk0\DR0:
17:17:30.0148 3164 MBR used
17:17:30.0148 3164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:17:30.0148 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0xB468ED9
17:17:30.0148 3164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB4CCED9, BlocksNum 0xFB0BD82
17:17:30.0163 3164 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1AFDB840, BlocksNum 0x21B5FC0
17:17:30.0179 3164 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D19183F, BlocksNum 0x33931
17:17:30.0179 3164 \Device\Harddisk1\DR1:
17:17:30.0179 3164 MBR used
17:17:30.0194 3164 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3E, BlocksNum 0x3BA4CB7
17:17:30.0304 3164 Initialize success
17:17:30.0304 3164 ============================================================
17:17:33.0814 2428 ============================================================
17:17:33.0814 2428 Scan started
17:17:33.0814 2428 Mode: Manual;
17:17:33.0814 2428 ============================================================
17:17:35.0015 2428 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
17:17:35.0015 2428 1394ohci - ok
17:17:35.0108 2428 24459251 - ok
17:17:35.0218 2428 58157140 - ok
17:17:35.0405 2428 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
17:17:35.0405 2428 ACPI - ok
17:17:35.0530 2428 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
17:17:35.0530 2428 AcpiPmi - ok
17:17:35.0670 2428 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:35.0701 2428 adp94xx - ok
17:17:35.0826 2428 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:17:35.0842 2428 adpahci - ok
17:17:35.0966 2428 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:17:35.0966 2428 adpu320 - ok
17:17:36.0107 2428 AFD - ok
17:17:36.0232 2428 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
17:17:36.0232 2428 agp440 - ok
17:17:36.0356 2428 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:17:36.0372 2428 aic78xx - ok
17:17:36.0512 2428 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
17:17:36.0528 2428 aliide - ok
17:17:36.0637 2428 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
17:17:36.0637 2428 amdagp - ok
17:17:36.0762 2428 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
17:17:36.0762 2428 amdide - ok
17:17:36.0887 2428 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:17:36.0887 2428 AmdK8 - ok
17:17:37.0012 2428 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:17:37.0027 2428 AmdPPM - ok
17:17:37.0152 2428 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\DRIVERS\amdsata.sys
17:17:37.0152 2428 amdsata - ok
17:17:37.0324 2428 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:37.0324 2428 amdsbs - ok
17:17:37.0448 2428 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
17:17:37.0448 2428 amdxata - ok
17:17:37.0573 2428 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
17:17:37.0573 2428 AppID - ok
17:17:37.0745 2428 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:17:37.0745 2428 arc - ok
17:17:37.0854 2428 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:17:37.0854 2428 arcsas - ok
17:17:37.0979 2428 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:37.0979 2428 AsyncMac - ok
17:17:38.0119 2428 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
17:17:38.0119 2428 atapi - ok
17:17:38.0353 2428 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:17:38.0369 2428 b06bdrv - ok
17:17:38.0525 2428 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:17:38.0540 2428 b57nd60x - ok
17:17:38.0774 2428 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:17:38.0806 2428 BCM43XX - ok
17:17:38.0962 2428 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:17:38.0962 2428 Beep - ok
17:17:39.0118 2428 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:39.0118 2428 blbdrive - ok
17:17:39.0289 2428 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
17:17:39.0289 2428 bowser - ok
17:17:39.0414 2428 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:39.0414 2428 BrFiltLo - ok
17:17:39.0539 2428 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:39.0539 2428 BrFiltUp - ok
17:17:39.0695 2428 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:17:39.0695 2428 Brserid - ok
17:17:39.0835 2428 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:39.0835 2428 BrSerWdm - ok
17:17:39.0960 2428 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:39.0960 2428 BrUsbMdm - ok
17:17:40.0085 2428 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:40.0085 2428 BrUsbSer - ok
17:17:40.0210 2428 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:40.0210 2428 BTHMODEM - ok
17:17:40.0397 2428 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:17:40.0397 2428 cdfs - ok
17:17:40.0522 2428 cdrom - ok
17:17:40.0709 2428 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:17:40.0709 2428 circlass - ok
17:17:40.0834 2428 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:17:40.0849 2428 CLFS - ok
17:17:41.0021 2428 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:41.0021 2428 CmBatt - ok
