Senna

Kape, Petje af hoor voor je deskundigheid! Mijn dank is heel erg groot en ik zal deze site graag doorgeven aan anderen die in de problemen zitten. Ik begon zowaar al langzaam te denken aan format c en dat is dankzij jou gelukkig niet meer nodig. Hopende dat de lui welke zulke onzinnige virussen maken op een goede dag hun verdiende loon zullen krijgen. Nogmaals hartelijk dank!

Hallo Kape, De internet verbinding is weer helemaal als vanouds en draaid weer als een zonnetje! De problemen lijken geheel opgelost voor zover ik kan testen. Bij deze de log: ComboFix 10-09-27.05 - Carlo 28-09-2010 18:20:52.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.511 [GMT 2:00] Gestart vanuit: c:\documents and settings\Carlo.CP360096-A\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Carlo.CP360096-A\Bureaublad\CFScript.txt.txt AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} FILE :: "c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP" "c:\windows\system32\drivers\pgiwbu.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\pgiwbu.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_pgiwbu -------\Service_pgiwbu (((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))) . 2010-09-27 23:09 . 2010-09-28 16:12 -------- d--h--r- c:\documents and settings\Carlo.CP360096-A\Onlangs geopend 2010-09-27 15:59 . 2010-09-27 16:08 -------- d-----w- C:\Lop SD 2010-09-25 18:44 . 2010-09-25 18:44 -------- d-----w- c:\program files\CCleaner 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\documents and settings\Carlo.CP360096-A\Application Data\Malwarebytes 2010-09-25 15:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-25 15:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-25 14:04 . 2010-09-25 14:04 -------- d-----w- C:\sh4ldr 2010-09-25 14:03 . 2010-09-25 14:04 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP 2010-09-25 14:03 . 2010-09-25 14:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-09-25 13:18 . 2010-09-25 13:19 -------- d-----w- C:\Extracted 2010-09-15 21:58 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys 2010-09-15 21:58 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-28 16:35 . 2003-10-05 18:52 68582 ----a-w- c:\windows\system32\perfc013.dat 2010-09-28 16:35 . 2003-10-05 18:52 437992 ----a-w- c:\windows\system32\perfh013.dat 2010-09-27 22:54 . 2010-07-24 22:59 -------- d-----w- c:\program files\Mirror Magic Deluxe 2010-09-25 20:39 . 2005-09-10 15:19 -------- d-----w- c:\program files\Google 2010-09-25 14:04 . 2010-09-25 14:04 110080 ----a-r- c:\documents and settings\Carlo.CP360096-A\Application Data\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe 2010-09-25 14:04 . 2010-09-25 14:04 110080 ----a-r- c:\documents and settings\Carlo.CP360096-A\Application Data\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe 2010-08-20 11:16 . 2004-01-20 16:55 51578 ----a-w- c:\documents and settings\Carlo.CP360096-A\Application Data\wklnhst.dat 2010-08-17 13:17 . 2003-10-05 18:52 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-06 00:16 . 2005-04-09 11:36 -------- d-----w- c:\program files\XoftSpy 2010-07-22 15:46 . 2004-04-15 18:54 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264] "IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRISMSTA.EXE"="PRISMSTA.EXE START" [X] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-21 98304] "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Dit"="Dit.exe" [2002-08-28 73728] "Cmaudio"="cmicnfg.cpl" [2003-09-12 2244608] "CHotkey"="mHotkey.exe" [2003-06-27 506368] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-5-19 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13081:TCP"= 13081:TCP:BitComet 13081 TCP "13081:UDP"= 13081:UDP:BitComet 13081 UDP "26128:TCP"= 26128:TCP:BitComet 26128 TCP "26128:UDP"= 26128:UDP:BitComet 26128 UDP R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9-3-2005 23:23 5248] R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [25-7-2010 12:46 26744] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [25-7-2010 12:46 72392] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 18:29 53248] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [15-1-2010 13:58 22880] R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [25-7-2010 12:46 219904] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [25-7-2010 12:46 103016] R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [25-7-2010 12:46 40384] R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [15-1-2010 13:58 98776] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [17-6-2010 20:55 