antivirus.startpagina.nl

Problemen met IE8 en Google Chrome

  • Anonymous avatar

    MarcelJnl

    Hallo allemaal,

    Ik heb continue problemen met mij internetexplorers. Langzame opening va sites, soms helemaal geen response etc. Dat allemaal met 60MB internet van UPC.Ik heb chrome weer verwijdered en IE9 terug laten zetten naar IE8, maar die is nu, gedeeltelijk Engels.

    Ik heb het schoonmaakstappenplan helemaal uitgevoerd en een scan late doen door Microsoft Safety scan. Deze laatste heeft, na drie uur scanen, twee items verwijderd, weet alleen niet welke.

    Malware bytes heeft geen problemen gedetecteerd. Hieronder staan mijn logs. Ik weet dat er iemand is die mij uit de brand kan helpen, graag in elk geval.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 16:27:43, on 25-11-2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v9.00 (9.00.8112.16421)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\PLFSetI.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Launch Manager\LManager.exe

    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Windows\ehome\ehtray.exe

    C:\Users\Macel\AppData\Local\Temp\RtkBtMnt.exe

    C:\Windows\system32\igfxext.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\system32\conime.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe

    C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe

    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0811&m=aspire_5735

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111122065949.dll

    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

    O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey

    O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\RunOnce: D:\Software\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Marcel

    O17 - HKLM\Software\..\Telephony: DomainName = Marcel

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Marcel

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Marcel

    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    End of file - 9804 bytes

    en

    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Databaseversie: 8238

    Windows 6.0.6002 Service Pack 2

    Internet Explorer 9.0.8112.16421

    25-11-2011 16:18:26

    mbam-log-2011-11-25 (16-18-26).txt

    Scantype: Snelle scan

    Objecten gescand: 159531

    Verstreken tijd: 5 minuut/minuten, 21 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 0

    Registerwaarden geïnfecteerd: 0

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Super bedankt voor de hulp.

    Marcel.

  • Anonymous avatar

    Ben

    Hallo Marcel,

    Je logje geeft nog aan dat je IE 9 gebruikt.

    Klik op: Start > (Instellingen) > Configuratiescherm > Programma’s > een programma verwijderen de volgende programma:

    Of IE 9 hier nog bij staat en zo ja verwijder hem en start pc opnieuw op.

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Marcel - Heb jij dit zelf ingesteld.

    Start HijackThis.

    Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren “Rechtermuisknop uitvoeren als”,

    indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)

    En klik op “Do a system scan only”.

    Vink vervolgens enkel deze onderstaande regels aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    Sluit alle open vensters (behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.

    Download Ccleaner

    Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (helaas) mee geinstalleerd.

    Je moet tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd word.

    Installeer CCleaner en start CCleaner op.

    • Klik in de linkse kolom op Cleaner.

    • Klik achtereenvolgens op Analyseren en Opschonen.

    • Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.

    • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.

    • Dan krijg je de vraag om een back-up te maken, klik op JA en kies dan Herstel alle geselecteerde fouten.

    • Sluit hierna CCleaner af.

    Plaats hierna een nieuwe HaijckThis logje en vertel er bij hoe het gaat.

    Ben

  • Anonymous avatar

    MarcelJnl

    Ben,

    Ik ontdenkte inderdaad dat IE 9 nog wordt gebruikt, heb IE9 verwijderd en gebruik nu echt IE8.

    Hierna heb ik:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    verwijderd met Haijck.

    Jij vroeg: O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Marcel - Heb jij dit zelf ingesteld.

    Geen idee, kan mij niet voorstellen.

    Vervolgens CC cleaner beide opties laten draaien en daarna Haijck laten scannen met de volgende log als resultaat:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 18:34:08, on 25-11-2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.19154)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\PLFSetI.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Launch Manager\LManager.exe

    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Windows\ehome\ehtray.exe

    C:\Windows\system32\igfxext.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Users\Macel\AppData\Local\Temp\RtkBtMnt.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe

    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0811&m=aspire_5735

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111122065949.dll

    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

    O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey

    O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Marcel

    O17 - HKLM\Software\..\Telephony: DomainName = Marcel

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Marcel

    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    End of file - 9559 bytes

  • Anonymous avatar

    Ben

    Hallo,

    Doe het volgende,

    Download Look2Me-Destroyer.exe naar je bureaublad.

    • Sluit alle open vensters.

    • Dubbelklik Look2Me-Destroyer.exe om het te starten.

    • Zet een vinkje naast Run this program as a task.

    • Je zal een melding krijgen met: ‘Look2Me-Destroyer will close and re-open in approximately 10 seconds’. Klik OK.

    • Wanneer Look2Me-Remover opnieuw opent, Klik de Scan for L2M knop.

    • Je bureaublad icoontjes en taakbalk zullen verdwijnen, dit is normaal.

    • Eénmaal gedaan met scannen, klik de Remove L2M knop.

    • Je zal de boodschapDone Scanning krijgen, klik OK.