17:17:41.0146 2428 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
17:17:41.0146 2428 cmdide - ok
17:17:41.0317 2428 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:17:41.0317 2428 CNG - ok
17:17:41.0520 2428 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:17:41.0520 2428 Compbatt - ok
17:17:41.0707 2428 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:17:41.0707 2428 CompositeBus - ok
17:17:41.0894 2428 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:41.0894 2428 crcdisk - ok
17:17:42.0066 2428 DfsC (c80f4b4dbdccee214ed47039e2e4ca55) C:\Windows\system32\Drivers\dfsc.sys
17:17:42.0066 2428 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: c80f4b4dbdccee214ed47039e2e4ca55, Fake md5: 83d1ecea8faae75604c0fa49ac7ad996
17:17:42.0082 2428 DfsC ( Virus.Win32.ZAccess.c ) - infected
17:17:42.0082 2428 DfsC - detected Virus.Win32.ZAccess.c (0)
17:17:42.0206 2428 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:17:42.0206 2428 discache - ok
17:17:42.0347 2428 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:17:42.0362 2428 Disk - ok
17:17:42.0518 2428 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:17:42.0534 2428 drmkaud - ok
17:17:42.0674 2428 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys
17:17:42.0690 2428 DVMIO - ok
17:17:42.0862 2428 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:42.0877 2428 DXGKrnl - ok
17:17:43.0142 2428 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:17:43.0236 2428 ebdrv - ok
17:17:43.0423 2428 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:17:43.0439 2428 elxstor - ok
17:17:43.0532 2428 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
17:17:43.0548 2428 ErrDev - ok
17:17:43.0673 2428 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:17:43.0673 2428 exfat - ok
17:17:43.0782 2428 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:17:43.0782 2428 fastfat - ok
17:17:43.0922 2428 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:17:43.0922 2428 fdc - ok
17:17:44.0063 2428 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:17:44.0078 2428 FileInfo - ok
17:17:44.0203 2428 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:17:44.0203 2428 Filetrace - ok
17:17:44.0344 2428 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:44.0344 2428 flpydisk - ok
17:17:44.0468 2428 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:17:44.0468 2428 FltMgr - ok
17:17:44.0624 2428 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:17:44.0624 2428 FsDepends - ok
17:17:44.0734 2428 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:44.0749 2428 Fs_Rec - ok
17:17:44.0890 2428 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
17:17:44.0890 2428 fvevol - ok
17:17:45.0014 2428 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:17:45.0030 2428 gagp30kx - ok
17:17:45.0108 2428 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:17:45.0108 2428 hcw85cir - ok
17:17:45.0248 2428 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
17:17:45.0264 2428 HdAudAddService - ok
17:17:45.0373 2428 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:45.0389 2428 HDAudBus - ok
17:17:45.0498 2428 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:17:45.0498 2428 HidBatt - ok
17:17:45.0576 2428 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:17:45.0592 2428 HidBth - ok
17:17:45.0670 2428 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:17:45.0670 2428 HidIr - ok
17:17:45.0841 2428 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:45.0841 2428 HidUsb - ok
17:17:46.0075 2428 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:17:46.0075 2428 HpSAMD - ok
17:17:46.0262 2428 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
17:17:46.0278 2428 HTTP - ok
17:17:46.0434 2428 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:17:46.0450 2428 hwdatacard - ok
17:17:46.0574 2428 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
17:17:46.0574 2428 hwpolicy - ok
17:17:46.0730 2428 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
17:17:46.0730 2428 hwusbfake - ok
17:17:46.0886 2428 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:46.0886 2428 i8042prt - ok
17:17:47.0058 2428 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
17:17:47.0074 2428 iaStor - ok
17:17:47.0230 2428 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\DRIVERS\iaStorV.sys
17:17:47.0245 2428 iaStorV - ok
17:17:47.0557 2428 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:17:47.0682 2428 igfx - ok
17:17:47.0838 2428 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:17:47.0838 2428 iirsp - ok
17:17:47.0978 2428 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
17:17:47.0978 2428 intelide - ok
17:17:48.0088 2428 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:48.0103 2428 intelppm - ok
17:17:48.0197 2428 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:48.0212 2428 IpFilterDriver - ok
