Zanda's little helper

acmk · 26 maart 2010

Dit werkte

hier is de log:

ComboFix 10-03-25.06 - Anouk 26-03-2010 10:46:51.1.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1486 [GMT 1:00]

Gestart vanuit: E:\12345.exe

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-02-26 to 2010-03-26 ))))))))))))))))))))))))))))))

.

2010-03-25 14:33 . 2010-03-25 14:33 -------- d-----w- C:\32788R22FWJ¦ƒ

2010-03-25 08:22 . 2010-03-25 08:22 388096 ----a-r- c:\documents and settings\Anouk\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-03-25 08:22 . 2010-03-25 08:22 -------- d-----w- c:\program files\TrendMicro

2010-03-25 05:29 . 2010-03-25 05:29 -------- d-----w- C:\FOUND.001

2010-03-22 08:45 . 2010-03-22 08:45 -------- d-----w- c:\windows\SxsCaPendDel

2010-03-22 07:28 . 2010-03-22 07:28 -------- d-----w- c:\documents and settings\Anouk\Application Data\NVD

2010-03-22 07:28 . 2010-03-22 07:28 -------- d-----w- c:\documents and settings\Anouk\Local Settings\Application Data\NVD

2010-03-22 07:28 . 2010-03-22 07:28 -------- d-----w- c:\documents and settings\Anouk\Local Settings\Application Data\SoftGrid Client

2010-03-22 06:49 . 2010-03-22 06:49 -------- d-----w- c:\documents and settings\Anouk\Application Data\SoftGrid Client

2010-03-22 06:33 . 2010-03-22 06:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client

2010-03-22 06:30 . 2010-03-22 06:30 -------- d-----w- c:\documents and settings\Anouk\Application Data\TP

2010-03-22 06:22 . 2010-03-22 06:22 -------- d-----w- c:\documents and settings\Anouk\Local Settings\Application Data\Microsoft Help

2010-03-22 06:22 . 2010-03-22 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-22 05:50 . 2010-03-22 05:51 -------- d-----w- c:\documents and settings\Anouk\Application Data\GetRightToGo

2010-03-22 05:40 . 2010-03-22 05:40 -------- d-----w- c:\windows\system32\Office Genuine Sys 32

2010-03-11 18:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-10 20:08 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-08 07:59 . 2010-03-08 07:59 -------- d--h--r- c:\documents and settings\Anouk\Onlangs geopend

2010-03-08 07:48 . 2010-03-08 07:48 -------- d-----w- c:\documents and settings\Anouk\Local Settings\Application Data\VS Revo Group

2010-03-08 07:48 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-03-08 07:48 . 2010-03-08 07:48 -------- d-----w- c:\program files\VS Revo Group

2010-03-02 10:05 . 2010-03-02 10:05 -------- d-----w- c:\documents and settings\Anouk\Application Data\InstallShield

2010-02-26 17:46 . 2010-02-26 17:46 50354 ----a-w- c:\documents and settings\Anouk\Application Data\Facebook\uninstall.exe

2010-02-26 17:46 . 2010-02-26 17:46 -------- d-----w- c:\documents and settings\Anouk\Application Data\Facebook

2010-02-26 16:17 . 2010-02-26 16:17 -------- d-----w- c:\program files\Samsung

2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Anouk\Application Data\Facebook\axfbootloader.dll

2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Anouk\Application Data\Facebook\npfbplugin_1_0_3.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-22 12:32 . 2010-01-09 13:31 69232 ----a-w- c:\documents and settings\Anouk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-22 08:44 . 2004-10-26 10:07 55244 ----a-w- c:\windows\system32\perfc013.dat

2010-03-22 08:44 . 2004-10-26 10:07 368170 ----a-w- c:\windows\system32\perfh013.dat

2010-02-11 18:22 . 2010-02-11 18:22 -------- d-----w- c:\documents and settings\Anouk\Application Data\dvdcss

2010-02-10 08:21 . 2010-02-10 08:21 -------- d-----w- c:\program files\iPod

2010-02-10 08:21 . 2010-02-10 08:21 -------- d-----w- c:\program files\iTunes

2010-02-10 08:18 . 2010-02-10 08:18 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-02-08 22:06 . 2010-02-08 22:06 -------- d-----w- c:\program files\SpaceMonger

2010-02-08 22:06 . 2010-02-08 22:06 -------- d-----w- c:\documents and settings\Anouk\Application Data\SpaceMonger

2010-02-07 21:51 . 2010-02-07 21:51 -------- d-----w- c:\documents and settings\Anouk\Application Data\vlc

2010-02-05 04:58 . 2010-02-05 04:58 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-25 21:00 . 2010-01-25 21:00 -------- d-----w- c:\program files\Conduit

2010-01-12 18:43 . 2010-01-09 12:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-01-10 18:52 . 2010-01-10 18:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-01-09 12:27 . 2010-01-09 12:27 21748 ----a-w- c:\windows\system32\emptyregdb.dat

2010-01-05 09:59 . 2004-10-26 10:07 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 09:59 . 2004-10-26 10:07 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 09:59 . 2004-10-26 10:06 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2004-10-26 10:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Anouk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-09 135664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-19 13537280]

"nwiz"="nwiz.exe" [2008-08-19 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-19 86016]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-03 18789408]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-11-24 189824]

"NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2009-10-07 103752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [9-1-2010 14:43 82072]

R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [9-1-2010 14:43 25032]

R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [9-1-2010 14:43 61512]

R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [9-1-2010 14:43 76944]

R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [9-1-2010 14:44 24168]

R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [3-7-2006 10:33 1056512]

R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [30-6-2006 10:40 8064]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9-1-2010 14:24 1691480]

S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [9-1-2010 14:43 21832]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8-3-2010 8:48 27064]

.

Inhoud van de 'Gedeelde Taken' map

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045283838-3921992432-2552657027-1004Core1cac823af7c03d2.job

- c:\documents and settings\Anouk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-09 14:25]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.babylon.com/home

uInternet Connection Wizard,ShellNext = hxxp://support.spamweed.com/ts/?chapter=0.0

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Norman\npc\bin\nlf.dll

.

- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-03-26 10:50

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2652)

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

.

Voltooingstijd: 2010-03-26 10:51:45

ComboFix-quarantined-files.txt 2010-03-26 09:51

Pre-Run: 64.424.280.064 bytes beschikbaar

Post-Run: 67.659.169.792 bytes beschikbaar

- - End Of File - - D253B90F7F52B29E258BBA49CB2A15C7

kape · 26 maart 2010

Ga naar start -> uitvoeren

typ cmd druk op enter

typ ipconfig /flushdns en klik enter

Herstart de computer.

Verwijder volgende vetgedrukte mappen :

c:\program files\Conduit

C:\32788R22FWJ¦ƒ

C:\FOUND.001

... en probeer dan eens of je nu Malwarebytes kan laten scannen.

acmk · 26 maart 2010

Nu lukte het wel. Hij heeft alleen geen Malware gevonden.

dit is de log:

Malwarebytes' Anti-Malware 1.44

Database versie: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

26-3-2010 18:33:02

mbam-log-2010-03-26 (18-33-02).txt

Scan type: Snelle Scan

Objecten gescand: 111936

Verstreken tijd: 4 minute(s), 11 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd: