Lightask virus

Jurgen

19-12-2008 19:58

Hallo,
Ik heb last van een “virus” genaamd lightask. Het is irritant en het internetten wordt er erg traag van. Ik heb alle stappen gedaan wat jullie omschreven hebben. Het log file heb ik hieronder geplakt.
Ik hoop dat iemand mij verder kan helpen.
Bij voorbaat dank,
Jurgen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:50, on 17-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: D - {8B5433C2-AA02-3D24-9A5F-B60ABB95BB12} - C:\WINDOWS\system32\wrq95443.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM\..\Run: “C:\Program Files\WebcamMax\CAMTHINS.exe” /m
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 - HKLM\..\Run: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: Converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202000i/AcDcToday.ocx
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploade…
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%202000i/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202000i/AcPreview.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 13016 bytes
huib

19-12-2008 20:31

Hoi Jurgen,
Je schreef o.a.:
>>>Ik heb alle stappen gedaan wat jullie omschreven hebben.<<<
Ons houd je niet voor de gek:(
Voer alle stappen uit van de volgende link:
http://www.prikpagina.nl/read.php?f=123&i=186977&t=186977
Daarna kunnen we je verder helpen;)
Succes,
Huib:)
Jurgen

19-12-2008 23:21

Als ik iets niet goed gedaan heb, kun je dit gewoon aangeven. Dus een beetje vriendelijke alstublieft.
Wat heb ik niet goed gedaan? heb alles stap voor stap uitgevoerd.
Jurgenhuib schreef:
>
> Hoi Jurgen,
>
> Je schreef o.a.:
> >>>Ik heb alle stappen gedaan wat jullie omschreven hebben.<<<
>
> Ons houd je niet voor de gek:(
>
> Voer alle stappen uit van de volgende link:
>
> http://www.prikpagina.nl/read.php?f=123&i=186977&t=186977
>
> Daarna kunnen we je verder helpen;)
>
> Succes,
> Huib:)
huib

20-12-2008 15:03

Mbam bijvoorbeeld;)
Groetjes Huib:)
Jurgen

20-12-2008 21:43

Ik heb de snelle scan uitgevoerd. Precies zoals beschreven.
Wat is nu het probleem. Ik wil graag geholpen worden. Ik heb geen zin in dit achterdochtige gedoe!
Jurgenhuib schreef:
>
> Mbam bijvoorbeeld;)
>
> Groetjes Huib:)
huib

20-12-2008 21:52

Hoi Jurgen,
Je schreef:
>>>Ik heb de snelle scan uitgevoerd. Precies zoals beschreven.
Wat is nu het probleem. Ik wil graag geholpen worden. Ik heb geen zin in dit achterdochtige gedoe!<<<
Ik begrijp jou frustraties, maar bekijk het ook eens van onze kant.
Het stappenplan is toch heel duidelijk en toch wordt er door de meesten een deel vergeten of overgeslagen en iedere x moeten wij er dan maar weer om vragen.
Maar goed, je zegt MBAM gedraaid te hebben, al zie ik deze niet terug.
Waar is het logje van MBAM dan:?
Heb je MBAM voor of na een HijackThis logje laten scannen:?
Is dit na die tijd gebeurt, dan ook graag een nieuw HijackThis logje;)
Sorry voor al het ongemak.
Groetjes Huib:)
Jaap Ton

20-12-2008 22:24

Tsja, als je zo graag geholpen wil worden door hardwerkende vrijwilligers………..
Jurgen