282624] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [12-6-2003 8:47 24704] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [10-9-2003 13:22 362688] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [15-1-2010 13:58 133272] S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-5-2010 0:06 136176] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 18:27 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 18:41 77824] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [15-1-2010 13:58 21832] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [16-8-2010 20:53 210248] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9-3-2005 23:23 160640] S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 22:06] 2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 22:06] 2010-08-06 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2007-04-26 12:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-28 18:31 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2548) c:\program files\Norman\nvc\bin\Niphk.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Norman\Npm\Bin\Elogsvc.exe c:\program files\Norman\Npm\Bin\Zanda.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PRISMSTA.EXE c:\windows\Dit.exe c:\windows\system32\RunDll32.exe c:\windows\system32\rundll32.exe c:\windows\DitExp.exe c:\program files\IncrediMail\bin\IMApp.exe c:\program files\Norman\Npm\Bin\Njeeves.exe c:\windows\system32\wscntfy.exe c:\program files\Norman\Nvc\Bin\Nip.exe . ************************************************************************** . Voltooingstijd: 2010-09-28 18:39:00 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-28 16:38 ComboFix2.txt 2010-09-27 20:58 ComboFix3.txt 2010-09-25 19:34 Pre-Run: 17.477.828.608 bytes beschikbaar Post-Run: 17.357.647.872 bytes beschikbaar - - End Of File - - 941654ABB76BA1169D73349929C0A372

ComboFix 10-09-27.03 - Carlo 27-09-2010 22:48:13.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.449 [GMT 2:00] Gestart vanuit: c:\documents and settings\Carlo.CP360096-A\Bureaublad\ComboFix.exe AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))) . 2010-09-27 15:59 . 2010-09-27 16:08 -------- d-----w- C:\Lop SD 2010-09-25 19:48 . 2010-09-27 20:41 -------- d--h--r- c:\documents and settings\Carlo.CP360096-A\Onlangs geopend 2010-09-25 18:44 . 2010-09-25 18:44 -------- d-----w- c:\program files\CCleaner 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\documents and settings\Carlo.CP360096-A\Application Data\Malwarebytes 2010-09-25 15:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-25 15:07 . 2010-09-25 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-25 15:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-25 14:04 . 2010-09-25 14:04 110080 ----a-r- c:\documents and settings\Carlo.CP360096-A\Application Data\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe 2010-09-25 14:04 . 2010-09-25 14:04 110080 ----a-r- c:\documents and settings\Carlo.CP360096-A\Application Data\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe 2010-09-25 14:04 . 2010-09-25 14:04 -------- d-----w- C:\sh4ldr 2010-09-25 14:03 . 2010-09-25 14:04 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP 2010-09-25 14:03 . 2010-09-25 14:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-09-25 13:19 . 2010-09-27 20:55 843776 ----a-w- c:\windows\system32\drivers\pgiwbu.sys 2010-09-25 13:18 . 2010-09-25 13:19 -------- d-----w- C:\Extracted 2010-09-15 21:58 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys 2010-09-15 21:58 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-27 16:00 . 2003-10-05 18:52 68582 ----a-w- c:\windows\system32\perfc013.dat 2010-09-27 16:00 . 2003-10-05 18:52 437992 ----a-w- c:\windows\system32\perfh013.dat 2010-09-25 20:39 . 2005-09-10 15:19 -------- d-----w- c:\program files\Google 2010-08-20 11:16 . 2004-01-20 16:55 51578 ----a-w- c:\documents and settings\Carlo.CP360096-A\Application Data\wklnhst.dat 2010-08-17 13:17 . 2003-10-05 18:52 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-06 00:16 . 2005-04-09 11:36 -------- d-----w- c:\program files\XoftSpy 2010-07-30 07:42 . 2010-07-30 07:42 -------- d-----w- c:\documents and settings\Carlo.CP360096-A\Application Data\GrabIt 2010-07-22 15:46 . 2004-04-15 18:54 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-06-30 12:33 . 2003-10-05 18:52 149504 ----a-w- c:\windows\system32\schannel.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-25_19.31.24 ))))))))))))))))))))))))))))))))))))))))) . + 2003-10-05 18:52 . 2010-09-27 16:00 52424 c:\windows\system32\perfc009.dat - 2003-10-05 18:52 . 