17:17:48.0337 2428 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:17:48.0337 2428 IPMIDRV - ok
17:17:48.0478 2428 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:17:48.0478 2428 IPNAT - ok
17:17:48.0618 2428 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:17:48.0618 2428 IRENUM - ok
17:17:48.0758 2428 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
17:17:48.0758 2428 isapnp - ok
17:17:48.0899 2428 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
17:17:48.0899 2428 iScsiPrt - ok
17:17:49.0070 2428 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:49.0070 2428 kbdclass - ok
17:17:49.0226 2428 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
17:17:49.0242 2428 kbdhid - ok
17:17:49.0429 2428 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
17:17:49.0429 2428 KSecDD - ok
17:17:49.0585 2428 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
17:17:49.0585 2428 KSecPkg - ok
17:17:49.0757 2428 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:49.0757 2428 lltdio - ok
17:17:49.0928 2428 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:49.0928 2428 LSI_FC - ok
17:17:50.0069 2428 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:50.0069 2428 LSI_SAS - ok
17:17:50.0209 2428 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:50.0209 2428 LSI_SAS2 - ok
17:17:50.0350 2428 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:50.0365 2428 LSI_SCSI - ok
17:17:50.0474 2428 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:17:50.0474 2428 luafv - ok
17:17:50.0646 2428 MBAMProtector (1b051be823df7f37e1eb653a5eb93d93) C:\Windows\system32\drivers\mbam.sys
17:17:50.0646 2428 MBAMProtector - ok
17:17:50.0833 2428 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:17:50.0833 2428 megasas - ok
17:17:50.0974 2428 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:17:50.0989 2428 MegaSR - ok
17:17:51.0145 2428 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:17:51.0161 2428 Modem - ok
17:17:51.0286 2428 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:17:51.0286 2428 monitor - ok
17:17:51.0457 2428 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:51.0457 2428 mouclass - ok
17:17:51.0660 2428 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:51.0660 2428 mouhid - ok
17:17:51.0878 2428 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
17:17:51.0878 2428 mountmgr - ok
17:17:52.0019 2428 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
17:17:52.0034 2428 mpio - ok
17:17:52.0206 2428 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:17:52.0222 2428 mpsdrv - ok
17:17:52.0393 2428 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
17:17:52.0393 2428 MRxDAV - ok
17:17:52.0565 2428 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:52.0580 2428 mrxsmb - ok
17:17:52.0736 2428 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:52.0752 2428 mrxsmb10 - ok
17:17:52.0924 2428 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:52.0924 2428 mrxsmb20 - ok
17:17:53.0033 2428 msahci (5d9e758baefb5a4f3639e755c66625aa) C:\Windows\system32\DRIVERS\msahci.sys
17:17:53.0048 2428 msahci - ok
17:17:53.0158 2428 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
17:17:53.0158 2428 msdsm - ok
17:17:53.0360 2428 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:17:53.0360 2428 Msfs - ok
17:17:53.0407 2428 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:17:53.0423 2428 mshidkmdf - ok
17:17:53.0563 2428 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
17:17:53.0563 2428 msisadrv - ok
17:17:53.0750 2428 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:53.0766 2428 MSKSSRV - ok
17:17:53.0906 2428 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:53.0906 2428 MSPCLOCK - ok
17:17:54.0078 2428 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:17:54.0078 2428 MSPQM - ok
17:17:54.0156 2428 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:17:54.0172 2428 MsRPC - ok
17:17:54.0250 2428 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:54.0250 2428 mssmbios - ok
17:17:54.0312 2428 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:17:54.0312 2428 MSTEE - ok
17:17:54.0359 2428 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:17:54.0359 2428 MTConfig - ok
17:17:54.0421 2428 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:17:54.0421 2428 Mup - ok
17:17:54.0577 2428 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:54.0577 2428 NativeWifiP - ok
17:17:54.0749 2428 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
17:17:54.0780 2428 NDIS - ok
17:17:54.0936 2428 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:54.0936 2428 NdisCap - ok
17:17:55.0076 2428 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:55.0092 2428 NdisTapi - ok
17:17:55.0232 2428 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:55.0248 2428 Ndisuio - ok
17:17:55.0373 2428 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:55.0388 2428 NdisWan - ok
17:17:55.0513 2428 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