21-12-2008 09:44

Hallo Huib,
Ik hoop echt dat je mij kunt helpen. Ik heb de scan denk ik toch niet goed gedaan. ik heb hem nogmaals gedaan en de log hieronder geplaatst. Misschien kun je hier iets uithalen. Ik begrijp er niets van.
Hartelijk dank voor de moeite en het begrip.
Met vriendelijke groet,
Jurgen
Malwarebytes' Anti-Malware 1.31
Database versie: 1511
Windows 5.1.2600 Service Pack 3
21-12-2008 9:40:57
mbam-log-2008-12-21 (09-40-57).txt
Scan type: Snelle Scan
Objecten gescand: 65544
Verstreken tijd: 8 minute(s), 48 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 14
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 12
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\wrq95443.dll (Trojan.Vundo.H) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b5433c2-aa02-3d24-9a5f-b60abb95bb12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8b5433c2-aa02-3d24-9a5f-b60abb95bb12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d9a3ce58-baf8-3886-924c-29fb6bd800d8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d4aec0a7-45bc-3b1a-a147-02f174beb479} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b5433c2-aa02-3d24-9a5f-b60abb95bb12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\wrq95443.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qdbon.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rq95443.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jurgen & Marielle\Local Settings\Temp\~nsu.tmp\Au_.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jurgen & Marielle\Local Settings\Temporary Internet Files\Content.IE5\2HDBRJRL\MediaCodec_2.4.3501.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jurgen & Marielle\Local Settings\Temporary Internet Files\Content.IE5\2HDBRJRL\MediaCodec_2.4.3501.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jurgen & Marielle\Local Settings\Temporary Internet Files\Content.IE5\AU68AVAZ\MediaCodec_2.4.3501.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\KB31076.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jurgen & Marielle\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-055.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
huib

21-12-2008 20:28

Hoi Jurgen,
Dat ruimt al lekker op;)
Snap je nu waarom wij graag willen dat het plan helemaal wordt uitgevoerd:?
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Dubbelklik Combofix.exe.
Volg de instructies, accepteer de disclaimer door 1 (continue) te typen gevolgd door een ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien tijdens tijdens het gebruik van Combofix een melding komt van je Antivirus- of een andere realtime scanner, schakel deze scanner dan uit en download Combofix opnieuw. Sommige scanners zien onderdelen die Combofix gebruikt als verdacht en kunnen deze blokkeren of verwijderen! Hierdoor kan combofix niet naar behoren functioneren.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log even hier.
Groetjes Huib:)
Jurgen

