Mededeling

Collapse
No announcement yet.

Virus-trojan horse via MSN

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus-trojan horse via MSN

    Beste,

    Zondag heb ik een virus binnengekregen via MSN en het begon metteen berichten in mijn naam door te sturen. Ik heb het zo snel mogelijk uitgeschakeld en MSN gedesinstalleerd.
    Ik merkte dat het virus de updater van mijn virusscanner (F-secure) had geblokkeerd.
    Vervolgens heb ik de virus opgezocht en de handelingen gevolgd van deze website: http://www.pc-helpforum.be/f184/opgelost-msn-virus-8715/
    ik had dus combofix geinstalleerd gerund, hij heeft het volgende verwijderd: C:\WINDOWS\mrofinu1423.exe
    hierna heb ik Ccleaner gerund. Ik dacht dat ik er vanaf was, maar natuurlijk niet. Ik heb enkele online scan gerunned en die vonden nog steeds virussen.
    Ondertussen heb ik F-secure opnieuw geinstalleerd en hij vindt steeds 11 infected files waarvan hij de virus blijkbaar niet kan verwijderen.

    F-secure vindt het volgende: Troyan-Downloader:Win32/agent.EXY

    Ik ondervind enkel problemen bij het afsluiten van de PC, hij wil dit niet altijd doen en ik krijg ook een blauw waarschuwingsscherm.

    Moet ik combofix opnieuw installeren en runnen?
    Kunnen jullie mij helpen of zit er niets anders op dan format C?
    Ik ben niet zo thuis in virusbestrijdingen..

    Alvast bedankt,
    Nyala

    log file
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:52, on 29/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\locator.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Common\fsm32.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Documents and Settings\Micky\Application Data\WinTouch\WinTouch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6216B4B6-270D-5AAC-0014-2E00BDB7DD9F} - C:\WINDOWS\system32\vtevwb.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Nvidia] C:\Program Files\Mozilla Firefox\edfagc.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Micky\Application Data\WinTouch\WinTouch.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177105772156
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anneke-83.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5260/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 13935 bytes
    Last edited by Nyala; 29-03-08, 11:44.

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

    • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
      O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
      O2 - BHO: (no name) - {6216B4B6-270D-5AAC-0014-2E00BDB7DD9F} - C:\WINDOWS\system32\vtevwb.dll (file missing)
      O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
      O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
      O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
      O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe
      O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Micky\Application Data\WinTouch\WinTouch.exe

      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      RVAXO-log

      ---RVAXO.exe Updated: 2008-03-29---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\17PHolmes1423.exe
      C:\WINDOWS\mrofinu1423.exe
      C:\WINDOWS\mrofinu1423.exe.tmp

      Folders Found:
      C:\Program Files\SchijfBewaker
      C:\Program Files\Common Files\SchijfBewaker
      C:\Documents and Settings\Micky\Application Data\SchijfBewaker
      C:\Documents and Settings\All Users\Application Data\SchijfBewaker
      C:\Program Files\Outerinfo
      C:\Program Files\Temporary
      C:\Program Files\Inetget2
      C:\Program Files\javacore
      C:\Documents and Settings\All Users\Application Data\SalesMon

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\Program Files\javacore
      C:\Program Files\SchijfBewaker
      C:\Program Files\Common Files\SchijfBewaker
      C:\Documents and Settings\Micky\Application Data\SchijfBewaker
      C:\Documents and Settings\All Users\Application Data\SchijfBewaker
      C:\Program Files\Inetget2

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        log deckard's system scanner

        Deckard's System Scanner v20071014.68
        Run by Micky on 2008-03-29 11:47:54
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------

        Successfully created a Deckard's System Scanner Restore Point.


        -- Last 5 Restore Point(s) --
        10: 2008-03-29 10:48:00 UTC - RP10 - Deckard's System Scanner Restore Point
        9: 2008-03-29 08:01:08 UTC - RP9 - Removed Autodesk Inventor 7
        8: 2008-03-28 20:05:47 UTC - RP8 - Controlepunt van systeem
        7: 2008-03-27 20:04:45 UTC - RP7 - Installed AVG 8.0
        6: 2008-03-27 19:59:57 UTC - RP6 - Installed AVG 8.0


        -- First Restore Point --
        1: 2008-03-23 13:22:09 UTC - RP1 - Controlepunt van systeem


        Backed up registry hives.
        Performed disk cleanup.