17:17:55.0529 2428 NDProxy - ok
17:17:55.0685 2428 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:17:55.0685 2428 NetBIOS - ok
17:17:55.0825 2428 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
17:17:55.0841 2428 NetBT - ok
17:17:56.0153 2428 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
17:17:56.0278 2428 netw5v32 - ok
17:17:56.0434 2428 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:17:56.0434 2428 nfrd960 - ok
17:17:56.0636 2428 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:17:56.0636 2428 Npfs - ok
17:17:56.0808 2428 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:17:56.0808 2428 nsiproxy - ok
17:17:56.0995 2428 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
17:17:57.0042 2428 Ntfs - ok
17:17:57.0198 2428 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:17:57.0198 2428 Null - ok
17:17:57.0370 2428 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\DRIVERS\nvraid.sys
17:17:57.0370 2428 nvraid - ok
17:17:57.0541 2428 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\DRIVERS\nvstor.sys
17:17:57.0541 2428 nvstor - ok
17:17:57.0744 2428 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
17:17:57.0744 2428 nv_agp - ok
17:17:57.0916 2428 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
17:17:57.0931 2428 ohci1394 - ok
17:17:58.0150 2428 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:17:58.0165 2428 Parport - ok
17:17:58.0321 2428 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
17:17:58.0321 2428 partmgr - ok
17:17:58.0493 2428 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:17:58.0493 2428 Parvdm - ok
17:17:58.0696 2428 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
17:17:58.0696 2428 pci - ok
17:17:58.0883 2428 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
17:17:58.0883 2428 pciide - ok
17:17:59.0039 2428 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:17:59.0055 2428 pcmcia - ok
17:17:59.0226 2428 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:17:59.0226 2428 pcw - ok
17:17:59.0398 2428 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:17:59.0429 2428 PEAUTH - ok
17:17:59.0694 2428 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:17:59.0694 2428 PptpMiniport - ok
17:17:59.0850 2428 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:17:59.0866 2428 Processor - ok
17:18:00.0053 2428 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:18:00.0053 2428 Psched - ok
17:18:00.0209 2428 pwdrvio (aab0efaff96126a6169355f487a32242) C:\Windows\system32\pwdrvio.sys
17:18:00.0209 2428 pwdrvio - ok
17:18:00.0381 2428 pwdspio (d74205ced10211cee23c13c230d8511f) C:\Windows\system32\pwdspio.sys
17:18:00.0381 2428 pwdspio - ok
17:18:00.0599 2428 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:18:00.0646 2428 ql2300 - ok
17:18:00.0786 2428 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:18:00.0802 2428 ql40xx - ok
17:18:00.0958 2428 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:18:00.0958 2428 QWAVEdrv - ok
17:18:01.0129 2428 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:18:01.0129 2428 RasAcd - ok
17:18:01.0301 2428 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:01.0301 2428 RasAgileVpn - ok
17:18:01.0488 2428 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:01.0488 2428 Rasl2tp - ok
17:18:01.0675 2428 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:01.0675 2428 RasPppoe - ok
17:18:01.0863 2428 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:18:01.0863 2428 RasSstp - ok
17:18:02.0034 2428 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
17:18:02.0050 2428 rdbss - ok
17:18:02.0206 2428 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:02.0221 2428 rdpbus - ok
17:18:02.0377 2428 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:02.0377 2428 RDPCDD - ok
17:18:02.0533 2428 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:18:02.0533 2428 RDPENCDD - ok
17:18:02.0674 2428 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:18:02.0674 2428 RDPREFMP - ok
17:18:02.0814 2428 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
17:18:02.0814 2428 RDPWD - ok
17:18:02.0986 2428 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
17:18:03.0001 2428 rdyboost - ok
17:18:03.0204 2428 RSPCIESTOR (2ad7b2b3d7a10ae3d534877d543eed74) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:18:03.0204 2428 RSPCIESTOR - ok
17:18:03.0376 2428 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:18:03.0376 2428 rspndr - ok
17:18:03.0532 2428 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:18:03.0547 2428 RTL8167 - ok
17:18:03.0703 2428 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
17:18:03.0719 2428 sbp2port - ok
17:18:03.0875 2428 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
17:18:03.0875 2428 scfilter - ok
17:18:04.0031 2428 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
17:18:04.0047 2428 sdbus - ok
17:18:04.0234 2428 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:18:04.0234 2428 secdrv - ok