22-12-2008 00:12

ComboFix 08-12-21.02 - Jurgen & Marielle 2008-12-22 0:01:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.505
Gestart vanuit: e:\gedownload\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jurgen & Marielle\Application Data\.#
c:\windows\Downloaded Program Files\setup.inf
c:\windows\win32t4.dll
E:\resycled
e:\resycled\boot.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))
.
2008-12-21 19:47 . 2008-12-21 19:47 0 –a—— c:\windows\SETUP32.INI
2008-12-17 21:39 . 2008-12-17 21:39 d——– c:\program files\Trend Micro
2008-12-17 19:22 . 2008-12-17 19:22 d——– c:\program files\Lavasoft
2008-12-17 19:22 . 2008-12-17 19:22 d——– c:\program files\Common Files\Wise Installation Wizard
2008-12-17 19:22 . 2008-12-17 19:23 d——– c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 17:07 . 2008-12-17 17:07 d——– c:\program files\Malwarebytes' Anti-Malware
2008-12-17 17:07 . 2008-12-17 17:07 d——– c:\documents and settings\Jurgen & Marielle\Application Data\Malwarebytes
2008-12-17 17:07 . 2008-12-17 17:07 d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 17:07 . 2008-12-03 19:52 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 17:07 . 2008-12-03 19:52 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2008-12-17 17:04 . 2008-12-17 17:04 d——– c:\program files\CleanUp!
2008-12-16 22:28 . 2008-12-17 21:31 d——– c:\program files\Spybot - Search & Destroy
2008-12-16 22:28 . 2008-12-17 16:49 d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 16:30 . 2008-12-14 16:30 d——– c:\documents and settings\Administrator.AMD-3600\Application Data\Verzendmap van Share-to-Web
2008-12-14 16:30 . 2008-12-14 16:30 d——– c:\documents and settings\Administrator.AMD-3600\Application Data\Ipswitch
2008-12-14 16:00 . 2007-05-26 15:40 d–h—– c:\documents and settings\Administrator.AMD-3600\Sjablonen
2008-12-14 16:00 . 2007-05-26 23:35 d–h—– c:\documents and settings\Administrator.AMD-3600\Onlangs geopend
2008-12-14 16:00 . 2007-05-26 23:35 d–h—– c:\documents and settings\Administrator.AMD-3600\Netwerkprinteromgeving
2008-12-14 16:00 . 2007-05-26 23:35 d——– c:\documents and settings\Administrator.AMD-3600\Mijn documenten
2008-12-14 16:00 . 2007-05-26 23:35 dr——- c:\documents and settings\Administrator.AMD-3600\Menu Start
2008-12-14 16:00 . 2007-05-26 23:35 d——– c:\documents and settings\Administrator.AMD-3600\Favorieten
2008-12-14 16:00 . 2007-05-26 23:35 d——– c:\documents and settings\Administrator.AMD-3600\Bureaublad
2008-12-14 16:00 . 2008-12-14 16:01 d——– c:\documents and settings\Administrator.AMD-3600
2008-12-11 21:11 . 2008-12-11 21:11 d——– c:\program files\CDisplay
2008-12-04 17:38 . 2008-12-04 17:38 410,976 –a—— c:\windows\system32\deploytk.dll
2008-11-23 18:36 . 2008-11-23 18:36 d——– c:\documents and settings\Jurgen & Marielle\Application Data\Shrek
2008-11-23 18:36 . 2008-11-23 18:36 d——– c:\documents and settings\Jurgen & Marielle\Application Data\BarbieIP
2008-11-23 18:30 . 2008-11-23 18:30 d——– c:\program files\Activision
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 21:31 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\Azureus
2008-12-21 19:45 ——— d—–w c:\program files\Winnie De Poeh
2008-12-21 18:50 ——— d—–w c:\program files\Robbie Konijn
2008-12-21 15:38 43,520 —-a-w c:\windows\system32\CmdLineExt03.dll
2008-12-16 05:46 114 —-a-w C:\sccfg.sys
2008-12-13 15:10 ——— d—–w c:\program files\avi.NET
2008-12-11 20:11 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
2008-12-11 05:52 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-04 16:38 ——— d—–w c:\program files\Java
2008-11-30 19:36 ——— d—–w c:\program files\MediaCoder
2008-11-30 19:35 ——— d—–w c:\program files\MegaSpoof
2008-11-28 00:37 ——— d—–w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-23 20:55 ——— d—–w c:\program files\LimeWire
2008-11-21 16:17 ——— d—–w c:\program files\Azureus
2008-11-21 12:55 ——— d—–w c:\program files\Rondomedia
2008-11-14 16:11 ——— d—–w c:\program files\McAfee
2008-11-08 08:11 ——— d—–w c:\program files\Google
2008-11-07 19:54 ——— d—–w c:\program files\Putt Putt - De Reis door de Tijd
2008-11-07 06:36 ——— d—–w c:\program files\Pajama Sam 3 - Je bent wat je eet als je dat maar weet
2008-11-02 16:41 ——— d—–w c:\program files\Gabest
2008-11-02 08:29 ——— d—–w c:\program files\ImTOO
2008-11-01 12:30 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\Smart Panel
2008-11-01 10:36 ——— d—–w c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-01 10:35 ——— d—–w c:\program files\Error Repair Professional
2008-11-01 10:35 ——— d—–w c:\program files\Any DVD Converter Professional
2008-11-01 10:35 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\Any DVD Converter Professional
2008-11-01 10:34 ——— d—–w c:\program files\Free Audio Pack
2008-11-01 10:32 ——— d—–w c:\program files\TallStick