        Percentage of Memory in Use: 76% (more than 75%).


        -- HijackThis (run as Micky.exe) -----------------------------------------------

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 11:49:34, on 29/03/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\SCardSvr.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Spyware Doctor\pctsAuxs.exe
        C:\Program Files\Spyware Doctor\pctsSvc.exe
        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Spyware Doctor\pctsTray.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\WINDOWS\system32\wscntfy.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\17PHolmes1423.exe
        C:\WINDOWS\mHotkey.exe
        C:\WINDOWS\CNYHKey.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\WINDOWS\Dit.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
        C:\WINDOWS\mrofinu1423.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
        C:\WINDOWS\system32\locator.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\Skype\Plugin Manager\skypePM.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
        C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
        C:\Documents and Settings\Micky\Bureaublad\dss.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
        C:\PROGRA~1\TRENDM~1\HIJACK~1\Micky.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
        O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
        O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [Dit] Dit.exe
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
        O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [Nvidia] C:\Program Files\Mozilla Firefox\edfagc.exe
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: BlueSoleil.lnk = ?
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
        O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177105772156
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anneke-83.spaces.live.com/PhotoUpload/MsnPUpld.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
        O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5260/mcfscan.cab
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

        --
        End of file - 13046 bytes

        -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

        backup-20080329-113848-267 O2 - BHO: (no name) - {6216B4B6-270D-5AAC-0014-2E00BDB7DD9F} - C:\WINDOWS\system32\vtevwb.dll (file missing)
        backup-20080329-113848-300 O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
        backup-20080329-113848-363 O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
        backup-20080329-113848-446 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
        backup-20080329-113848-477 O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
        backup-20080329-113848-567 O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe
        backup-20080329-113848-663 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
        backup-20080329-113848-765 O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Micky\Application Data\WinTouch\WinTouch.exe

        -- File Associations -----------------------------------------------------------

        .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
        R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
        R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
        R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
        R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
        R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
        R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
        R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
        R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys <Not Verified; F-Secure Corporation; F-Secure Management Agent>
        R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
        R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
        R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
        R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
        R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

        S1 ctredrv.sys - c:\windows\system32\drivers\ctredrv.sys (file missing)
        S1 Serial (Stuurprogramma voor seriële poort) - c:\windows\system32\drivers\serial.sys (file missing)
        S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
        S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
        S3 FlyPCI - c:\windows\system32\drivers\flypci.sys
        S3 serenum (Serenum Filter-stuurprogramma) - c:\windows\system32\drivers\serenum.sys (file missing)
        S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
        R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
        R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
        R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
        R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
        R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
        R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
        R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
        R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

        S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe" <Not Verified; F-Secure Corporation. All Rights Reserved.; F-Secure Authentication Agent>
        S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
        S3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>


        -- Device Manager: Disabled ----------------------------------------------------

        Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
        Description: RT2500 USB Wireless LAN Card
        Device ID: USB\VID_148F&PID_2570\6&62D87E1&0&1
        Manufacturer: Ralink Technology Corp.
        Name: RT2500 USB Wireless LAN Card
        PNP Device ID: USB\VID_148F&PID_2570\6&62D87E1&0&1
        Service: RT2500USB

        Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
        Description: Communicatiepoort
        Device ID: ACPI\PNP0501\1
        Manufacturer: (Standaardpoorttypen)
        Name: Communicatiepoort (COM1)
        PNP Device ID: ACPI\PNP0501\1
        Service: Serial

        Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
        Description: Nokia 5140i
        Device ID: ROOT\WPD\0000
        Manufacturer: Nokia
        Name: Nokia 5140i
        PNP Device ID: ROOT\WPD\0000
        Service: WUDFRd


