vastlopen pc

[OomLen]

Hallo,

Ik heb een laptop, een dell vostro 1000, met vista basics op. De laatste weken loopt bijna elk programma vast. Ik heb al een deel overbodige software verwijdert. Ik heb ook een hijack this logje gemaakt. Hier is het :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:09:30, on 21/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\SYSTEM32\Taskmgr.exe

C:\Users\The Family\Downloads\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com - International

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {0E293390-14C6-41B9-A047-C415DA008B2b} - C:\Windows\system32\aticalcl32.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {782360ec-f998-485e-b688-0339e1e396fc} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {782360ec-f998-485e-b688-0339e1e396fc} - (no file)

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [spyware Doctor] C:\Users\The Family\Desktop\sdsetup.exe -min

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

O4 - HKUS\S-1-5-18\..\Run: [RTHDBPL] C:\Windows\system32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: http://man.etriq.net

O15 - Trusted Zone: http://messagent.telenet.be

O15 - Trusted Zone: TV.be - je persoonlijke online TV-gids

O15 - Trusted Zone: Telenet Thuis

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: McAfee Application Installer Cleanup (0112231281461534) (0112231281461534mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011223~1.EXE (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Function Discovery Provider Host (fdPHost32) - Borland Software Corporation - C:\Windows\system32\cmipnpinstall32.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Human Interface Device Access (hidserv32) - Borland Software Corporation - C:\Windows\system32\KBDGEO32.exe

O23 - Service: Human Interface Device Access (hidserv3232) - Borland Software Corporation - C:\Windows\system32\netfxperf32.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Peer Networking Identity Manager (p2pimsvc32) - Borland Software Corporation - C:\Windows\system32\wcncsvc32.exe

O23 - Service: Protected Storage (ProtectedStorage32) - Borland Software Corporation - C:\Windows\system32\mfc40u32.exe

O23 - Service: Remote Access Auto Connection Manager (RasAuto32) - Borland Software Corporation - C:\Windows\system32\NlsLexicons000132.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Windows Defender (WinDefend32) - Borland Software Corporation - C:\Windows\system32\corpol32.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: WMI Performance Adapter (wmiApSrv32) - Borland Software Corporation - C:\Windows\system32\QSVRMGMT32.exe

--

End of file - 10455 bytes

Zien jullie hier iets in wat dit kan veroorzaken ? Alvast bedankt.

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop “McAfee Application Installer Cleanup"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete “McAfee Application Installer Cleanup"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop 0112231281461534

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete 0112231281461534

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop 0112231281461534mcinstcleanup

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete 0112231281461534mcinstcleanup

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop fdPHost32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete fdPHost32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop hidserv32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete hidserv32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop hidserv3232

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete hidserv3232

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop p2pimsvc32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete p2pimsvc32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop ProtectedStorage32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete ProtectedStorage32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop RasAuto32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete RasAuto32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop WinDefend32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete WinDefend32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop wmiApSrv32

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete wmiApSrv32

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com – International

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {0E293390-14C6-41B9-A047-C415DA008B2b} - C:\Windows\system32\aticalcl32.dll

O2 - BHO: (no name) - {782360ec-f998-485e-b688-0339e1e396fc} - (no file)

O3 - Toolbar: (no name) - {782360ec-f998-485e-b688-0339e1e396fc} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\A A_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B 35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\I MP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M 0202_~1.SH! C:\Users\THE

O4 - HKUS\S-1-5-18\..\Run: [RTHDBPL] C:\Windows\system32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\A A_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B 35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\I MP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M 0202_~1.SH! C:\Users\THE

O15 - Trusted Zone: Telenet Thuis

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[OomLen]

Dank je wel voor de informatie en de hulp. Ik heb alle stappen doorlopen zoals beschreven. Bij het Fixen na het scannen met HijackThis krijg ik een melding dat er een unexpected error occurde, met name wat betreft het verwijderen van

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\A A_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B 35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\I MP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M 0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M 0202_~1.SH! C:\Users\THE

ik voeg hierbij dus een nieuwe HijackThis log en de MBAM log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:01:12, on 23/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Users\The Family\Desktop\Kuisgerei\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: http://man.etriq.net

O15 - Trusted Zone: http://messagent.telenet.be

O15 - Trusted Zone: TV.be - je persoonlijke online TV-gids

O15 - Trusted Zone: Telenet Thuis

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: McAfee Application Installer Cleanup (0112231281461534) (0112231281461534mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011223~1.EXE (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Remote Access Auto Connection Manager (RasAuto32) - Unknown owner - C:\Windows\system32\NlsLexicons000132.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 9239 bytes

en hier de MBAM log :

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 5375

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

22/12/2010 10:46:33

mbam-log-2010-12-22 (10-46-33).txt

Scantype: Snelle scan

Objecten gescand: 168449

Verstreken tijd: 14 minuut/minuten, 15 seconde(n)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 11