    • Nadien zal je volgende melding krijgen: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klik OK.

    • Je computer zal dan afsluiten.

    • Start je computer opnieuw op.

    • Post de inhoud van C:\Look2Me-Destroyer.txt samen met een nieuw HijackThislogje en vertel meteen hoe het met je problemen is.

    Indien je een alert krijgt van je firewall dat dit programma probeert toegang te krijgen met het internet, sta het toe en blokkeer het niet!

    Indien je een runtime error ‘339’ krijgt, download MSWINSCK.OCX via onderstaande link en plaats het in je C:\WINNT\System32 map.

    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    Ben

  • Anonymous avatar

    fazantje

    Hoi Marcel,

    Je hoeft het laatste bericht van Ben niet uit te voeren hoor.

    Ben is lerende hiervoor en heeft een goede keuze gemaakt, alleen hij wist de achtergrond niet van jou eerdere logjes.

    Die 017 zijn van jou zoon zoals ook de vorige keer van de PS3.

    Groetjes Huib;)

  • Anonymous avatar

    MarcelJnl

    Geeft niets, had er ook nog niets mee gedaan, moest werken. Scherp trouwens Fazantje, dat je dat nog wist te achterhalen. Neemt niet weg dat IE8 nog steeds erg traag werkt, heeft iemand een tip? Ik heb met Google Chrome hetzelfde probleem. Ben nieuwsgierig. Marcel.

  • Anonymous avatar

    Ben

    Hallo Marcel,

    Download ComboFix van één van deze locaties:

    Link 1

    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

    >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

    * ( hier of hier staat een handleiding over hoe je deze kan uitschakelen)

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

    3. Dubbelklik op "Combofix.exe" om de tool te starten.

    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.

    * Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion.” herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

    Samen met een nieuwe HijackThis logje.

    Ben

  • Anonymous avatar

    MarcelJnl

    Okay Ben, was even zoeken hoe dat allemaal moest met McAfee, maar het is gelukt:

    eerst mijn Combofix log:

    ComboFix 11-11-26.03 - Macel 26-11-2011 17:16:52.1.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3000.1878

    Gestart vanuit: C:\Users\Macel\Desktop\ComboFix.exe

    AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    Besmet exemplaar van C:\Windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

    Hersteld exemplaar van - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-26 to 2011-11-26 ))))))))))))))))))))))))))))))

    2011-11-26 16:27:10 . 2011-11-26 16:29:24 ——– d—–w- C:\Users\Macel\AppData\Local\temp

    2011-11-26 16:27:10 . 2011-11-26 16:27:10 ——– d—–w- C:\Users\Default\AppData\Local\temp

    2011-11-25 15:24:02 . 2011-11-25 15:24:02 ——– d—–w- C:\Program Files\Trend Micro

    2011-11-25 15:12:08 . 2011-08-31 16:00:50 22216 —-a-w- C:\Windows\system32\drivers\mbam.sys

    2011-11-25 11:38:56 . 2011-11-25 17:09:15 ——– d—–w- C:\Program Files\CCleaner

    2011-11-19 07:56:24 . 2011-10-17 11:41:10 2409784 —-a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

    2011-11-19 07:56:21 . 2011-09-20 21:02:55 905088 —-a-w- C:\Windows\system32\drivers\tcpip.sys

    2011-11-19 07:56:06 . 2011-09-30 15:57:08 707584 —-a-w- C:\Program Files\Common Files\System\wab32.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-10-18 13:32:30 . 2011-08-08 15:06:38 150856 —-a-w- C:\Windows\system32\mfevtps.exe

    2011-10-15 12:16:16 . 2011-08-08 15:16:08 9608 —-a-w- C:\Windows\system32\drivers\mfeclnk.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 87656 —-a-w- C:\Windows\system32\drivers\mferkdet.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 64880 —-a-w- C:\Windows\system32\drivers\mfenlfk.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 59456 —-a-w- C:\Windows\system32\drivers\mfebopk.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 57600 —-a-w- C:\Windows\system32\drivers\cfwids.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 338176 —-a-w- C:\Windows\system32\drivers\mfefirek.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 180816 —-a-w- C:\Windows\system32\drivers\mfeavfk.sys

    2011-10-15 12:16:16 . 2011-08-08 15:15:43 165680 —-a-w- C:\Windows\system32\drivers\mfewfpk.sys

    2011-10-15 12:16:16 . 2011-03-13 09:20:10 464176 —-a-w- C:\Windows\system32\drivers\mfehidk.sys

    2011-10-15 12:16:16 . 2011-03-13 09:20:10 121256 —-a-w- C:\Windows\system32\drivers\mfeapfk.sys

    2011-10-03 03:06:03 . 2011-08-23 16:14:07 472808 —-a-w- C:\Windows\system32\deployJava1.dll

    2011-09-30 23:06:24 . 2011-10-13 07:20:05 916480 —-a-w- C:\Windows\system32\wininet.dll

    2011-09-30 23:02:06 . 2011-10-13 07:19:45 43520 —-a-w- C:\Windows\system32\licmgr10.dll