        -- Scheduled Tasks -------------------------------------------------------------

        2007-12-31 15:49:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


        -- Files created between 2008-02-29 and 2008-03-29 -----------------------------

        2008-03-29 11:43:40 37376 --a------ C:\WINDOWS\mrofinu1423.exe
        2008-03-29 11:42:43 0 d-------- C:\RVAXO
        2008-03-29 11:39:28 768457 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-03-29 11:39:28 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
        2008-03-29 11:39:28 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-03-29 10:28:58 0 d-------- C:\Program Files\Trend Micro
        2008-03-27 21:20:19 0 d-------- C:\Documents and Settings\Micky\Application Data\WinTouch
        2008-03-27 21:20:18 0 d-------- C:\Program Files\InetGet2
        2008-03-27 18:21:43 0 d-------- C:\WINDOWS\McAfee.com
        2008-03-26 20:06:24 0 d-------- C:\fsaua.data
        2008-03-26 18:02:26 0 d-------- C:\WINDOWS\system32\?ssembly
        2008-03-25 23:04:59 0 d-------- C:\Documents and Settings\Micky\.housecall6.6
        2008-03-25 17:12:57 0 d-------- C:\529a6354d2a4b1f5c43409
        2008-03-24 16:12:58 0 d-------- C:\Program Files\M?crosoft.NET
        2008-03-24 16:07:24 0 d-------- C:\Program Files\JavaCore
        2008-03-24 16:02:09 0 d-------- C:\Program Files\nvcoi
        2008-03-24 15:36:44 0 d-------- C:\Program Files\CPV
        2008-03-23 14:37:16 0 d-------- C:\533360b9ba8522fb70451fa8
        2008-03-23 14:26:06 0 dr-h----- C:\Documents and Settings\Micky\Onlangs geopend
        2008-03-23 13:41:44 0 d-------- C:\Program Files\CCleaner
        2008-03-23 13:14:15 0 d-------- C:\WINDOWS\pss
        2008-03-23 13:04:13 0 d-------- C:\d988603cfbfea0adaa97
        2008-03-23 13:02:46 0 d-------- C:\WINDOWS\system32\appmgmt
        2008-03-23 12:46:39 64156 --a------ C:\WINDOWS\system32\yrabuon.exe
        2008-03-18 18:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
        2008-03-18 18:49:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
        2008-03-18 18:49:33 0 d-------- C:\Program Files\SurfRight
        2008-03-18 18:39:31 0 d-------- C:\Documents and Settings\Micky\Application Data\Canon


        -- Find3M Report ---------------------------------------------------------------

        2008-03-29 11:45:39 0 d-------- C:\Documents and Settings\Micky\Application Data\Skype
        2008-03-29 09:02:09 0 d-------- C:\Program Files\Common Files\Autodesk Shared
        2008-03-29 08:59:07 0 d-------- C:\Program Files\SpywareBlaster
        2008-03-28 17:35:21 0 d-------- C:\Program Files\Spyware Doctor
        2008-03-27 21:14:18 0 d-------- C:\Program Files\F-Secure
        2008-03-26 22:41:56 0 d-------- C:\Program Files\M?crosoft.NET
        2008-03-26 22:41:45 0 d-------- C:\Program Files\CrossLoop
        2008-03-25 18:36:02 0 d-------- C:\Program Files\Common Files
        2008-03-25 17:56:30 0 d-------- C:\Program Files\Hitman Pro
        2008-03-20 16:50:30 0 d-------- C:\Program Files\Common Files\Adobe
        2008-03-18 19:02:18 503234 --a------ C:\WINDOWS\system32\perfh013.dat
        2008-03-18 19:02:18 88926 --a------ C:\WINDOWS\system32\perfc013.dat
        2008-03-18 18:55:28 0 d-------- C:\Program Files\Common Files\SchijfBewaker
        2008-03-18 18:52:46 0 d-------- C:\Documents and Settings\Micky\Application Data\ZoomBrowser EX
        2008-03-12 21:39:29 0 d-------- C:\Program Files\Soulseek
        2008-03-09 00:21:35 0 d-------- C:\Documents and Settings\Micky\Application Data\Ahead


