Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ben
Hallo Samy
1.Probeer nu combofix nog een keer.
2.En vertel hoe het met je problemen staat.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Hallo Ben,
Dit is het resultaat van ComboFix moet ik nog een keer een HiJack maken?
ComboFix 11-09-15.05 - Samya 15-09-2011 17:36:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1013.567
Gestart vanuit: c:\documents and settings\Samya\Bureaublad\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Samya\Application Data\PriceGong
c:\documents and settings\Samya\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Samya\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Samya\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Samya\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Samya\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.4df5db01.ini.inuse
c:\documents and settings\Samya\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Samya\Local Settings\Application Data\ApplicationHistory\SL1.tmp.70c926f3.ini
c:\documents and settings\Samya\Mijn documenten\~WRL0003.tmp
c:\windows\WindowsUpdate.log . . . . konden niet verwijderd worden
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-15 to 2011-09-15 ))))))))))))))))))))))))))))))
.
.
2011-09-15 10:16 . 2011-09-15 10:16 ——– d—–w- c:\program files\Conduit
2011-09-15 10:16 . 2011-09-15 10:31 ——– d—–w- c:\documents and settings\Samya\Local Settings\Application Data\Softonic-Eng7
2011-09-15 08:04 . 2011-09-15 08:04 388096 —-a-r- c:\documents and settings\Samya\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-15 08:04 . 2011-09-15 08:04 ——– d—–w- c:\program files\Trend Micro
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\Samya\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 20:24 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 11:52 . 2011-09-06 20:38 111320 —-a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-12 11:52 . 2011-09-06 20:37 195416 —-a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-12 11:52 . 2011-09-06 20:10 12112 —-a-w- c:\windows\system32\drivers\aswNdis.sys
2011-08-31 20:28 . 2011-09-11 11:02 ——– d-sh–w- c:\documents and settings\Samya\Application Data\51E4B811
2011-08-31 20:28 . 2011-09-02 09:55 ——– d-sh–w- c:\documents and settings\Samya\Application Data\A5D0ACEB
2011-08-30 22:23 . 2011-09-06 13:27 ——– d—–w- c:\documents and settings\Samya\Application Data\Apyfo
2011-08-30 22:23 . 2011-08-30 23:12 ——– d—–w- c:\documents and settings\Samya\Application Data\Yqdini
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-08-20 14:16 602624 —-a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-04-26 21:07 41184 —-a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-04-26 21:07 199304 —-a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-26 21:08 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-04-26 21:08 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-04-26 21:08 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-04-26 21:08 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-04-26 21:08 110552 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-04-26 21:08 104536 —-a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-04-26 21:08 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-04-26 21:08 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-23 13:20 . 2009-11-02 19:03 900 –sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-07-15 13:29 . 2008-08-20 14:16 456320 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-08-20 14:16 10496 —-a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-20 05:28 139656 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-08-20 14:17 916480 —-a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-08-20 14:16 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-08-20 14:16 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-20 14:16 385024 —-a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-20 14:17 293888 —-a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“MGSysCtrl”=“c:\program files\System Control Manager\MGSysCtrl.exe”
“LanguageShortcut”=“c:\program files\HomeCinema\PowerDVD\Language\Language.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“Athan”=“c:\program files\Athan\Athan.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
@=“Driver”
.
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys
S0 jlpcvont;jlpcvont;c:\windows\system32\drivers\rabfbwuq.sys –> c:\windows\system32\drivers\rabfbwuq.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2011-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
.
——- Bijkomende Scan ——-
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(2524)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Voltooingstijd: 2011-09-15 18:02:49 - machine werd herstart
ComboFix-quarantined-files.txt 2011-09-15 16:02
.
Pre-Run: 81.557.135.360 bytes beschikbaar
Post-Run: 83.543.670.784 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
.
- - End Of File - - DD99F280C5C4D23DBF4C436913EBF335
Hallo Ben,
Hier mn HiJackThislog en ondertussen is mn pc niet eerder uitgegaan krijg alleen nog wel die melding die ik hiervoor aangaf over dat de website met succes is geblokkeerd ligt het aan die site?
Tot nu toe geen meldingen gehad van een trojaan maar k denk dat ik er pas morgen echt iets over kan zeggen want soms krijg ik even niets….
