richard1986
-
Items
11 -
Registratiedatum
-
Laatst bezocht
richard1986's prestaties
-
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Ik heb de pc nu weer helemaal opgeschoond zoals hierboven beschreven. Geweldig dat mijn PC nu weer virus vrij is. Ik laat in de loop van komende week mijn bevindingen weten en als er zich verder geen problemen meer voor doen dan kan dit topic als opgelost worden bestempeld. Alvast hartelijk dank voor de hulp! -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
IK heb het bestand Rirazcpr.job verwijderd en nu heb ik geen last meer van het virus. Het bestand mscdexntr.dll kan ik niet verwijderen omdat dit steeds in gebruik is. Ik probeer het even tot maandag uit en anders markeer ik deze log als opgelost. -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Het is niet mogelijk om de Log op te slaan. Ik heb de scan gerund en de pc opnieuw opgestart. Het virus is er nog steeds. De log file kan ik niet opslaan omdat deze functie lichgrijs is (niet geactiveerd) in het programma van Dr. Web. -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Emisoft logje: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 1-2-2012 9:11:35 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 1-2-2012 9:12:21 c:\program files\Viewpoint\Viewpoint Toolbar Ontdekt: Trace.Directory.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> SearchBar Ontdekt: Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewbar Installer Ontdekt: Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager Ontdekt: Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer Ontdekt: Trace.Registry.Viewpoint Media Toolbar!A2 C:\Documents and Settings\LO\Application Data\Sun\Java\Deployment\cache\6.0\14\889b48e-7f3b1e28/Photo.class Ontdekt: Exploit.Java.CVE!IK C:\Documents and Settings\LO\Bureaublad\TDSkiller\tdsskiller.zip/TDSSKiller.exe Ontdekt: Trojan.Crypt!IK C:\Program Files\Application Updater\ApplicationUpdater.exe Ontdekt: Adware.Win32.Toolbar.Dealio.AMN!A2 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Ontdekt: Adware.Win32.Toolbar.Dealio.AMN!A2 C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Ontdekt: Adware.Win32.Toolbar.Dealio.AMN!A2 Gescand Bestanden: 256702 Sporen: 427393 Cookies: 236 Processen: 54 Gevonden Bestanden: 5 Sporen: 5 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1-3-2012 10:35:04 Scantijd: 1:22:43 C:\Program Files\Application Updater\ApplicationUpdater.exe Verwijderd Adware.Win32.Toolbar.Dealio.AMN!A2 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Verwijderd Adware.Win32.Toolbar.Dealio.AMN!A2 C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Verwijderd Adware.Win32.Toolbar.Dealio.AMN!A2 C:\Documents and Settings\LO\Bureaublad\TDSkiller\tdsskiller.zip/TDSSKiller.exe Verwijderd Trojan.Crypt!IK C:\Documents and Settings\LO\Application Data\Sun\Java\Deployment\cache\6.0\14\889b48e-7f3b1e28/Photo.class Verwijderd Exploit.Java.CVE!IK Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> SearchBar Verwijderd Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewbar Installer Verwijderd Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager Verwijderd Trace.Registry.Viewpoint Media Toolbar!A2 Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer Verwijderd Trace.Registry.Viewpoint Media Toolbar!A2 c:\program files\Viewpoint\Viewpoint Toolbar Verwijderd Trace.Directory.Viewpoint Media Toolbar!A2 Verwijderd Bestanden: 5 Sporen: 5 Cookies: 0 ---------- Post toegevoegd om 10:50 ---------- Vorige post was om 10:41 ---------- Na het doen van deze scan en het verwijderen van de bestanden heb ik de PC opnieuw opgestart. Het resultaat blijft helaas hetzelfde. nog steeds last van het redirect virus. -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
TDSSKILER log: 07:52:01.0496 1236 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 07:52:01.0575 1236 ============================================================ 07:52:01.0575 1236 Current date / time: 2012/03/01 07:52:01.0575 07:52:01.0575 1236 SystemInfo: 07:52:01.0575 1236 07:52:01.0575 1236 OS Version: 5.1.2600 ServicePack: 3.0 07:52:01.0575 1236 Product type: Workstation 07:52:01.0575 1236 ComputerName: GIGABYTE-4B7022 07:52:01.0575 1236 UserName: LO 07:52:01.0575 1236 Windows directory: C:\WINDOWS 07:52:01.0575 1236 System windows directory: C:\WINDOWS 07:52:01.0575 1236 Processor architecture: Intel x86 07:52:01.0575 1236 Number of processors: 2 07:52:01.0575 1236 Page size: 0x1000 07:52:01.0575 1236 Boot type: Normal boot 07:52:01.0575 1236 ============================================================ 07:52:04.0283 1236 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 07:52:04.0283 1236 \Device\Harddisk0\DR0: 07:52:04.0283 1236 MBR used 07:52:04.0283 1236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 07:52:04.0299 1236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5 07:52:04.0440 1236 Initialize success 07:52:04.0440 1236 ============================================================ 07:52:09.0685 0492 ============================================================ 07:52:09.0685 0492 Scan started 07:52:09.0685 0492 Mode: Manual; 07:52:09.0685 0492 ============================================================ 07:52:12.0973 0492 Abiosdsk - ok 07:52:12.0973 0492 abp480n5 - ok 07:52:13.0005 0492 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 07:52:13.0020 0492 ACPI - ok 07:52:13.0036 0492 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 07:52:13.0052 0492 ACPIEC - ok 07:52:13.0083 0492 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS 07:52:13.0099 0492 ADM8511 - ok 07:52:13.0114 0492 adpu160m - ok 07:52:13.0146 0492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 07:52:13.0177 0492 aec - ok 07:52:13.0208 0492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 07:52:13.0208 0492 AFD - ok 07:52:13.0224 0492 Aha154x - ok 07:52:13.0239 0492 aic78u2 - ok 07:52:13.0255 0492 aic78xx - ok 07:52:13.0271 0492 AliIde - ok 07:52:13.0380 0492 altio - ok 07:52:13.0427 0492 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 07:52:13.0615 0492 Ambfilt - ok 07:52:13.0615 0492 amsint - ok 07:52:13.0647 0492 asc - ok 07:52:13.0647 0492 asc3350p - ok 07:52:13.0647 0492 asc3550 - ok 07:52:13.0694 0492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 07:52:13.0709 0492 AsyncMac - ok 07:52:13.0741 0492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 07:52:13.0741 0492 atapi - ok 07:52:13.0741 0492 Atdisk - ok 07:52:13.0897 0492 ati2mtag (c832bf76f003999d2e91e5115583c69e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 07:52:14.0195 0492 ati2mtag - ok 07:52:14.0242 0492 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys 07:52:14.0257 0492 AtiHdmiService - ok 07:52:14.0273 0492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 07:52:14.0304 0492 Atmarpc - ok 07:52:14.0320 0492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 07:52:14.0336 0492 audstub - ok 07:52:14.0351 0492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 07:52:14.0367 0492 Beep - ok 07:52:14.0383 0492 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 07:52:14.0398 0492 BthEnum - ok 07:52:14.0398 0492 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 07:52:14.0398 0492 BthPan - ok 07:52:14.0445 0492 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys 07:52:14.0445 0492 BTHPORT - ok 07:52:14.0461 0492 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 07:52:14.0476 0492 BTHUSB - ok 07:52:14.0555 0492 catchme - ok 07:52:14.0586 0492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 07:52:14.0602 0492 cbidf2k - ok 07:52:14.0649 0492 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 07:52:14.0664 0492 CCDECODE - ok 07:52:14.0664 0492 cd20xrnt - ok 07:52:14.0664 0492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 07:52:14.0680 0492 Cdaudio - ok 07:52:14.0774 0492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 07:52:14.0805 0492 Cdfs - ok 07:52:14.0821 0492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 07:52:14.0852 0492 Cdrom - ok 07:52:14.0852 0492 Changer - ok 07:52:14.0868 0492 CmdIde - ok 07:52:14.0868 0492 Cpqarray - ok 07:52:14.0884 0492 dac2w2k - ok 07:52:14.0884 0492 dac960nt - ok 07:52:14.0899 0492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 07:52:14.0915 0492 Disk - ok 07:52:14.0946 0492 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 07:52:15.0024 0492 dmboot - ok 07:52:15.0024 0492 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 07:52:15.0071 0492 dmio - ok 07:52:15.0087 0492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 07:52:15.0103 0492 dmload - ok 07:52:15.0134 0492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 07:52:15.0165 0492 DMusic - ok 07:52:15.0165 0492 dpti2o - ok 07:52:15.0197 0492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 07:52:15.0212 0492 drmkaud - ok 07:52:15.0275 0492 esgiguard - ok 07:52:15.0291 0492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 07:52:15.0322 0492 Fastfat - ok 07:52:15.0338 0492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 07:52:15.0353 0492 Fdc - ok 07:52:15.0353 0492 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 07:52:15.0385 0492 Fips - ok 07:52:15.0385 0492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 07:52:15.0400 0492 Flpydisk - ok 07:52:15.0447 0492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 07:52:15.0479 0492 FltMgr - ok 07:52:15.0494 0492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 07:52:15.0510 0492 Fs_Rec - ok 07:52:15.0510 0492 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 07:52:15.0541 0492 Ftdisk - ok 07:52:15.0557 0492 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys 07:52:15.0745 0492 gdrv - ok 07:52:15.0823 0492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 07:52:15.0854 0492 Gpc - ok 07:52:15.0886 0492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 07:52:15.0886 0492 