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CHotkey"="mHotkey.exe" [24/02/2004 14:05 C:\WINDOWS\mHotkey.exe]
        "ledpointer"="CNYHKey.exe" [03/02/2004 17:15 C:\WINDOWS\CNYHKey.exe]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/09/2004 23:09]
        "nwiz"="nwiz.exe" [20/09/2004 23:09 C:\WINDOWS\system32\nwiz.exe]
        "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
        "Cmaudio"="cmicnfg.cpl"
        "Dit"="Dit.exe" [20/07/2004 17:18 C:\WINDOWS\Dit.exe]
        "AGRSMMSG"="AGRSMMSG.exe" [20/02/2004 15:00 C:\WINDOWS\AGRSMMSG.exe]
        "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 22:12]
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
        "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/01/2007 10:19]
        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
        "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [29/10/2004 20:34]
        "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
        "Nvidia"="C:\Program Files\Mozilla Firefox\edfagc.exe" [23/03/2008 13:00]
        "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [14/07/2005 14:09]
        "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 01:12]
        "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [05/12/2002 16:24]
        "runner1"="C:\WINDOWS\mrofinu1423.exe" [29/03/2008 11:43]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:03]
        "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/03/2007 12:34]

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
        "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [5/05/2007 9:36:29]
        Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [28/05/2002 14:47:10]
        BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [20/04/2007 22:16:44]
        HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 22:23:26]
        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 0:01:04]
        RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [20/04/2007 22:11:26]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
        "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
        @="Service"





        -- End of Deckard's System Scanner: finished at 2008-03-29 11:50:03 ------------

        Comment


        • #5
          Herstart je computer nog een keer.


          Post na de herstart even een nieuw logje van Hijackthis

          Comment


          • #6
            HijackThis-log na herstarten

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 12:14:17, on 29/03/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\System32\SCardSvr.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\mHotkey.exe
            C:\WINDOWS\CNYHKey.exe
            C:\WINDOWS\system32\RunDll32.exe
            C:\WINDOWS\Dit.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\AGRSMMSG.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
            C:\Program Files\Spyware Doctor\pctsTray.exe
            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
            C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
            C:\Program Files\F-Secure\Common\FSM32.EXE
            C:\WINDOWS\mrofinu1423.exe
            C:\WINDOWS\mrofinu1423.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
            C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            C:\WINDOWS\system32\drivers\CDAC11BA.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
            C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\Program Files\Spyware Doctor\pctsAuxs.exe
            C:\Program Files\Spyware Doctor\pctsSvc.exe
            C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
            C:\Program Files\Skype\Plugin Manager\skypePM.exe
            C:\Program Files\Canon\CAL\CALMAIN.exe
            C:\Program Files\F-Secure\Common\FSMA32.EXE
            C:\Program Files\F-Secure\Common\FSMB32.EXE
            C:\Program Files\F-Secure\Common\FCH32.EXE
            C:\Program Files\F-Secure\Common\FAMEH32.EXE
            C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\system32\locator.exe
            C:\WINDOWS\system32\wbem\wmiprvse.exe
            C:\Program Files\F-Secure\Common\FNRB32.EXE
            C:\Program Files\F-Secure\Common\FIH32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
            C:\WINDOWS\System32\alg.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
            C:\WINDOWS\System32\svchost.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.standaard.be/index.html?ref=20080325
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
            O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
            O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
            O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [Dit] Dit.exe
            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
            O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [Nvidia] C:\Program Files\Mozilla Firefox\edfagc.exe
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
            O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
            O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
            O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
            O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: BlueSoleil.lnk = ?
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
            O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
            O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
            O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177105772156
            O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
            O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anneke-83.spaces.live.com/PhotoUpload/MsnPUpld.cab
            O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
            O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5260/mcfscan.cab
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
            O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
            O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
            O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
            O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
            O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
            O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
            O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
            O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

            --
            End of file - 13179 bytes

            Comment


            • #7
              waarschuwing F-secure

              Had f-secure terug opgezet. Deze gaf wel al een melding dat er een mogelijk virus op zat , das zal wel dat DSS bestandje zijn zeker?
              Moet dit verwijderd worden? of nog even afwachten?