Heb je toevallig ook kunnen zien of mijn pc gehackt was?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:27, on 15-9-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252420056296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252483103390
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 7647 bytes
Hallo Samy,
Ga nou geen stappen tussen door doen!!!
1.Start=>Alle programma's=>Bureau-accessoiers=>Kladblok.
2.Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\windows\system32\drivers\rabfbwuq.sys
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Hier mijn logjes Ben
ComboFix 11-09-15.05 - Samya 15-09-2011 19:15:09.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1013.568
Gestart vanuit: c:\documents and settings\Samya\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Samya\Bureaublad\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
“c:\windows\system32\drivers\rabfbwuq.sys”
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-15 to 2011-09-15 ))))))))))))))))))))))))))))))
.
.
2011-09-15 10:16 . 2011-09-15 10:16 ——– d—–w- c:\program files\Conduit
2011-09-15 10:16 . 2011-09-15 10:31 ——– d—–w- c:\documents and settings\Samya\Local Settings\Application Data\Softonic-Eng7
2011-09-15 08:04 . 2011-09-15 08:04 388096 —-a-r- c:\documents and settings\Samya\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-15 08:04 . 2011-09-15 08:04 ——– d—–w- c:\program files\Trend Micro
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\Samya\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 20:24 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 11:52 . 2011-09-06 20:38 111320 —-a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-12 11:52 . 2011-09-06 20:37 195416 —-a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-12 11:52 . 2011-09-06 20:10 12112 —-a-w- c:\windows\system32\drivers\aswNdis.sys
2011-08-31 20:28 . 2011-09-11 11:02 ——– d-sh–w- c:\documents and settings\Samya\Application Data\51E4B811
2011-08-31 20:28 . 2011-09-02 09:55 ——– d-sh–w- c:\documents and settings\Samya\Application Data\A5D0ACEB
2011-08-30 22:23 . 2011-09-06 13:27 ——– d—–w- c:\documents and settings\Samya\Application Data\Apyfo
2011-08-30 22:23 . 2011-08-30 23:12 ——– d—–w- c:\documents and settings\Samya\Application Data\Yqdini
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-08-20 14:16 602624 —-a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-04-26 21:07 41184 —-a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-04-26 21:07 199304 —-a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-26 21:08 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-04-26 21:08 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-04-26 21:08 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-04-26 21:08 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-04-26 21:08 110552 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-04-26 21:08 104536 —-a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-04-26 21:08 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-04-26 21:08 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-23 13:20 . 2009-11-02 19:03 900 –sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-07-15 13:29 . 2008-08-20 14:16 456320 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-08-20 14:16 10496 —-a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-20 05:28 139656 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-08-20 14:17 916480 —-a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-08-20 14:16 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-08-20 14:16 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-20 14:16 385024 —-a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-20 14:17 293888 —-a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-15_15.56.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-15 17:09 . 2011-09-15 17:09 16384 c:\windows\Temp\Perflib_Perfdata_300.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“MGSysCtrl”=“c:\program files\System Control Manager\MGSysCtrl.exe”
“LanguageShortcut”=“c:\program files\HomeCinema\PowerDVD\Language\Language.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“Athan”=“c:\program files\Athan\Athan.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
@=“Driver”
.
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys
S0 jlpcvont;jlpcvont;c:\windows\system32\drivers\rabfbwuq.sys –> c:\windows\system32\drivers\rabfbwuq.sys
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2011-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
.
——- Bijkomende Scan ——-
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(324)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-09-15 19:31:33
ComboFix-quarantined-files.txt 2011-09-15 17:31
ComboFix2.txt 2011-09-15 16:02
.
Pre-Run: 83.538.145.280 bytes beschikbaar
Post-Run: 83.533.553.664 bytes beschikbaar
.
- - End Of File - - 43C8D90AF63C919697FD075DD0163F7E
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:18, on 15-9-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252420056296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252483103390
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 7545 bytes
Hoi Samy,
Doe nogmaals:
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\windows\system32\drivers\rabfbwuq.sys
Driver:
rabfbwuq.sys
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
Hoi Huib
Neem jij het over 
Hieronder de logjes (poeh wat een gedoe allemaal maar beter dan formateren)
ComboFix 11-09-15.05 - Samya 15-09-2011 20:47:20.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1013.502
Gestart vanuit: c:\documents and settings\Samya\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Samya\Bureaublad\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
“c:\windows\system32\drivers\rabfbwuq.sys”
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-15 to 2011-09-15 ))))))))))))))))))))))))))))))
.
