Mededeling

Collapse
No announcement yet.

vervelend programma Malware Crush 3.7

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • vervelend programma Malware Crush 3.7

    Beste leden

    Sedert gisteren zit ik met een programma die ik maar niet verwijderd krijg.

    Al gekeken bij program files, in het register, msconfig (Services en Opstarten) maar het blijft maar terugkeren.

    Buiten Malware Crush 3.7 is er telkens een icoontje met het Windowsteken afwisselend met een rood cirkeltje met een wit kruiske, als ik er over ga "Security Alert!" en soms geeft hij daar dan een "Warning Spyware activity detected! The results of the scan show enz." aan.

    Hoe krijg ik dit ongedaan?

    Vriendelijke groeten en alvast dank voor de hulp.

    Als jullie gegegevens nodig hebben vd pc roepen jullie maar.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:03:47, on 4/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\apps\ABoard\AOSD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\wupeng.exe
    C:\Program Files\MalwareCrush\MalwareCrush.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MalwareCrush\MalwareCrush.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hama\Common\RaUI.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Telenet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe
    O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-2796183733-1495534085-3106162847-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'pa')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk884YYBE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158283865171
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 13269 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      Hey Smeenk

      Het is in orde! Tijdens ik RVAXO opstartte kwam ik een dialoogvenster tegen (zoals je zei) waar ik "Malware Crush" kon verwijderen (heb ik gedaan uiteraard) en na het herstarten was het weg!

      1000 maal dank, hopelijk blijft het weg.

      Is het nog nodig dat ik dat RVAXO-logje post en een nieuwe Hijack (wil ik gerust doen hoor)?

      Ik heb nog een probleem (hardware), zal ik bij "Hardware" posten.

      Comment


      • #4
        Post de logjes maar gewoon ter controle

        Comment


        • #5
          Hey

          Het blijft weg, een stevige voor U!

          zie de 2 logs hieronder (en nog iets):


          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\system32\actskn45.ocx
          C:\WINDOWS\system32\wupeng.exe

          Uninstallers Rogue scanners:

          MalwareCrush uninstaller found

          Folders Found:

          C:\Program Files\FunWebProducts
          C:\Program Files\MalwareCrush
          C:\Program Files\MyWebSearch

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          D:\Documents and Settings\Thierry\Mijn documenten\Mijn ontvangen bestanden\inventaris.zip
          Folders Found:

          --------------RVAXO.exe finished----------------


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 10:05:33, on 5/01/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
          c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
          c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
          C:\WINDOWS\System32\snmp.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          c:\apps\Powercinema\Kernel\TV\CLSched.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
          C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
          C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
          C:\apps\Powercinema\PCMService.exe
          C:\apps\ABoard\ABoard.exe
          C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
          C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
          C:\apps\ABoard\AOSD.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
          C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Hama\Common\RaUI.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\Outlook Express\msimn.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Telenet
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
          O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
          O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
          O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
          O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
          O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
          O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
          O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
          O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
          O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
          O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
          O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
          O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
          O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
          O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk884YYBE
          O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
          O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
          O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158283865171
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
          O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
          O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
          O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
          O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

          --
          End of file - 12670 bytes


          Zie je nog iets speciaals?

          AVG schepte wel daarnet een besmet "Path" (in D:\Documents...) op (niet het eerste uiteraard...) met als "Virus name" "Trojan horse SHeur.AKJJ", "Filename" "install459.exe", "Source" "Backup copy" maar ik heb het kunnen "Healen".

          Vriendelijke groeten

          Thierry

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Meld of er nog problemen zijn

            Comment


            • #7
              Zo, ik heb alles gedaan wat je gevraagd hebt Smeenk.

              RVAXO is van de pc.

              Na het gebruik met ATF CLEANER kwam er "Done Cleaning! ATF CLEANER has freed 25,156 MBs".

              Ik dacht dat de sites (25) gingen weg zijn (degene die je bovenaan je pc enkel maar hoeft aan te klikken, je begrijpt me wel) maar ze staan er nog.

              Van Firefox en Opera heb ik me niets moeten aantrekken want ik heb enkel IE.

              En nadat ik systeemherstel uitgeschakeld had (vinkje), pc herstart, heb ik systeemherstel terug ingeschakeld (vinkje weg).

              Maar ik begrijp niet waarom ik dat moest doen van die systeemherstel.

              "Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel."

              Wanneer is die systeemherstel gebeurd, heb ik dat vroeger eens handmatig gedaan of vandaag, gisteren,eergisteren automatisch bij het opslossen van dat probleem.

              Vriendelijke groeten

              Thierry

              Comment


              • #8
                Als je infecties hebt komen die automatisch ook in je systeemherstel te staan.
                Daarom moet je systeemherstel opschonen, omdat je anders het risico loopt dat je infecties terugzet wanneer je systeemherstel een keer gebruikt

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X