    2011-09-30 23:01:51 . 2011-10-13 07:19:50 1469440 —-a-w- C:\Windows\system32\inetcpl.cpl

    2011-09-30 23:01:34 . 2011-10-13 07:19:47 71680 —-a-w- C:\Windows\system32\iesetup.dll

    2011-09-30 23:01:34 . 2011-10-13 07:19:47 109056 —-a-w- C:\Windows\system32\iesysprep.dll

    2011-09-30 22:07:25 . 2011-10-13 07:19:49 385024 —-a-w- C:\Windows\system32\html.iec

    2011-09-30 21:29:54 . 2011-10-13 07:19:48 133632 —-a-w- C:\Windows\system32\ieUnatt.exe

    2011-09-30 21:28:36 . 2011-10-13 07:19:44 1638912 —-a-w- C:\Windows\system32\mshtml.tlb

    2011-09-06 13:30:12 . 2011-10-13 07:19:32 2043392 —-a-w- C:\Windows\system32\win32k.sys

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    @=“{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}”

    2008-05-14 15:05:06 121392 —-a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    “WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”

    “ehTray.exe”=“C:\Windows\ehome\ehTray.exe”

    “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”

    “ArcadeDeluxeAgent”=“C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”

    “CLMLServer”=“C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”

    “PlayMovie”=“C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”

    “RtHDVCpl”=“RtHDVCpl.exe”

    “Skytel”=“Skytel.exe”

    “PLFSetI”=“C:\Windows\PLFSetI.exe”

    “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe”

    “eDataSecurity Loader”=“C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe”

    “ePower_DMC”=“C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe”

    “WarReg_PopUp”=“C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe”

    “mcui_exe”=“C:\Program Files\McAfee.com\Agent\mcagent.exe”

    “IgfxTray”=“C:\Windows\system32\igfxtray.exe”

    “HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”

    “Persistence”=“C:\Windows\system32\igfxpers.exe”

    “SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    “EnableUIADesktopToggle”= 0 (0x0)

    @=“”

    @=“”

    2011-06-06 10:55:28 937920 —-a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    2008-04-06 20:42:36 34040 —-a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

    2009-01-05 14:18:48 413696 —-a-w- D:\QTTask.exe

    2008-01-21 02:23:32 1008184 —-a-w- C:\Program Files\Windows Defender\MSASCui.exe

    “DisableMonitoring”=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys

    R3 BthAvrcp;Bluetooth AVRCP-profiel;C:\Windows\system32\DRIVERS\BthAvrcp.sys

    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys

    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys

    S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys

    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

    S2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

    S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe

    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

    S2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys

    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys

    S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - mfeavfk01

    bthsvcs REG_MULTI_SZ BthServ

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    Inhoud van de ‘Gedeelde Taken’ map

    2011-11-26 C:\Windows\Tasks\User_Feed_Synchronization-{CE673741-35BA-43FD-9E26-94DE23F642B9}.job

    - C:\Windows\system32\msfeedssync.exe

    ——- Bijkomende Scan ——-

    uStart Page = hxxp://www.startpagina.nl/

    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0811&m=aspire_5735

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    TCP: DhcpNameServer = 192.168.1.1

    - - - - ORPHANS VERWIJDERD - - - -

    MSConfigStartUp-Advanced SystemCare 4 - D:\Software\Advanced SystemCare 4\ASCTray.exe

    MSConfigStartUp-Google Update - C:\Users\Macel\AppData\Local\Google\Update\GoogleUpdate.exe

    en dan mij Hijack log:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:39:37, on 26-11-2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.19154)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\conime.exe

    C:\Windows\system32\igfxsrvc.exe

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0811&m=aspire_5735

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111122065949.dll

    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

    O4 - HKLM\..\Run: C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

    O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey

    O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Marcel

    O17 - HKLM\Software\..\Telephony: DomainName = Marcel

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Marcel

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Marcel

    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    End of file - 8230 bytes

  • Anonymous avatar

    MarcelJnl

    Ben,

    Omdat Combofix zo ogenschijnlijk mooi werk deed heb ik de scan nog een keer gedaan. Hij blijft angeven dat:

    – Voorgaande Run –

    Besmet exemplaar van C:\Windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

    Hersteld exemplaar van - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    – Voorgaande Run –

    Besmet exemplaar van C:\Windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

    Hersteld exemplaar van - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    ——–

    Besmet exemplaar van C:\Windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

    Hersteld exemplaar van - C:\Windows\ERDNT\cache\userinit.exe

    ——–

    Besmet exemplaar van C:\Windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

    Hersteld exemplaar van - C:\Windows\ERDNT\cache\userinit.exe

    maar kan hem telkens “succesful restore'n”.

  • Anonymous avatar

    Ben

    Hallo Marcel,

    Voer niet steeds Combofix uit. (die moet ik nog even met fazantje doornemen)

    Wacht dat even af.

    Ben