17:18:04.0405 2428 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:18:04.0421 2428 Serenum - ok
17:18:04.0561 2428 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:18:04.0561 2428 Serial - ok
17:18:04.0702 2428 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:18:04.0702 2428 sermouse - ok
17:18:04.0905 2428 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:18:04.0905 2428 sffdisk - ok
17:18:05.0076 2428 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:18:05.0076 2428 sffp_mmc - ok
17:18:05.0232 2428 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:18:05.0232 2428 sffp_sd - ok
17:18:05.0404 2428 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:18:05.0404 2428 sfloppy - ok
17:18:05.0607 2428 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
17:18:05.0607 2428 sisagp - ok
17:18:05.0778 2428 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:18:05.0778 2428 SiSRaid2 - ok
17:18:05.0934 2428 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:18:05.0934 2428 SiSRaid4 - ok
17:18:06.0075 2428 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:18:06.0075 2428 Smb - ok
17:18:06.0293 2428 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:18:06.0309 2428 spldr - ok
17:18:06.0527 2428 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:18:06.0527 2428 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:18:06.0527 2428 sptd ( LockedFile.Multi.Generic ) - warning
17:18:06.0527 2428 sptd - detected LockedFile.Multi.Generic (1)
17:18:06.0730 2428 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
17:18:06.0730 2428 srv - ok
17:18:06.0917 2428 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
17:18:06.0933 2428 srv2 - ok
17:18:07.0213 2428 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:18:07.0229 2428 SrvHsfHDA - ok
17:18:07.0557 2428 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:18:07.0603 2428 SrvHsfV92 - ok
17:18:07.0806 2428 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:18:07.0837 2428 SrvHsfWinac - ok
17:18:07.0993 2428 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
17:18:07.0993 2428 srvnet - ok
17:18:08.0165 2428 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:18:08.0165 2428 stexstor - ok
17:18:08.0352 2428 STHDA (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys
17:18:08.0368 2428 STHDA - ok
17:18:08.0539 2428 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
17:18:08.0539 2428 swenum - ok
17:18:08.0883 2428 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
17:18:08.0898 2428 SynTP - ok
17:18:09.0117 2428 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
17:18:09.0163 2428 Tcpip - ok
17:18:09.0351 2428 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
17:18:09.0382 2428 TCPIP6 - ok
17:18:09.0507 2428 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
17:18:09.0522 2428 tcpipreg - ok
17:18:09.0663 2428 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
17:18:09.0663 2428 TDPIPE - ok
17:18:09.0787 2428 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
17:18:09.0787 2428 TDTCP - ok
17:18:09.0912 2428 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
17:18:09.0928 2428 tdx - ok
17:18:10.0068 2428 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
17:18:10.0084 2428 TermDD - ok
17:18:10.0271 2428 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:10.0271 2428 tssecsrv - ok
17:18:10.0427 2428 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
17:18:10.0443 2428 tunnel - ok
17:18:10.0536 2428 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:18:10.0552 2428 uagp35 - ok
17:18:10.0661 2428 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
17:18:10.0677 2428 udfs - ok
17:18:10.0864 2428 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:18:10.0864 2428 uliagpkx - ok
17:18:11.0020 2428 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
17:18:11.0020 2428 umbus - ok
17:18:11.0160 2428 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:18:11.0160 2428 UmPass - ok
17:18:11.0394 2428 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:11.0394 2428 usbccgp - ok
17:18:11.0535 2428 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
17:18:11.0550 2428 usbcir - ok
17:18:11.0675 2428 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
17:18:11.0691 2428 usbehci - ok
17:18:11.0847 2428 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
17:18:11.0862 2428 usbhub - ok
17:18:11.0987 2428 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
17:18:12.0003 2428 usbohci - ok
17:18:12.0174 2428 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:18:12.0174 2428 usbprint - ok
17:18:12.0361 2428 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:18:12.0361 2428 usbscan - ok
17:18:12.0502 2428 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:12.0502 2428 USBSTOR - ok
17:18:12.0627 2428 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:18:12.0642 2428 usbuhci - ok
17:18:12.0845 2428 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