2010-09-25 19:20 52424 c:\windows\system32\perfc009.dat + 2003-10-05 18:52 . 2010-09-27 16:00 376626 c:\windows\system32\perfh009.dat - 2003-10-05 18:52 . 2010-09-25 19:20 376626 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264] "IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRISMSTA.EXE"="PRISMSTA.EXE START" [X] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-21 98304] "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Dit"="Dit.exe" [2002-08-28 73728] "Cmaudio"="cmicnfg.cpl" [2003-09-12 2244608] "CHotkey"="mHotkey.exe" [2003-06-27 506368] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-5-19 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13081:TCP"= 13081:TCP:BitComet 13081 TCP "13081:UDP"= 13081:UDP:BitComet 13081 UDP "26128:TCP"= 26128:TCP:BitComet 26128 TCP "26128:UDP"= 26128:UDP:BitComet 26128 UDP R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9-3-2005 23:23 5248] R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [25-7-2010 12:46 26744] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [25-7-2010 12:46 72392] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 18:29 53248] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [15-1-2010 13:58 22880] R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [25-7-2010 12:46 219904] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [25-7-2010 12:46 103016] R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [25-7-2010 12:46 40384] R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [15-1-2010 13:58 98776] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [17-6-2010 20:55 282624] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [12-6-2003 8:47 24704] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [10-9-2003 13:22 362688] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [15-1-2010 13:58 133272] S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-5-2010 0:06 136176] S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 18:27 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 18:41 77824] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [15-1-2010 13:58 21832] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [16-8-2010 20:53 210248] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9-3-2005 23:23 160640] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv *Deregistered* - pgiwbu . Inhoud van de 'Gedeelde Taken' map 2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 22:06] 2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 22:06] 2010-08-06 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2007-04-26 12:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-27 22:55 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pgiwbu] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2964) c:\program files\Norman\nvc\bin\Niphk.dll c:\program files\IncrediMail\bin\B4ImApp.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2010-09-27 22:58:44 ComboFix-quarantined-files.txt 2010-09-27 20:58 ComboFix2.txt 2010-09-25 19:34 Pre-Run: 17.457.541.120 bytes beschikbaar Post-Run: 17.447.514.112 bytes beschikbaar - - End Of File - - 1DD43203F09CAAEAE0DA2C481510CBA0 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:01:11, on 27-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Norman\Npm\Bin\ZLH.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe N:\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [iECheck] C:\WINDOWS\IECheck.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138284022484 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://muskebier.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing) O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing) O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8513 bytes

Afgelopen weekend had ik dit virus opeens en heb ik het met behulp van de info op deze site kunnen verwijderen. Althans dat dacht ik want nu heb al enkele dagen geen internet meer op de vaste computer terwijl er wel verbinding is. Popups van het virus komen in elk geval niet meer. Modem en router meer malen gereset maar heeft ook niets geholpen. De laptop met draadloze verbinding krijgt ook geen internet terwijl er wel verbinding is. Haal ik de htp-kabel uit de vaste computer dan werkt de laptop wel gewoon op internet. Probleem ligt dus volgens mij bij de vaste computer waar naar mijn idee toch nog steeds een deel van het virus inzit. Scans met Mbam leveren niets meer op. Windows xp Een hijack log geeft ook niets bijzonders meer aan. Echt een groot probleem en ik hoop dat ik er niet een te grote puinhoop van heb gemaakt. Ik hoop dat u mij verder kan helpen.