HDAudBus - ok 07:52:15.0917 0492 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 07:52:15.0933 0492 hidusb - ok 07:52:15.0948 0492 hpn - ok 07:52:15.0964 0492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 07:52:15.0980 0492 HTTP - ok 07:52:15.0980 0492 i2omgmt - ok 07:52:15.0980 0492 i2omp - ok 07:52:16.0027 0492 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 07:52:16.0042 0492 i8042prt - ok 07:52:16.0058 0492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 07:52:16.0074 0492 Imapi - ok 07:52:16.0074 0492 ini910u - ok 07:52:16.0199 0492 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys 07:52:16.0230 0492 IntcAzAudAddService - ok 07:52:16.0246 0492 IntelIde - ok 07:52:16.0261 0492 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 07:52:16.0261 0492 intelppm - ok 07:52:16.0277 0492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 07:52:16.0308 0492 Ip6Fw - ok 07:52:16.0340 0492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 07:52:16.0355 0492 IpFilterDriver - ok 07:52:16.0371 0492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 07:52:16.0387 0492 IpInIp - ok 07:52:16.0402 0492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 07:52:16.0402 0492 IpNat - ok 07:52:16.0402 0492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 07:52:16.0465 0492 IPSec - ok 07:52:16.0481 0492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 07:52:16.0481 0492 IRENUM - ok 07:52:16.0512 0492 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 07:52:16.0543 0492 isapnp - ok 07:52:16.0575 0492 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 07:52:16.0590 0492 Kbdclass - ok 07:52:16.0590 0492 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 07:52:16.0606 0492 kbdhid - ok 07:52:16.0637 0492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 07:52:16.0637 0492 kmixer - ok 07:52:16.0653 0492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 07:52:16.0653 0492 KSecDD - ok 07:52:16.0669 0492 lbrtfdc - ok 07:52:16.0700 0492 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 07:52:16.0715 0492 MBAMProtector - ok 07:52:16.0731 0492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 07:52:16.0747 0492 mnmdd - ok 07:52:16.0762 0492 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 07:52:16.0778 0492 Modem - ok 07:52:16.0809 0492 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 07:52:16.0888 0492 Monfilt - ok 07:52:16.0919 0492 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 07:52:16.0935 0492 Mouclass - ok 07:52:16.0950 0492 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 07:52:16.0966 0492 mouhid - ok 07:52:16.0982 0492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 07:52:16.0997 0492 MountMgr - ok 07:52:16.0997 0492 mraid35x - ok 07:52:17.0013 0492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 07:52:17.0044 0492 MRxDAV - ok 07:52:17.0060 0492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 07:52:17.0076 0492 MRxSmb - ok 07:52:17.0076 0492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 07:52:17.0091 0492 Msfs - ok 07:52:17.0107 0492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 07:52:17.0123 0492 MSKSSRV - ok 07:52:17.0138 0492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 07:52:17.0154 0492 MSPCLOCK - ok 07:52:17.0170 0492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 07:52:17.0185 0492 MSPQM - ok 07:52:17.0185 0492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 07:52:17.0185 0492 mssmbios - ok 07:52:17.0217 0492 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 07:52:17.0232 0492 MSTEE - ok 07:52:17.0264 0492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 07:52:17.0264 0492 Mup - ok 07:52:17.0295 0492 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 07:52:17.0342 0492 NABTSFEC - ok 07:52:17.0357 0492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 07:52:17.0389 0492 NDIS - ok 07:52:17.0404 0492 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 07:52:17.0420 0492 NdisIP - ok 07:52:17.0514 0492 Ndiskio (725123f7aebfef717e3f26b25b149d7a) C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS 07:52:17.0530 0492 Ndiskio - ok 07:52:17.0545 0492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 07:52:17.0545 0492 NdisTapi - ok 07:52:17.0545 0492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 07:52:17.0577 0492 Ndisuio - ok 07:52:17.0577 0492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 07:52:17.0624 0492 NdisWan - ok 07:52:17.0655 0492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 07:52:17.0655 0492 NDProxy - ok 07:52:17.0686 0492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 07:52:17.0702 0492 NetBIOS - ok 07:52:17.0733 0492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 07:52:17.0765 0492 NetBT - ok 07:52:17.0796 0492 NGS (490757522cded90e6af55dab943ba828) c:\program files\norman\ngs\bin\ngs.sys 07:52:17.0827 0492 NGS - ok 07:52:17.0827 0492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 