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 2

Bestanden geïnfecteerd: 26

Geheugenprocessen geïnfecteerd:

c:\Windows\System32\mfc40u32.exe (Trojan.Tracur.S) -> 2504 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv3232 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8BDFF85-F8C2-4281-8669-31253E646518} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\Users\the family\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\Windows\System32\mfc40u32.exe (Trojan.Tracur.S) -> Delete on reboot.

c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\qsvrmgmt32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\cmipnpinstall32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\KBDGEO32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\netfxperf32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\wcncsvc32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\nlslexicons000132.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\corpol32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\aticalcl32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\dciman3232.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\ddraw32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\wpdshext32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Users\Caitlin\AppData\Roaming\02000000217f8919573c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Caitlin\AppData\Roaming\02000000217f8919573o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Caitlin\AppData\Roaming\02000000217f8919573p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Caitlin\AppData\Roaming\02000000217f8919573s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919515c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919515o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919515p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919515s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919573c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919573o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919573p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\02000000217f8919573s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\the family\AppData\Roaming\SysWin\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.

De PC loopt al veel sneller. Misschien zijn alle problemen nu wel opgelost ? Ik hoop het in elk geval.

[kape]

Malwarebytes heeft alvast een hele hoop rotzooi van de PC gehaald.

Om de 04-items van HijackThis te verwijderen, mag je de computer opstarten in "veilige modus". Voer dan de aanbevolen fix uit op beide 04-lijnen

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE

Sluit nà het verwijderen de PC af en start opnieuw op in normale modus. Maak dan een nieuw logje met HijackThis en Malwarebytes en hang beiden in je volgende bericht ter controle.

[OomLen]

Zelfs in veilige modus krijg ik een foutmelding van Hijackthis :

Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modMain_FixOther4Item(sItem=HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\THEFAM~1\appdata\local\temp\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WTH7PVEJ\AA_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OGMUVNKL\B35876~1.SH! c:\users\THEFAM~1\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NK3ZIEXY\IMP_1_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TZOGBEEH\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SPCKMWZ2\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZKZCRJ3B\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DZIODQ9Y\M0202_~1.SH! C:\Users\THEFAM~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RL4K3GBR\M0202_~1.SH! C:\Users\THE)

Error #5 - Invalid procedure call or argument

Windows version: Windows NT 6.00.1906

MSIE version: 8.0.6001.18999

HijackThis version: 2.0.4

Ligt het aan de versie van HijackThis die ik heb ?

[kape]

Laat ons eens via het register gaan kijken waarom HijackThis daar telkens foutmeldingen voor geeft. Ga via Start -> Uitvoeren/Zoekopdracht -> typ regedit. Zo kom je in het register terecht. Kies daar voor HKUS -> .DEFAULT -> ... -> Run ... en bekijk dan eens of je daar die lange aanduiding ergens kan terugvinden onder 1 van de items ?

[OomLen]

In het register is niets terug te vinden. Zelfs die RUN vind ik er niet in terug. Er is ondertussen wel wat veranderd aan mijn McAfee, dus misschien dat het daar mee te maken heeft ? Ik had mijn McAfee via MSCONFIG helemaal uitgeschakeld en dan nog eens die twee items proberen verwijderen via HijackThis, hetgeen hetzelfde resultaat gaf. Bij het opnieuw opstarten zag mijn McAfee er compleet anders uit : ik ben mijn securitycenter kwijt, maar ook die twee meldingen in HijackThis.

In bijlage nog eens een logje.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:54:25, on 24/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101223171514.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: http://man.etriq.net

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://messagent.telenet.be

O15 - Trusted Zone: TV.be - je persoonlijke online TV-gids

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: McAfee Application Installer Cleanup (0265161293176316) (0265161293176316mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\026516~1.EXE

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Remote Access Auto Connection Manager (RasAuto32) - Unknown owner - C:\Windows\system32\NlsLexicons000132.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 7381 bytes

Mij lijkt alles in orde, buiten die twee R0 searchassistant dingen, maar ook die krijg ik er dus niet af. Maar ok, daar stoor ik me niet echt aan.

Blijkbaar lag het probleem dus bij mijn McAfee... Heb dat altijd al rommel gevonden, maar ja, kreeg hem gratis via het werk...

hijackthis.log

[kape]

Die twee lijntjes zijn "schoonheidsfoutjes". Hebben geen enkele (negatieve) invloed op de werking van de PC. Indien die terugkeren in je nieuwe log, mag je dat zo laten !

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop “McAfee Application Installer Cleanup”

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete “McAfee Application Installer Cleanup”

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop 0265161293176316

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete 0265161293176316

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop 0265161293176316mcinstcleanup

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete 0265161293176316mcinstcleanup

Druk op Enter.

Verder ziet logje er inderdaad prima uit … en als er verder geen problemen zijn, kunnen we dit als “opgelost” beschouwen.

[OomLen]

Bedankt Kape. En een vrolijk Kerstfeest en een fijn Nieuwjaar.

[kape]

Graag gedaan ... en ook voor u een fijn uiteinde en een leuk begin xD