virus infectie trojan horse

[verodup]

Het lukt mij niet om combofix te instaleren zelfs niet met de uitschakeling van avg een andere oplossing?

[kape]

Krijg je foutmeldingen ? Of gebeurt er iets anders ?

[verodup]

Ik krijg de melding dat ik avg moet de instaleren zelfs met de instructies (avg)in je mail lukt het niet.

---------- Post toegevoegd om 17:12 ---------- Vorige post was om 17:08 ----------

bestaat er geen ander programma

[kape]

AVG verwijderen kan je met de speciale AVG Removal Tool.

[verodup]

combofix can not run when AVG is installed this is due to AVG's targeting of combofix files/processes it would be dangerous to continue.

Please uninstall AVG or use an other tool.

Dit is de mededeling

[kape]

Goed ... logische foutmelding ... gebruik dan even die Removal Tool (zie hoger).

[Asus]

@ kape : het valt me op dat de HJT-logjes zijn gemaakt met 2 verschillende versies van het programma : enerzijds V2.0.3 (BETA), anderzijds V2.0.4.

Misschien kan dit belangrijk zijn?...

Grtjs.

[kape]

@ kape : het valt me op dat de HJT-logjes zijn gemaakt met 2 verschillende versies van het programma : enerzijds V2.0.3 (BETA), anderzijds V2.0.4.

Misschien kan dit belangrijk zijn?...

De versie 2.0.4. is een betere optie, maar op zich moet ook de BETA dezelfde resultaten geven ;-)

[verodup]

Dit is de combofix log

ComboFix 11-01-24.02 - verostef 25/01/2011 12:34:08.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3000.1777 [GMT -4:00]

Gestart vanuit: c:\users\verostef\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\Downloaded Program Files\Install.inf

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\Install.cmd

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://lh6.ggpht.com

hxxp://lh4.ggpht.com

hxxp://lh3.ggpht.com

hxxp://lh5.ggpht.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))

.

2011-01-25 16:40 . 2011-01-25 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-25 10:48 . 2011-01-25 10:48 388096 ----a-r- c:\users\verostef\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2011-01-25 10:48 . 2011-01-25 10:48 -------- d-----w- c:\program files\TrendMicro

2011-01-25 09:37 . 2011-01-25 09:37 -------- d-----w- c:\users\verostef\AppData\Roaming\Malwarebytes

2011-01-25 09:37 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-25 09:37 . 2011-01-25 09:37 -------- d-----w- c:\programdata\Malwarebytes

2011-01-25 09:37 . 2011-01-25 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-25 09:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-25 01:32 . 2011-01-25 01:32 388096 ----a-r- c:\users\verostef\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-25 01:32 . 2011-01-25 01:32 -------- d-----w- c:\program files\Trend Micro

2011-01-24 22:31 . 2011-01-25 01:18 -------- d-----w- c:\users\verostef\AppData\Roaming\FrostWire

2011-01-24 22:31 . 2011-01-24 22:32 -------- d-----w- c:\program files\FrostWire

2011-01-24 22:09 . 2011-01-24 22:09 -------- d-----w- c:\programdata\BearShare

2011-01-24 22:09 . 2011-01-24 22:14 -------- dc-h--w- c:\programdata\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}

2011-01-19 18:59 . 2011-01-19 18:59 -------- d-----w- c:\programdata\30282

2011-01-16 13:39 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-01-16 13:39 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-01-16 13:38 . 2011-01-16 13:38 -------- d-----w- c:\program files\Winamp Detect

2011-01-16 13:38 . 2011-01-16 13:38 -------- d-----w- c:\program files\Winamp Toolbar

2011-01-16 13:38 . 2011-01-16 13:38 -------- d-----w- c:\programdata\Winamp Toolbar

2011-01-16 13:37 . 2011-01-16 13:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-01-16 13:37 . 2011-01-23 19:33 -------- d-----w- c:\users\verostef\AppData\Roaming\Winamp

2011-01-16 13:37 . 2011-01-16 13:40 -------- d-----w- c:\program files\Winamp

2011-01-15 12:24 . 2011-01-15 18:06 -------- d-----w- c:\users\verostef\vuze

2011-01-13 21:03 . 2011-01-14 11:47 -------- d-----w- c:\users\verostef\AppData\Roaming\Raptr

2011-01-13 21:03 . 2011-01-14 11:47 -------- d-----w- c:\program files\Raptr

2011-01-13 20:57 . 2011-01-15 12:17 -------- d-----w- c:\program files\Vuze

2011-01-13 20:57 . 2011-01-13 20:57 -------- d-----w- c:\users\verostef\AppData\Local\Conduit

2011-01-13 19:06 . 2011-01-19 19:44 -------- d-----w- c:\users\verostef\AppData\Local\BearShare

2011-01-13 19:03 . 2011-01-24 22:09 -------- d-----w- c:\program files\BearShare Applications

2011-01-13 16:05 . 2011-01-13 16:05 -------- d-----w- c:\users\verostef\AppData\Roaming\Uniblue

2011-01-13 16:05 . 2011-01-13 16:05 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-01-13 16:05 . 2011-01-13 16:05 -------- d-----w- c:\program files\Uniblue

2011-01-13 16:04 . 2011-01-13 16:04 -------- d-----w- c:\users\verostef\AppData\Local\PackageAware

2011-01-13 05:42 . 2011-01-13 05:44 -------- d-----w- C:\348409e3e070a23893a519f0ec

2011-01-12 23:48 . 2011-01-12 23:48 -------- d-----w- c:\program files\Conduit

2011-01-12 23:48 . 2011-01-12 23:48 -------- d-----w- c:\program files\Brothersoft

2011-01-12 23:33 . 2011-01-12 23:33 -------- d-----w- c:\program files\Meritline Label

2011-01-12 23:19 . 2011-01-12 23:19 -------- d-----w- c:\program files\Fisher

2011-01-12 23:19 . 1998-02-07 01:37 299520 ----a-w- c:\windows\uninst.exe

2011-01-12 23:19 . 2011-01-12 23:19 -------- d-----w- c:\program files\Ulead Systems

2011-01-12 23:18 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll

2011-01-12 16:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-01-12 16:55 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 16:55 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 16:55 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 16:55 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 16:55 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-01-12 16:55 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-11 17:39 . 2011-01-11 17:39 -------- d-----w- c:\programdata\InstallShield

2011-01-10 19:57 . 2011-01-10 19:57 -------- d-----w- c:\program files\PHPNukeDU

2011-01-10 19:54 . 2011-01-25 16:26 -------- d-----w- c:\program files\Common Files\Akamai

2011-01-10 19:51 . 2011-01-11 17:39 -------- d-----w- c:\users\verostef\AppData\Roaming\GetRightToGo

2011-01-10 19:25 . 2011-01-10 19:26 -------- d-----w- c:\programdata\Google Updater

2011-01-08 21:36 . 2010-11-12 22:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-12 22:53 . 2010-08-19 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-04 18:56 . 2010-12-15 12:55 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-04 18:55 . 2010-12-15 12:55 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-11-04 18:55 . 2010-12-15 12:55 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-04 18:55 . 2010-12-15 12:55 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-04 16:34 . 2010-12-15 12:55 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 06:01 . 2010-12-15 12:55 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-02 05:57 . 2010-12-15 12:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-02 05:57 . 2010-12-15 12:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-02 05:57 . 2010-12-15 12:55 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-11-02 05:57 . 2010-12-15 12:55 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-11-02 05:01 . 2010-12-15 12:55 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 04:26 . 2010-12-15 12:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-02 04:24 . 2010-12-15 12:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-10-28 15:44 . 2010-12-15 12:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-28 13:27 . 2010-12-15 12:56 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-10-28 13:20 . 2010-12-15 12:54 2048 ----a-w- c:\windows\system32\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

2010-12-09 16:51 3911776 ----a-w- c:\program files\Brothersoft\tbBrot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-22 30192]

"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]

"Skytel"="Skytel.exe" [2008-08-04 1833504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]

c:\users\verostef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca646c3ec5c78c;Google Updateservice (gupdate1ca646c3ec5c78c);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 133104]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-22 30192]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 33792]

R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-26 48688]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 ArcUdfs;ArcUdfs FileSystem Driver Service; [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-26 310320]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-26 259632]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100204.001\IDSvix86.sys [2009-12-30 343088]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-26 117640]

S3 ArcCD;ArcCD Filter Driver Service; [x]

S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-29 418816]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - ArcRec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

2011-01-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 19:25]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 14:18]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 14:18]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

DPF: {69731714-6886-4587-A9AA-D80C2763884D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\verostef\AppData\Roaming\Mozilla\Firefox\Profiles\b8sj6r54.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=

FF - prefs.js: browser.search.selectedEngine - BearShare Web Search

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-10 - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-Run-NPSStartup - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-01-25 12:40

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-01-25 12:43:09

ComboFix-quarantined-files.txt 2011-01-25 16:43

Pre-Run: 158.836.797.440 bytes beschikbaar

Post-Run: 158.055.133.184 bytes beschikbaar

- - End Of File - - 8353172EFAD3D91E9B8BB27F135D775E

---------- Post toegevoegd om 18:47 ---------- Vorige post was om 18:46 ----------

Kan ik AVG TERUG DOWNLOADEN

[kape]

Indien je onmiddellijk een antivirusprogramma wil, mag je dat downloaden (maar zeker niet AVG). Neem dan Avast of Antivir, ook gratis !

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Conduit

c:\programdata\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}

c:\programdata\BearShare

c:\users\verostef\AppData\Local\Conduit

c:\users\verostef\AppData\Local\BearShare

c:\program files\BearShare Applications

c:\program files\PHPNukeDU

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

FireFox::

FF - ProfilePath - c:\users\verostef\AppData\Roaming\Mozilla\Firefox\Profiles\b8sj6r54.default\

FF - prefs.js: browser.startup.homepage –

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.search.selectedEngine –

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.