              Allesinds al super hard bedankt om me te willen voorthelpen!


              Nyala

              Comment


              • #8
                nog klein vraagje

                Welke virusscanner vind jij de beste? F-secure5.41 of de gratische AVG 7.5?

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ren C:\WINDOWS\system32\yrabuon.exe yrabuon.bak
                  ren C:\WINDOWS\17PHolmes1423.exe 17PHolmes1423.bak
                  ren C:\WINDOWS\mrofinu1423.exe mrofinu1423.bak
                  remove C:\WINDOWS\mrofinu1423.exe C:\rvaxo\mrofinu1423.exe
                  remove C:\WINDOWS\17PHolmes1423.exe C:\rvaxo\17PHolmes1423.exe
                  remove C:\WINDOWS\system32\yrabuon.exe C:\rvaxo\yrabuon.exe
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  C:\WINDOWS\17PHolmes1423.exe
                  C:\WINDOWS\17PHolmes1423.bak
                  C:\WINDOWS\mrofinu1423.exe
                  C:\WINDOWS\mrofinu1423.bak
                  C:\WINDOWS\mrofinu1423.exe.tmp
                  "C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe"
                  C:\WINDOWS\system32\yrabuon.bak
                  C:\WINDOWS\system32\yrabuon.exe) DO (
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  >>log.txt (
                  ECHO.
                  ECHO Deleting folders)
                  FOR %%I in (
                  C:\WINDOWS\system32\appmgmt
                  "C:\Program Files\Mcroso~1"
                  "C:\Program Files\nvcoi"
                  "C:\Program Files\CPV"
                  C:\WINDOWS\system32\ssembl~1
                  "C:\Program Files\javacore"
                  "C:\Program Files\SchijfBewaker"
                  "C:\Program Files\Common Files\SchijfBewaker"
                  C:\PROGRA~1\TRENDM~1\HIJACK~1\backups
                  "C:\Documents and Settings\Micky\Application Data\WinTouch"
                  "C:\Documents and Settings\Micky\Application Data\SchijfBewaker"
                  "C:\Documents and Settings\All Users\Application Data\SchijfBewaker"
                  "C:\Program Files\Inetget2") DO (
                  IF EXIST %%I (
                  RD /S /Q %%I
                  IF EXIST %%I (
                  ECHO %%I not deleted>>log.txt
                  ) ELSE (
                  ECHO %%I deleted>>log.txt)
                  ) ELSE (
                  ECHO %%I not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Comment


                  • #10
                    log del.bat

                    Deleting files
                    C:\WINDOWS\17PHolmes1423.exe not found
                    C:\WINDOWS\17PHolmes1423.bak not found
                    C:\WINDOWS\mrofinu1423.exe not found
                    C:\WINDOWS\mrofinu1423.bak not deleted
                    C:\WINDOWS\mrofinu1423.exe.tmp not found
                    "C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe" deleted
                    C:\WINDOWS\system32\yrabuon.bak not found
                    C:\WINDOWS\system32\yrabuon.exe not deleted

                    Deleting folders
                    C:\WINDOWS\system32\appmgmt deleted
                    "C:\Program Files\Mcroso~1" not found
                    "C:\Program Files\nvcoi" deleted
                    "C:\Program Files\CPV" deleted
                    C:\WINDOWS\system32\ssembl~1 deleted
                    "C:\Program Files\javacore" deleted
                    "C:\Program Files\SchijfBewaker" deleted
                    "C:\Program Files\Common Files\SchijfBewaker" deleted
                    C:\PROGRA~1\TRENDM~1\HIJACK~1\backups deleted
                    "C:\Documents and Settings\Micky\Application Data\WinTouch" deleted
                    "C:\Documents and Settings\Micky\Application Data\SchijfBewaker" deleted
                    "C:\Documents and Settings\All Users\Application Data\SchijfBewaker" deleted
                    "C:\Program Files\Inetget2" deleted

                    Comment


                    • #11
                      Herstart je computer.