07:52:17.0843 0492 Npfs - ok 07:52:17.0890 0492 NPROSEC (cc405124896f8704b76b81bcd84e9427) C:\Program Files\Norman\Ngs\Bin\nprosec.sys 07:52:17.0921 0492 NPROSEC - ok 07:52:17.0937 0492 nregsec (cc0ac51d07884984d04669b496563c95) C:\Program Files\Norman\Ngs\Bin\nregsec.sys 07:52:17.0968 0492 nregsec - ok 07:52:17.0968 0492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 07:52:18.0031 0492 Ntfs - ok 07:52:18.0046 0492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 07:52:18.0062 0492 Null - ok 07:52:18.0078 0492 NvcMFlt (46e8ef8834a1c5f28acd46820bc0555a) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys 07:52:18.0109 0492 NvcMFlt - ok 07:52:18.0125 0492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 07:52:18.0140 0492 NwlnkFlt - ok 07:52:18.0156 0492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 07:52:18.0172 0492 NwlnkFwd - ok 07:52:18.0203 0492 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 07:52:18.0234 0492 Parport - ok 07:52:18.0250 0492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 07:52:18.0250 0492 PartMgr - ok 07:52:18.0266 0492 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 07:52:18.0297 0492 ParVdm - ok 07:52:18.0313 0492 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 07:52:18.0328 0492 PCI - ok 07:52:18.0344 0492 PCIDump - ok 07:52:18.0344 0492 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 07:52:18.0360 0492 PCIIde - ok 07:52:18.0391 0492 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 07:52:18.0422 0492 Pcmcia - ok 07:52:18.0422 0492 PDCOMP - ok 07:52:18.0422 0492 PDFRAME - ok 07:52:18.0438 0492 PDRELI - ok 07:52:18.0438 0492 PDRFRAME - ok 07:52:18.0454 0492 perc2 - ok 07:52:18.0469 0492 perc2hib - ok 07:52:18.0500 0492 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS 07:52:18.0547 0492 PID_0928 - ok 07:52:18.0563 0492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 07:52:18.0610 0492 PptpMiniport - ok 07:52:18.0610 0492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 07:52:18.0657 0492 PSched - ok 07:52:18.0657 0492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 07:52:18.0704 0492 Ptilink - ok 07:52:18.0720 0492 ql1080 - ok 07:52:18.0720 0492 Ql10wnt - ok 07:52:18.0720 0492 ql12160 - ok 07:52:18.0735 0492 ql1240 - ok 07:52:18.0735 0492 ql1280 - ok 07:52:18.0751 0492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 07:52:18.0767 0492 RasAcd - ok 07:52:18.0782 0492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 07:52:18.0814 0492 Rasl2tp - ok 07:52:18.0829 0492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 07:52:18.0861 0492 RasPppoe - ok 07:52:18.0861 0492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 07:52:18.0876 0492 Raspti - ok 07:52:18.0892 0492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 07:52:18.0923 0492 Rdbss - ok 07:52:18.0939 0492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 07:52:18.0955 0492 RDPCDD - ok 07:52:18.0970 0492 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 07:52:19.0017 0492 rdpdr - ok 07:52:19.0048 0492 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 07:52:19.0048 0492 RDPWD - ok 07:52:19.0080 0492 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 07:52:19.0111 0492 redbook - ok 07:52:19.0142 0492 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 07:52:19.0174 0492 RFCOMM - ok 07:52:19.0221 0492 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 07:52:19.0252 0492 RTL8023xp - ok 07:52:19.0283 0492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 07:52:19.0315 0492 Secdrv - ok 07:52:19.0315 0492 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 07:52:19.0330 0492 serenum - ok 07:52:19.0346 0492 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 07:52:19.0362 0492 Serial - ok 07:52:19.0393 0492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 07:52:19.0409 0492 Sfloppy - ok 07:52:19.0424 0492 Simbad - ok 07:52:19.0456 0492 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 07:52:19.0471 0492 SLIP - ok 07:52:19.0471 0492 Sparrow - ok 07:52:19.0503 0492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 07:52:19.0518 0492 splitter - ok 07:52:19.0565 0492 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 07:52:19.0581 0492 sr - ok 07:52:19.0597 0492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 07:52:19.0612 0492 Srv - ok 07:52:19.0612 0492 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 07:52:19.0643 0492 streamip - ok 07:52:19.0675 0492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 07:52:19.0675 0492 swenum - ok 07:52:19.0706 0492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 07:52:19.0722 0492 swmidi - ok 07:52:19.0737 0492 symc810 - ok 07:52:19.0737 0492 symc8xx - ok 07:52:19.0753 0492 sym_hi - ok 07:52:19.0753 0492 sym_u3 - ok 07:52:19.0784 0492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 07:52:19.0800 0492 sysaudio - ok 07:52:19.0831 0492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 