.
2011-09-15 18:44 . 2011-09-15 18:45 ——– d—–w- C:\32788R22FWJFW
2011-09-15 10:16 . 2011-09-15 10:16 ——– d—–w- c:\program files\Conduit
2011-09-15 10:16 . 2011-09-15 10:31 ——– d—–w- c:\documents and settings\Samya\Local Settings\Application Data\Softonic-Eng7
2011-09-15 08:04 . 2011-09-15 08:04 388096 —-a-r- c:\documents and settings\Samya\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-15 08:04 . 2011-09-15 08:04 ——– d—–w- c:\program files\Trend Micro
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\Samya\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-14 20:24 . 2011-09-14 20:24 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 20:24 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 11:52 . 2011-09-06 20:38 111320 —-a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-12 11:52 . 2011-09-06 20:37 195416 —-a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-12 11:52 . 2011-09-06 20:10 12112 —-a-w- c:\windows\system32\drivers\aswNdis.sys
2011-08-31 20:28 . 2011-09-11 11:02 ——– d-sh–w- c:\documents and settings\Samya\Application Data\51E4B811
2011-08-31 20:28 . 2011-09-02 09:55 ——– d-sh–w- c:\documents and settings\Samya\Application Data\A5D0ACEB
2011-08-30 22:23 . 2011-09-06 13:27 ——– d—–w- c:\documents and settings\Samya\Application Data\Apyfo
2011-08-30 22:23 . 2011-08-30 23:12 ——– d—–w- c:\documents and settings\Samya\Application Data\Yqdini
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-08-20 14:16 602624 —-a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-04-26 21:07 41184 —-a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-04-26 21:07 199304 —-a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-26 21:08 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-04-26 21:08 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-04-26 21:08 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-04-26 21:08 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-04-26 21:08 110552 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-04-26 21:08 104536 —-a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-04-26 21:08 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-04-26 21:08 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-23 13:20 . 2009-11-02 19:03 900 –sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-07-15 13:29 . 2008-08-20 14:16 456320 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-08-20 14:16 10496 —-a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-20 05:28 139656 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-08-20 14:17 916480 —-a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-08-20 14:16 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-08-20 14:16 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-20 14:16 385024 —-a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-20 14:17 293888 —-a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-15_15.56.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-15 17:09 . 2011-09-15 17:09 16384 c:\windows\Temp\Perflib_Perfdata_300.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“MGSysCtrl”=“c:\program files\System Control Manager\MGSysCtrl.exe”
“LanguageShortcut”=“c:\program files\HomeCinema\PowerDVD\Language\Language.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“Athan”=“c:\program files\Athan\Athan.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
@=“Driver”
.
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys
S0 jlpcvont;jlpcvont;c:\windows\system32\drivers\rabfbwuq.sys –> c:\windows\system32\drivers\rabfbwuq.sys
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2011-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2793254981-2875309246-57265055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
.
——- Bijkomende Scan ——-
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(3432)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-09-15 21:02:22
ComboFix-quarantined-files.txt 2011-09-15 19:02
ComboFix2.txt 2011-09-15 17:31
ComboFix3.txt 2011-09-15 16:02
.
Pre-Run: 83.535.581.184 bytes beschikbaar
Post-Run: 83.526.619.136 bytes beschikbaar
.
- - End Of File - - D25C7A329F6407583D892236C6EECE72
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:50, on 15-9-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252420056296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252483103390
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 7496 bytes
Hoi Samy,
Nee hoor, we doen het samen;)
Hoe staat het met de problemen:s
Verwijder nog ff de vet gedrukte mappen:
c:\program files\Conduit <—– Deze map
c:\documents and settings\Samya\Local Settings\Application Data\Softonic-Eng7 <—– Deze map
Ken jij het programma Athan
Laat dit ook even weten.
Dat er een IP geblokt werd, is alleen maar goed, werkt jou firewall ook goed:D
Verwijder Combofix volg de onderstaande instructies.
Ga naar Start - Uitvoeren
Kopieer en plak: Combofix /Uninstall in de startzoekbalk.
Druk ENTER daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Groetjes Huib;)