17:18:12.0845 2428 usbvideo - ok
17:18:13.0048 2428 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:18:13.0048 2428 usb_rndisx - ok
17:18:13.0313 2428 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:18:13.0313 2428 vdrvroot - ok
17:18:13.0563 2428 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:13.0578 2428 vga - ok
17:18:13.0719 2428 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:18:13.0719 2428 VgaSave - ok
17:18:13.0875 2428 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
17:18:13.0890 2428 vhdmp - ok
17:18:14.0046 2428 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
17:18:14.0062 2428 viaagp - ok
17:18:14.0218 2428 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:18:14.0233 2428 ViaC7 - ok
17:18:14.0374 2428 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
17:18:14.0374 2428 viaide - ok
17:18:14.0514 2428 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
17:18:14.0514 2428 volmgr - ok
17:18:14.0686 2428 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:18:14.0701 2428 volmgrx - ok
17:18:14.0857 2428 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
17:18:14.0857 2428 volsnap - ok
17:18:15.0045 2428 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:18:15.0045 2428 vsmraid - ok
17:18:15.0216 2428 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:15.0216 2428 vwifibus - ok
17:18:15.0372 2428 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:15.0388 2428 vwififlt - ok
17:18:15.0544 2428 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:18:15.0544 2428 vwifimp - ok
17:18:15.0700 2428 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:18:15.0715 2428 WacomPen - ok
17:18:15.0856 2428 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:15.0871 2428 WANARP - ok
17:18:15.0887 2428 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:18:15.0887 2428 Wanarpv6 - ok
17:18:16.0043 2428 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:18:16.0043 2428 Wd - ok
17:18:16.0168 2428 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:18:16.0183 2428 Wdf01000 - ok
17:18:16.0402 2428 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:16.0402 2428 WfpLwf - ok
17:18:16.0511 2428 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:18:16.0511 2428 WIMMount - ok
17:18:16.0714 2428 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:18:16.0729 2428 WINUSB - ok
17:18:16.0901 2428 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:18:16.0901 2428 WmiAcpi - ok
17:18:17.0119 2428 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:18:17.0135 2428 ws2ifsl - ok
17:18:17.0307 2428 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:18:17.0307 2428 WudfPf - ok
17:18:17.0509 2428 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:17.0525 2428 WUDFRd - ok
17:18:17.0775 2428 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
17:18:17.0790 2428 yukonw7 - ok
17:18:17.0946 2428 MBR (0x1B8) (d2b054a4a7728d0968ee7ad2fec7b57c) \Device\Harddisk0\DR0
17:18:17.0977 2428 \Device\Harddisk0\DR0 - ok
17:18:17.0993 2428 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:18:17.0993 2428 \Device\Harddisk1\DR1 - ok
17:18:18.0024 2428 Boot (0x1200) (d27550ed663f78508ff1f0759e14a0df) \Device\Harddisk0\DR0\Partition0
17:18:18.0040 2428 \Device\Harddisk0\DR0\Partition0 - ok
17:18:18.0055 2428 Boot (0x1200) (d2d639e0dcb6f014ab68ee89552b198d) \Device\Harddisk0\DR0\Partition1
17:18:18.0055 2428 \Device\Harddisk0\DR0\Partition1 - ok
17:18:18.0087 2428 Boot (0x1200) (e30a8c8a7b7b912bb75c6f508adf77ac) \Device\Harddisk0\DR0\Partition2
17:18:18.0087 2428 \Device\Harddisk0\DR0\Partition2 - ok
17:18:18.0118 2428 Boot (0x1200) (a5b199e947b177115534d8b260279350) \Device\Harddisk0\DR0\Partition3
17:18:18.0133 2428 \Device\Harddisk0\DR0\Partition3 - ok
17:18:18.0149 2428 Boot (0x1200) (e7037ea3375c628e6eda292d5755f80c) \Device\Harddisk0\DR0\Partition4
17:18:18.0149 2428 \Device\Harddisk0\DR0\Partition4 - ok
17:18:18.0165 2428 Boot (0x1200) (3034ed53284b1b02f5cee5f18cfd9bbd) \Device\Harddisk1\DR1\Partition0
17:18:18.0165 2428 \Device\Harddisk1\DR1\Partition0 - ok
17:18:18.0165 2428 ============================================================
17:18:18.0165 2428 Scan finished
17:18:18.0165 2428 ============================================================
17:18:18.0461 2164 Detected object count: 2
17:18:18.0461 2164 Actual detected object count: 2
17:18:39.0365 2164 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
17:18:46.0510 2164 Backup copy not found, trying to cure infected file..
17:18:46.0525 2164 Cure success, using it..
17:18:46.0557 2164 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
17:19:10.0674 2164 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
17:19:10.0674 2164 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:19:10.0674 2164 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:28:17.0188 3160 Deinitialize success
Het logje van de combofix staat niet in c:
Met vriendelijke groeten,
Nico
Ben