07:52:19.0831 0492 Tcpip - ok 07:52:19.0863 0492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 07:52:19.0878 0492 TDPIPE - ok 07:52:19.0894 0492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 07:52:19.0910 0492 TDTCP - ok 07:52:19.0957 0492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 07:52:19.0972 0492 TermDD - ok 07:52:19.0988 0492 TosIde - ok 07:52:20.0004 0492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 07:52:20.0019 0492 Udfs - ok 07:52:20.0035 0492 ultra - ok 07:52:20.0051 0492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 07:52:20.0082 0492 Update - ok 07:52:20.0113 0492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 07:52:20.0129 0492 usbehci - ok 07:52:20.0160 0492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 07:52:20.0192 0492 usbhub - ok 07:52:20.0223 0492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 07:52:20.0238 0492 USBSTOR - ok 07:52:20.0270 0492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 07:52:20.0285 0492 usbuhci - ok 07:52:20.0301 0492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 07:52:20.0317 0492 VgaSave - ok 07:52:20.0317 0492 ViaIde - ok 07:52:20.0332 0492 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 07:52:20.0348 0492 VolSnap - ok 07:52:20.0379 0492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 07:52:20.0395 0492 Wanarp - ok 07:52:20.0395 0492 WDICA - ok 07:52:20.0442 0492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 07:52:20.0458 0492 wdmaud - ok 07:52:20.0536 0492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 07:52:20.0536 0492 WS2IFSL - ok 07:52:20.0567 0492 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 07:52:20.0599 0492 WSTCODEC - ok 07:52:20.0614 0492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 07:52:20.0646 0492 WudfPf - ok 07:52:20.0661 0492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 07:52:20.0708 0492 WudfRd - ok 07:52:20.0740 0492 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 07:52:20.0880 0492 \Device\Harddisk0\DR0 - ok 07:52:20.0880 0492 Boot (0x1200) (c09e2ebd0a140d3d67fc83fded896321) \Device\Harddisk0\DR0\Partition0 07:52:20.0880 0492 \Device\Harddisk0\DR0\Partition0 - ok 07:52:20.0896 0492 Boot (0x1200) (2b0ddb0943b4c2b070200c9c74c973a7) \Device\Harddisk0\DR0\Partition1 07:52:20.0896 0492 \Device\Harddisk0\DR0\Partition1 - ok 07:52:20.0896 0492 ============================================================ 07:52:20.0896 0492 Scan finished 07:52:20.0896 0492 ============================================================ 07:52:20.0912 2576 Detected object count: 0 07:52:20.0912 2576 Actual detected object count: 0 -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Logbestand combofix: ComboFix 12-02-27.02 - LO 28-02-2012 16:03:35.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3326.1938 [GMT 1:00] Gestart vanuit: c:\documents and settings\LO\Bureaublad\ComboFix.exe AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))) . . 2012-02-22 14:15 . 2012-02-22 14:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-22 11:35 . 2012-02-23 08:28 -------- d-----w- C:\sh4ldr . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-12 17:20 . 2008-04-14 20:05 1860096 ----a-w- c:\windows\system32\win32k.sys 2011-12-17 19:42 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:42 . 2008-04-14 20:32 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2008-04-14 20:32 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-16 12:23 . 2008-04-14 20:05 385024 ------w- c:\windows\system32\html.iec . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-07-06 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"= "c:\\Program Files\\Altium\\AD 10\\DXP.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [9-2-2012 10:44 26744] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [9-2-2012 10:44 74144] R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [7-2-2012 11:54 68136] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-2-2012 7:53 652360] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [9-2-2012 10:45 22880] R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [9-2-2012 10:44 223000] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [9-2-2012 10:44 90144] R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [9-2-2012 10:44 40384] R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [9-2-2012 10:45 100336] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [28-2-2012 11:01 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-2-2012 7:53 20464] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [9-2-2012 10:45 288072] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [9-2-2012 10:44 24176] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\Nvcoas.exe [9-2-2012 10:44 198168] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [9-2-2012 10:45 99312] S2 altio;altio;\??\c:\program files\Altium\AD 10\System\Drivers\altio.sys --> c:\program files\Altium\AD 10\System\Drivers\altio.