                      Dubbelklik na de herstart nog een keer op del.bat
                      Post het nieuwe logje van del.bat.

                      Post ook een nieuw logje van Deckard's System Scanner

                      Comment


                      • #12
                        nog 1 ding PC wou nog niet normaal afsluiten. wanneer ik op afsluiten druk herstart hij en ik kan pas afsluiten bij het aanmeldingsvenster. maar het is allesinds al beter dan het blauwe waarschuwingsscherm. hieronder vind je de logs. ik zal wel een uur of 2-3 niet meer reageren..

                        del.bat log:

                        Deleting files
                        C:\WINDOWS\17PHolmes1423.exe not found
                        C:\WINDOWS\17PHolmes1423.bak not found
                        C:\WINDOWS\mrofinu1423.exe not found
                        C:\WINDOWS\mrofinu1423.bak deleted
                        C:\WINDOWS\mrofinu1423.exe.tmp not found
                        "C:\Documents and Settings\Micky\Application Data\Microsoft\Windows\rayiou.exe" not found
                        C:\WINDOWS\system32\yrabuon.bak not found
                        C:\WINDOWS\system32\yrabuon.exe not deleted

                        Deleting folders
                        C:\WINDOWS\system32\appmgmt not found
                        "C:\Program Files\Mcroso~1" not found
                        "C:\Program Files\nvcoi" not found
                        "C:\Program Files\CPV" not found
                        C:\WINDOWS\system32\ssembl~1 not found
                        "C:\Program Files\javacore" not found
                        "C:\Program Files\SchijfBewaker" not found
                        "C:\Program Files\Common Files\SchijfBewaker" not found
                        C:\PROGRA~1\TRENDM~1\HIJACK~1\backups not found
                        "C:\Documents and Settings\Micky\Application Data\WinTouch" not found
                        "C:\Documents and Settings\Micky\Application Data\SchijfBewaker" not found
                        "C:\Documents and Settings\All Users\Application Data\SchijfBewaker" not found
                        "C:\Program Files\Inetget2" not found

                        DSS log
                        Deckard's System Scanner v20071014.68
                        Run by Micky on 2008-03-29 13:49:40
                        Computer is in Normal Mode.
                        --------------------------------------------------------------------------------

                        Percentage of Memory in Use: 88% (more than 75%).


                        -- HijackThis (run as Micky.exe) -----------------------------------------------

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 13:49:50, on 29/03/2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\csrss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\System32\SCardSvr.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\mHotkey.exe
                        C:\WINDOWS\CNYHKey.exe
                        C:\WINDOWS\system32\RunDll32.exe
                        C:\WINDOWS\system32\rundll32.exe
                        C:\WINDOWS\Dit.exe
                        C:\WINDOWS\AGRSMMSG.exe
                        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
                        C:\Program Files\iTunes\iTunesHelper.exe
                        C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
                        C:\Program Files\Spyware Doctor\pctsTray.exe
                        C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                        C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
                        C:\Program Files\F-Secure\Common\FSM32.EXE
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Skype\Phone\Skype.exe
                        C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
                        C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
                        C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
                        C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
                        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
                        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
                        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        C:\WINDOWS\system32\HPZipm12.exe
                        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
                        C:\Program Files\Spyware Doctor\pctsAuxs.exe
                        C:\Program Files\Spyware Doctor\pctsSvc.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        C:\Program Files\Skype\Plugin Manager\skypePM.exe
                        C:\Program Files\Mozilla Firefox\firefox.exe
                        C:\Program Files\Canon\CAL\CALMAIN.exe
                        C:\Program Files\F-Secure\Common\FSMA32.EXE
                        C:\Program Files\F-Secure\Common\FSMB32.EXE
                        C:\Program Files\F-Secure\Common\FCH32.EXE
                        C:\Program Files\F-Secure\Common\FAMEH32.EXE
                        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                        C:\WINDOWS\system32\locator.exe
                        C:\Program Files\iPod\bin\iPodService.exe
                        C:\Program Files\F-Secure\Common\FNRB32.EXE
                        C:\Program Files\F-Secure\Common\FIH32.EXE
                        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
                        C:\WINDOWS\System32\alg.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\WINDOWS\system32\notepad.exe
                        C:\Documents and Settings\Micky\Bureaublad\dss.exe
                        C:\PROGRA~1\TRENDM~1\HIJACK~1\Micky.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.standaard.be/index.html?ref=20080325
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                        O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
                        O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                        O4 - HKLM\..\Run: [Dit] Dit.exe
                        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
                        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
                        O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [Nvidia] C:\Program Files\Mozilla Firefox\edfagc.exe
                        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                        O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
                        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
                        O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
                        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
                        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                        O4 - Global Startup: BlueSoleil.lnk = ?
                        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                        O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
                        O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                        O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                        O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177105772156
                        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
                        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anneke-83.spaces.live.com/PhotoUpload/MsnPUpld.cab
                        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
                        O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
                        O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5260/mcfscan.cab
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
                        O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
                        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                        O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
                        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
                        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
                        O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
                        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                        --
                        End of file - 13345 bytes