29-02-2012 20:46

Hallo Nico,
We gaan proberen om te kijken of je nog te redden valt.
Ik zie geen virusscanner meer ?
Doe onderstaande stappen:
1. Download OTC.exe (by OldTimer)
• Plaats het bestand op je bureaublad.
• Zorg dat er een internetverbinding is.
• Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
• Lukt dat niet , doen dan dubbelklikken op het icoon.
• Klik nu op de knop “CleanUp!”
• Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
• OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
2. Download GMER Rootkit Scannerhier of hier.
• Laat de inhoud van het .zip bestand uitpakken op je bureaublad.
• Dubbelklik op GMER.exe.
• Indien je een waarschuwing krijgt over rootkit activiteiten en je gevraagd wordt of je een volledige scan wil doen klik dan op NO.
• In het paneel rechts zal je verschillende items zien die aangevinkt zijn. Zorg ervoor dat de volgende items UITgevinkt zijn:
o IAT/EAT
o Schijven/partities buiten de systeempartitie (meestal C:\)
o Show All
• Klik dan op de knop en wacht tot de scan klaar is.
• Wanneer de scan voltooit is, klik op de knop en geef de log de volgende naam: “ark.txt”
• Sla de log op op een handige plaats, zoals het bureaublad.
**Opgelet**
Deze scan geeft vaak false positives. Verander niets aan een “<— ROOKIT” regel!
=> Kopieer en plak deze log in je volgende bericht !!
3. Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
- Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze elkaar tegen werken.
* ( hier of hier staat een handleiding over hoe je deze kan uitschakelen)
- Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
- Dubbelklik op "Combofix.exe" om de tool te starten.
- Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion.” herstart dan de computer.
- Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
* Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
4. Installeer nu een virusscanner..
Neem een van hier onderstaande gratis scanners:
Avast
Avira (Deze toont wel een popup na een update)
BitDefender
5. Plaats nu de logjes van:
Gmer
Combofix
En een nieuwe van HijackThis
Gr.Ben
Antivirusprikbord
city bags

29-02-2012 22:17

Beste Ben,
Ik OTC.exe uitgevoerd en nu is GMER bezig maar doet al een kwartier helemaal niets zelfs de tijd op de computer staat stil. Opnieuw opstarten of nog even wachten.
Groeten,
Nico
fazantje

29-02-2012 22:30

Hoi Nico,
Dat is niet goed.
Je mag het overnieuw doen, maar je mag ook black light van F-secure laten draaien, zie link:
http://www.f-secure.com/en/web/labs_global/removal/blacklight
Daarna verder gaan met wat Ben je schreef.
Ik persoonlijk vind een herinstal de beste optie, omdat we niet weten wat combo heeft gedaan.
Weet je zeker dat de modem wel goed is, even tussen door:S
Succes,
Huib.

Internet verbinding

city bags

Ben

fazantje

city bags

Ben

city bags

city bags

Ben

city bags

fazantje