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31-1-2012 15:09 158856] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7-2-2012 11:21 20160] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7-2-2012 11:38 1691480] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14-4-2008 21:33 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - VIEWPOINT_MANAGER_SERVICE *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2012-02-23 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . 2012-02-28 c:\windows\Tasks\Rirazcpr.job - c:\windows\system32\mscdexntr.dll [2012-02-22 06:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.4 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-DriverCD - E:\Run.exe SafeBoot-00059644.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-28 16:08 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(796) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2316) c:\program files\Norman\nvc\bin\Niphk.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-02-28 16:10:55 ComboFix-quarantined-files.txt 2012-02-28 15:10 . Pre-Run: 77.897.809.920 bytes beschikbaar Post-Run: 78.960.697.344 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 0D262EB61A97C1184015B17A40B7603B -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Het geval is nu dat ik wel nog wordt doorverwezen naar de verkeerde sites maar nu blokkeerd het programma malwarebytes deze sites en worden dus niet meer geopend. Google verwijst me echter nog steeds door naar de verkeerde sites. -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Het virus is helaas nog steeds niet van mijn PC af. Ik werd net weer verkeerd doorgelinkt door google. -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Dit is de malware log: Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.02.28.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 LO :: GIGABYTE-4B7022 [administrator] Realtime bescherming: Uitgeschakeld 28-2-2012 7:54:16 mbam-log-2012-02-28 (07-54-16).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 190698 Verstreken tijd: 6 minuut/minuten, 51 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) en dit is de Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:04:40, on 28-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Norman\Npm\Bin\ZLH.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Altium\AD 10\DXP.EXE C:\PROGRAM FILES\ALTIUM\AD 10\AltiumMS.exe C:\PROGRAM FILES\ALTIUM\AD 10\System\Installation\AltiumDownloadManager.exe C:\PROGRAM FILES\ALTIUM\AD 10\AltiumMS.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\LO\Bureaublad\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DriverCD] E:\Run.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vestamatic.local O17 - HKLM\Software\..\Telephony: DomainName = Vestamatic.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vestamatic.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vestamatic.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 8821 bytes -
redirect virus
richard1986 reageerde op richard1986's topic in Archief Bestrijding malware & virussen
Bedankt voor de snelle reactie, hier is mijn logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:19:01, on 28-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Norman\Npm\Bin\ZLH.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\LO\Bureaublad\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.0\pdfforgeToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.0\pdfforgeToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.0\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DriverCD] E:\Run.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vestamatic.local O17 - HKLM\Software\..\Telephony: DomainName = Vestamatic.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vestamatic.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vestamatic.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 9303 bytes -
Ik heb sinds kort een redirect virus op mijn PC. Als ik in google iets wil opzoeken dan verschijnen er talloze links die me verwijzen naar sites verwant aan mijn onderwerp. Tot dusver geen probleem dus. Als ik dan echter op een link klik dan word ik naar de verkeerde site doorgelinkt. Meestal zijn dit reclame sites of sites waarop ze software aanbieden. Ik word dus niet naar de site doorgelinkt waarop ik klik. Dit probleem doet zich voor met internet explorer maar ook met google grome. Verder heb ik geen internet browsers geiinstalleerd die ik testen kan. Ik heb al verschillende anti virus/malware programma's mijn pc laten scannen zoals: Antispyware - Norman - malwarebytes en nog een paar andere. Deze programma's vinden echter geen enkel geiinfecteerde of gevaarlijke bestanden. Zelfs is mijn pc al eens opnieuw geiinstalleerd maar na dagen werkte de links in google weer niet en werd ik weer doorgelinkt naar de verkeerde sites. wat kan ik doen om dit hardnekkige virus te verwijderen?