2008-11-01 09:23 ——— d—–w c:\program files\logivert
2008-10-31 17:31 ——— d—–w c:\program files\Common Files\Borland Shared
2008-10-31 17:26 ——— d—–w c:\program files\Easy Computing
2008-10-28 12:00 39,064,816 —-a-w c:\windows\system32\xa55399437.exe
2008-10-28 12:00 39,064,816 —-a-w c:\windows\system32\xa55395171.exe
2008-10-28 12:00 172,032 —-a-w c:\windows\system32\xwr88649.dll
2008-10-28 12:00 172,032 —-a-w c:\windows\system32\wr88649.dll
2008-10-26 08:31 ——— d—–w c:\program files\SmartFix
2008-10-25 09:33 ——— d—–w c:\program files\Common Files\PocketSoft
2008-10-25 09:30 ——— d–h–w c:\program files\InstallShield Installation Information
2008-10-25 08:27 ——— d—–w c:\program files\Atari
2008-10-25 08:24 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\Atari
2008-10-25 08:14 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\Leadertech
2008-10-25 08:11 ——— d—–w c:\program files\Electronic Arts
2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
2008-10-22 15:13 ——— d—–w c:\documents and settings\Jurgen & Marielle\Application Data\dvdcss
2008-10-21 17:11 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-21 15:52 ——— d—–w c:\program files\Babel Deluxe
2008-10-17 17:07 720,896 —-a-w c:\windows\iun6002.exe
2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll
2008-10-16 20:33 5,120 —-a-w c:\windows\system32\klomp.exe
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
2008-10-03 10:05 247,326 ——w c:\windows\system32\strmdll.dll
2008-10-02 09:07 453,152 —-a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 —-a-w c:\windows\system32\msxml4.dll
2001-09-07 12:00 94,784 –sh–w c:\windows\twain.dll
2008-04-14 17:02 50,688 –sh–w c:\windows\twain_32.dll
2008-08-28 19:29 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082820080829\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe”
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe”
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe”
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe”
“ISUSPM Startup”=“c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe”
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe”
“WebcamMaxMoniter”=“c:\program files\WebcamMax\CAMTHINS.exe”
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“Share-to-Web Namespace Daemon”=“c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“Acrobat Assistant 8.0”=“e:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
“Sunkist2k”=“c:\program files\Multimedia Card Reader\shwicon2k.exe”
“McENUI”=“c:\progra~1\McAfee\MHN\McENUI.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“nwiz”=“nwiz.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\Jurgen & Marielle\Menu Start\Programma's\Opstarten\
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE
“Debugger”=c:\windows\system32\klomp.exe
“AntiVirusDisableNotify”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“EnableFirewall”= 0 (0x0)
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe”=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;“c:\program files\McAfee\SiteAdvisor\McSACore.exe”
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys
\Shell\AutoRun\command - F:\WDSetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de ‘Gedeelde Taken’ map
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe
2007-07-01 c:\windows\Tasks\TASK20070701170744.job
- c:\program files\Ipswitch\WS_FTP Pro\wsftppro.exe
2007-07-01 c:\windows\Tasks\TASK20070701170906.job
- c:\program files\Ipswitch\WS_FTP Pro\wsftppro.exe
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run- - (no file)
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: Converteren naar Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader.ocx
O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4}
hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
c:\windows\Downloaded Program Files\IPSUploader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 00:06:13
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-12-22 0:08:45
ComboFix-quarantined-files.txt 2008-12-21 23:08:07
Pre-Run: 132,598,059,008 bytes beschikbaar
Post-Run: 132,768,333,824 bytes beschikbaar
218 — E O F — 2008-12-18 05:25:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:10:48, on 22-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM\..\Run: “C:\Program Files\WebcamMax\CAMTHINS.exe” /m
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 - HKLM\..\Run: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: Converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202000i/AcDcToday.ocx
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%202000i/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202000i/AcPreview.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 12435 bytes

Lightask virus

Jurgen

huib

Jurgen

huib

Jurgen

huib

Jaap Ton

Jurgen

huib

Jurgen