                        -- Files created between 2008-02-29 and 2008-03-29 -----------------------------

                        2008-03-29 12:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
                        2008-03-29 11:42:43 0 d-------- C:\RVAXO
                        2008-03-29 11:39:28 768457 --a------ C:\WINDOWS\system32\RVAXO.bat
                        2008-03-29 11:39:28 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
                        2008-03-29 11:39:28 69632 --a------ C:\WINDOWS\system32\remove.exe
                        2008-03-29 10:28:58 0 d-------- C:\Program Files\Trend Micro
                        2008-03-27 18:21:43 0 d-------- C:\WINDOWS\McAfee.com
                        2008-03-26 20:06:24 0 d-------- C:\fsaua.data
                        2008-03-25 23:04:59 0 d-------- C:\Documents and Settings\Micky\.housecall6.6
                        2008-03-25 17:12:57 0 d-------- C:\529a6354d2a4b1f5c43409
                        2008-03-24 16:12:58 0 d-------- C:\Program Files\M?crosoft.NET
                        2008-03-23 14:37:16 0 d-------- C:\533360b9ba8522fb70451fa8
                        2008-03-23 14:26:06 0 dr-h----- C:\Documents and Settings\Micky\Onlangs geopend
                        2008-03-23 13:41:44 0 d-------- C:\Program Files\CCleaner
                        2008-03-23 13:14:15 0 d-------- C:\WINDOWS\pss
                        2008-03-23 13:04:13 0 d-------- C:\d988603cfbfea0adaa97
                        2008-03-23 12:46:39 64156 --a------ C:\WINDOWS\system32\yrabuon.exe
                        2008-03-18 18:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                        2008-03-18 18:49:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
                        2008-03-18 18:49:33 0 d-------- C:\Program Files\SurfRight
                        2008-03-18 18:39:31 0 d-------- C:\Documents and Settings\Micky\Application Data\Canon


                        -- Find3M Report ---------------------------------------------------------------

                        2008-03-29 13:48:08 0 d-------- C:\Documents and Settings\Micky\Application Data\Skype
                        2008-03-29 13:25:06 0 d-------- C:\Program Files\Common Files
                        2008-03-29 09:02:09 0 d-------- C:\Program Files\Common Files\Autodesk Shared
                        2008-03-29 08:59:07 0 d-------- C:\Program Files\SpywareBlaster
                        2008-03-28 17:35:21 0 d-------- C:\Program Files\Spyware Doctor
                        2008-03-27 21:14:18 0 d-------- C:\Program Files\F-Secure
                        2008-03-26 22:41:56 0 d-------- C:\Program Files\M?crosoft.NET
                        2008-03-26 22:41:45 0 d-------- C:\Program Files\CrossLoop
                        2008-03-25 17:56:30 0 d-------- C:\Program Files\Hitman Pro
                        2008-03-20 16:50:30 0 d-------- C:\Program Files\Common Files\Adobe
                        2008-03-18 19:02:18 503234 --a------ C:\WINDOWS\system32\perfh013.dat
                        2008-03-18 19:02:18 88926 --a------ C:\WINDOWS\system32\perfc013.dat
                        2008-03-18 18:52:46 0 d-------- C:\Documents and Settings\Micky\Application Data\ZoomBrowser EX
                        2008-03-12 21:39:29 0 d-------- C:\Program Files\Soulseek
                        2008-03-09 00:21:35 0 d-------- C:\Documents and Settings\Micky\Application Data\Ahead


