Ga naar inhoud

sibet

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    1

  • Registratiedatum

  • Laatst bezocht

sibet's prestaties

Nieuweling

Nieuweling (1/14)

  • Eerste post
  • Gespreksstarter
  • Week één klaar
  • Een maand later
  • Een jaar binnen

Recente badges

0

Reputatie

  1. sibet
    Ik kreeg laatst bezoek van de anti-malware doctor. Het meeste heb ik al kunnen verhelpen met malwarebytes antimalware, maar er bleven processen op de achtergrond lopen. Ik heb via een post op dit forum dan combofix gedraaid. Hieronder het resultaat. Dien ik hier nu nog iets mee aan te vangen verder? Alvast bedankt! ComboFix 10-08-11.05 - HVM 08/12/2010 11:12:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT 2:00] Running from: c:\documents and settings\HVM\My Documents\My Received Files\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HVM\Application Data\3EA80423575C9548C8E10C135447CA7B c:\documents and settings\HVM\Application Data\3EA80423575C9548C8E10C135447CA7B\enemies-names.txt c:\documents and settings\HVM\Application Data\3EA80423575C9548C8E10C135447CA7B\local.ini c:\documents and settings\HVM\Application Data\3EA80423575C9548C8E10C135447CA7B\lsrslt.ini c:\documents and settings\HVM\Local Settings\Application Data\cigmiwaww c:\documents and settings\HVM\Local Settings\Application Data\cigmiwaww\udyyvgftssd.exe C:\lsass.exe c:\windows\system32\driVERs\ofogb.sys c:\windows\system32\drivers\sokccpbf.sys c:\windows\system32\drivers\sphnxebl.sys c:\windows\system32\hatjggv.dll c:\windows\system32\qxdodxv.dll c:\windows\system32\Thumbs.db c:\windows\Tasks\At1.job Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected Restored copy from - Kitty had a snack Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\ndis.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CDJQPGKO -------\Legacy_SPHNXEBL -------\Service_cdjqpgko -------\Service_sphnxebl -------\Legacy_ofogb -------\Service_ofogb ((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 ))))))))))))))))))))))))))))))) . 2010-08-11 13:20 . 2010-08-11 13:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\dpMagic Software 2010-08-11 12:57 . 2010-08-11 12:57 -------- d-----w- c:\documents and settings\HVM\Application Data\Office Genuine Advantage 2010-08-10 17:23 . 2010-08-10 17:23 -------- d-----w- c:\documents and settings\HVM\Application Data\Malwarebytes 2010-08-10 17:17 . 2010-08-10 17:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-08-10 16:42 . 2010-08-10 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-10 16:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-10 16:42 . 2010-08-10 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-10 16:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-04 18:37 . 2010-08-04 18:37 -------- d-----w- c:\documents and settings\HVM\EurekaLog 2010-07-26 13:02 . 2010-07-26 13:02 -------- d-----w- c:\program files\Common Files\Skype 2010-07-17 19:55 . 2010-07-17 19:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-14 07:25 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-12 08:40 . 2008-04-27 12:27 -------- d-----w- c:\program files\Bonjour 2010-08-11 21:57 . 2008-07-25 20:54 -------- d-----w- c:\documents and settings\HVM\Application Data\uTorrent 2010-08-02 21:11 . 2009-05-29 08:08 -------- d-----w- c:\documents and settings\HVM\Application Data\Skype 2010-08-02 09:22 . 2009-05-29 08:10 -------- d-----w- c:\documents and settings\HVM\Application Data\skypePM 2010-07-26 13:02 . 2009-05-29 08:08 -------- d-----r- c:\program files\Skype 2010-07-26 13:02 . 2009-05-29 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-14 08:18 . 2008-11-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2010-07-12 11:06 . 2010-07-12 11:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-07-12 11:05 . 2010-07-12 11:05 -------- d--h--w- c:\program files\CanonBJ 2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2008-03-16 10:52 . 2008-03-16 10:52 1378 ------w- c:\program files\uninstal.log 2001-08-13 14:51 . 2001-08-13 14:51 1396337 ------w- c:\program files\Captura.exe 2008-02-26 15:10 . 2008-02-26 15:10 88 --sh--r- c:\windows\system32\299420F371.sys 2008-02-26 15:10 . 2008-02-26 15:10 2828 --sh--w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-3 110592] Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-28 561213] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Whisper Technology\\FTP Surfer\\Surfer.exe"= "c:\\Program Files\\Brother\\Brmfl06b\\FAXRX.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/29/2007 2:28 AM 19504] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [7/12/2007 6:38 AM 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/23/2007 1:59 AM 30336] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [1/10/2009 1:02 PM 33536] --- Other Services/Drivers In Memory --- *NewlyCreated* - SPHNXEBL *Deregistered* - sphnxebl . Contents of the 'Scheduled Tasks' folder 2010-08-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54] 2010-08-12 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] 2010-08-10 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-25 16:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: navigram.com\www Trusted Zone: getmirar.com\click Trusted Zone: mirarsearch.com\click Trusted Zone: mirarsearch.com\redirect Trusted Zone: net-nucleus.com\awbeta FF - ProfilePath - c:\documents and settings\HVM\Application Data\Mozilla\Firefox\Profiles\8zaxoxtm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/webhp?hl=nl FF - plugin: c:\documents and settings\HVM\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-12 11:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2262407663-1368723996-2586089899-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2479FC8C-E819-0C8A-CFC9-05F4E05B71EA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2479FC8C-E819-0C8A-CFC9-05F4E05B71EA}\InProcServer32*] "jaajbdphkibhccaakllk"=hex:6a,61,6b,68,6e,67,66,64,6b,64,6c,66,63,6a,6c,62,6f, 65,70,6f,00,30 "iaajpcffhkeldcddjh"=hex:6a,61,6c,68,6e,67,6c,66,67,68,6a,67,67,64,6a,62,6f,67, 6c,6f,00,30 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'explorer.exe'(3988) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Whisper Technology\FTP Surfer\wtftpshx.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\IPSSVC.EXE c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-12 11:37:34 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-12 09:37 Pre-Run: 63,728,730,112 bytes free Post-Run: 66,564,083,712 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - B29B45CD83304CDE279EEC7AC255FE38
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.