[OPGELOST] Verwijderen van A360???

[iveen.2ma]

Een behoorlijke besmetting, dat wel ... maar het einde lijkt in zicht.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\E.tmp

c:\windows\system32\D.tmp

c:\windows\system32\qzhppienursis.dll-uninst.exe

c:\windows\system32\cont_milehighads-remove.exe

c:\windows\system32\bgvrdmfxojhaxxocl.exe

c:\windows\system32\62.tmp

c:\windows\system32\comres32.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b439e295511]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - AppInit_DLLs: C:\WINDOWS\System32\comres32.dll

O20 - Winlogon Notify: b439e295511 - C:\WINDOWS\System32\comres32.dll

Klik op 'Fix checked' om de items te verwijderen.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

En wat denk je? Is het allemaal weer helemaal in orde? Ik krijg geen pop ups meer dus volgens mij wel...

ComboFix 09-01-07.02 - Gebruiker 2009-01-08 11:28:05.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1790.1222 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\system32\62.tmp

c:\windows\system32\bgvrdmfxojhaxxocl.exe

c:\windows\system32\comres32.dll

c:\windows\system32\cont_milehighads-remove.exe

c:\windows\system32\D.tmp

c:\windows\system32\E.tmp

c:\windows\system32\qzhppienursis.dll-uninst.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Gebruiker\Application Data\02000000291a733f511C.manifest

c:\documents and settings\Gebruiker\Application Data\02000000291a733f511O.manifest

c:\documents and settings\Gebruiker\Application Data\02000000291a733f511P.manifest

c:\documents and settings\Gebruiker\Application Data\02000000291a733f511S.manifest

c:\windows\GnuHashes.ini

c:\windows\system32\2.tmp

c:\windows\system32\62.tmp

c:\windows\system32\comres32.dll

c:\windows\system32\cont_milehighads-remove.exe

c:\windows\system32\GroupPolicy000.dat

c:\windows\system32\GroupPolicyManifest

c:\windows\system32\GroupPolicyManifest\1.music.mp3

c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd

c:\windows\system32\GroupPolicyManifest\10.setup.zip

c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd

c:\windows\system32\GroupPolicyManifest\11.unpack.zip

c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd

c:\windows\system32\GroupPolicyManifest\12.limepro.zip

c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd

c:\windows\system32\GroupPolicyManifest\13.keygen.zip

c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd

c:\windows\system32\GroupPolicyManifest\2.crack.zip

c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd

c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg

c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd

c:\windows\system32\GroupPolicyManifest\9.remix.mp3

c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

c:\windows\system32\qzhppienursis.dll-uninst.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))))

.

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-07 10:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-07 10:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-18 11:27 . 2009-01-08 11:20 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend

2008-12-18 11:24 . 2008-12-18 11:24 <DIR> d-------- c:\program files\CCleaner

2008-12-18 09:47 . 2008-12-18 09:47 <DIR> d-------- c:\program files\Enigma Software Group

2008-12-18 09:40 . 2008-12-18 09:40 <DIR> d-------- c:\program files\Trend Micro

2008-12-16 15:09 . 2008-12-16 15:41 <DIR> d-------- c:\program files\DivX

2008-12-16 15:03 . 2008-12-16 15:03 <DIR> d-------- c:\program files\Conduit

2008-12-16 09:46 . 2008-12-16 15:42 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\LimeWire

2008-12-16 09:43 . 2008-12-16 09:43 <DIR> d-------- c:\windows\Sun

2008-12-16 09:43 . 2008-12-16 09:42 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-16 09:43 . 2008-12-16 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-16 09:42 . 2008-12-16 09:42 <DIR> d-------- c:\program files\Java

2008-12-16 09:41 . 2008-12-16 09:41 <DIR> d-------- c:\program files\LimeWire

2008-12-12 15:33 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 10:32 --------- d-----w c:\program files\Symantec AntiVirus

2008-11-13 13:10 --------- d-----w c:\program files\InterActual

1822-06-21 10:12 4,263 --sh--w c:\windows\windllreg1c.sys

.

------- Sigcheck -------

2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\svchost.exe

2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\svchost.exe

2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\dllcache\svchost.exe

2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ws2_32.dll

2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\ws2_32.dll

2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\dllcache\ws2_32.dll

2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\winlogon.exe

2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\winlogon.exe

2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\dllcache\winlogon.exe

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\services.exe

2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\services.exe

2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\dllcache\services.exe

2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\lsass.exe

2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\lsass.exe

2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\dllcache\lsass.exe

2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ctfmon.exe

2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\ctfmon.exe

2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\dllcache\ctfmon.exe

2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\userinit.exe

2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\userinit.exe

2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\dllcache\userinit.exe

2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\termsrv.dll

2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\termsrv.dll

2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\dllcache\termsrv.dll

.

((((((((((((((((((((((((((((( snapshot@2009-01-07_ 9.52.28,56 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-07 07:06:14 71,642 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-08 10:36:04 71,642 ----a-w c:\windows\system32\perfc009.dat

- 2009-01-07 07:06:14 91,438 ----a-w c:\windows\system32\perfc013.dat

+ 2009-01-08 10:36:04 91,438 ----a-w c:\windows\system32\perfc013.dat

- 2009-01-07 07:06:14 441,958 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-08 10:36:04 441,958 ----a-w c:\windows\system32\perfh009.dat

- 2009-01-07 07:06:14 510,006 ----a-w c:\windows\system32\perfh013.dat

+ 2009-01-08 10:36:04 510,006 ----a-w c:\windows\system32\perfh013.dat

+ 2009-01-08 10:32:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_760.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856]

"HyvesKwekker"="c:\program files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 1588736]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-19 761946]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"InterWrite Device Manager SysTray"="c:\program files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" [2008-06-19 688128]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-03-27 09:00 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]

-ra------ 2006-08-14 03:51 352256 c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-03-14 21:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

-ra------ 2005-10-31 20:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2006-06-16 03:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Interwrite Learning\\Interwrite Workspace\\_jvm_1.5\\bin\\java.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-07-31 11264]

S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-06-22 808448]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]

.

.

------- Bijkomende Scan -------

.

uStart Page = www.google.nl/

uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 11:41:47

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Interwrite Learning\Interwrite Workspace\IWDM.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Voltooingstijd: 2009-01-08 11:44:53 - machine werd herstart [Gebruiker]

ComboFix-quarantined-files.txt 2009-01-08 10:44:50

ComboFix2.txt 2009-01-07 11:30:51

ComboFix3.txt 2009-01-07 08:53:15

Pre-Run: 146.243.100.672 bytes beschikbaar

Post-Run: 146,241,785,856 bytes beschikbaar

219 --- E O F --- 2009-01-05 09:29:09

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:47:01, on 8-1-2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDM.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [interWrite Device Manager SysTray] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185884657406

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229417050739&h=fc4160dc1b1f5300a074cbb58e18fca0/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 8032 bytes

[kape]

Dit lijkt in orde te zijn. Om de resten van de besmetting op te ruimen mag je dit nog even uitvoeren :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

[iveen.2ma]

Dit lijkt in orde te zijn. Om de resten van de besmetting op te ruimen mag je dit nog even uitvoeren :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Onwijs bedankt, ben er heel blij mee!!