                        -- Registry Dump ---------------------------------------------------------------

                        *Note* empty entries & legit default entries are not shown


                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "CHotkey"="mHotkey.exe" [24/02/2004 14:05 C:\WINDOWS\mHotkey.exe]
                        "ledpointer"="CNYHKey.exe" [03/02/2004 17:15 C:\WINDOWS\CNYHKey.exe]
                        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/09/2004 23:09]
                        "nwiz"="nwiz.exe" [20/09/2004 23:09 C:\WINDOWS\system32\nwiz.exe]
                        "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
                        "Cmaudio"="cmicnfg.cpl"
                        "Dit"="Dit.exe" [20/07/2004 17:18 C:\WINDOWS\Dit.exe]
                        "AGRSMMSG"="AGRSMMSG.exe" [20/02/2004 15:00 C:\WINDOWS\AGRSMMSG.exe]
                        "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 22:12]
                        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
                        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
                        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
                        "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/01/2007 10:19]
                        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
                        "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [29/10/2004 20:34]
                        "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
                        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
                        "Nvidia"="C:\Program Files\Mozilla Firefox\edfagc.exe" [23/03/2008 13:00]
                        "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [14/07/2005 14:09]
                        "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 01:12]
                        "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [05/12/2002 16:24]
                        "runner1"="C:\WINDOWS\mrofinu1423.exe"
                        "Flash Media"=""
                        "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k"

                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:03]
                        "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/03/2007 12:34]

                        [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                        "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

                        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                        Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [5/05/2007 9:36:29]
                        Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [28/05/2002 14:47:10]
                        BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [20/04/2007 22:16:44]
                        HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 22:23:26]
                        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 0:01:04]
                        RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [20/04/2007 22:11:26]

                        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                        "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\yrabuon.exe"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
                        @="Service"





                        -- End of Deckard's System Scanner: finished at 2008-03-29 13:50:13 ------------

                        Comment


                        • #13
                          Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
                          Dubbelklik op KillAFile.exe om de tool te starten.
                          In het keuzemenu kies je voor optie 1:
                          1: Delete a file on reboot
                          Wanneer deze melding verschijnt
                          Code:
                          Insert full path and filename to delete.
                          and then press enter:
                          tik je dit in: C:\WINDOWS\system32\yrabuon.exe
                          Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
                          Sta dit toe.
                          Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

                          Comment


                          • #14
                            heb problemen gehad bij herstarten, kreeg windows problemen.. 2de keer blokkeerde hij. ctrl alt del ging zelfs niet.
                            3de keer is hij opgestart met logfile! ma ziet er persies ni goed uit. heb het programma 3 keer gelopen.

                            KILLAFILE - logfile


                            Running from: "C:\Documents and Settings\Micky\Bureaublad"

                            Delete on reboot: C:\WINDOWS\system32\yrabuon.exe

                            --- Rebooting the computer ---

                            C:\WINDOWS\system32\yrabuon.exe not deleted


                            Finished!
                            Last edited by Nyala; 29-03-08, 18:39.

                            Comment


                            • #15
                              Taaie rakker

                              Download IceSword en unzip het naar je bureaublad in een map.
                              - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
                              - Links klik je op file.
                              - Kies nu deze computer in icesword en navigeer naar dit bestand:

                              C:\WINDOWS\system32\yrabuon.exe

                              - Rechtsklik er op en kies voor delete.

                              Herstart je PC en post een nieuw logje van Deckard's System Scanner.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X