Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Graag Hijack Log bekijken

juisterr
30 antwoorden
  • Heb WinXP Prp met SP2 en IE6.
    Het probleem is met IE dat wanneer op een website een Pop-up zou moeten verschijnen met bijv. een formulier om in te vullen dat dan dit formulier een fractie van een seconde verschijnt nog voor ook maar iets iingevuld kan worden. Heb veel instellingen veranderd; website is ook "Vertrouwd" ; pop-ups toegestaan enz.
    Bij FireFox echter geen problemen en bij Netscape weer wel.
    Een "Ouwe Rot" in het Software Forum Windows raadde mij aan een Hijack This te maken en in dit forum voor te leggen aan de experts.

    Bij voorbaat heel hartelijk dank.
    Paul

    Onderstaand de logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:02:03, on 9-9-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\VeriSign\NAVI
    aviagent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    E:\Pinnacle\PCTV\Remote\Remoterm.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\HHVcdV5Sys\VC5Play.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Eudora\Eudora.exe
    D:\Eudora\Plugins\Spamnix\spamnix.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js)
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
    O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O15 - Trusted Zone: http://www.davilexbusiness.nl
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: http://www.nokia.nl
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O15 - Trusted IP range: http://80.60.49.69
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
    O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
    aviagent.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • Die ouwe rot heeft gelijk, er zit het een en ander aan rotzooi op. Onder andere een dailer.

    Wil je eerst je [b:d1e11a1578]Logitech\Desktop Messenger[/b:d1e11a1578] uninstallen opnieuw opstarten en dan pas verder gaan met de fix die ik zo neer zal gaan zetten.

    eric
  • juister/Eric bedankt voor de reactie.
    Twee opmerkingen:
    - het programma'tje Dialer Detect dat ik regelmatig run laat mij 4 dialers zien en alle 4 betrouwbaar. Namelijk MxStream (=ADSL),HCCNet (voor toegang tot het HCCNet, PCI Modem Dial-up ( mijn gewone ouderwetse modem en tenslotte het nieuwste Nokia 6233 ( het "modem" van mijn GSM) Je opmerking betekent dus helaas dat Dialer Detect niet alles vindt.
    - Logitech Messenger wordt geïnstalleerd als onderdeel van mijn draadloze muis en keyboard. Nu is het vreemde dat in Configuratie Scherm onder Software niets verschijnt dat met Logitech te maken heeft.
    In de map van Logitech ook geen uninstall file. Zal ik nu maar die hele map verwijderen en dan vervolgens door mijn RegVac Registry Cleaner dan tenminste de daardoor veroorzaakte chaos op laten knappen?

    Bij voorbaat dank
    Paul
  • Je logitech heeft de hik en je kan die het beste uninstallen(via software)

    jouw dailers

    7AdPower Dialer X {3B623D23-2757-4881-A01E-D560EBCA5307} olanda_ver10.CAB 7AdPower_Dialer Changes your dialup connection settings.

    Trojan-Clicker.Win32.Adpower.a X {018A066F-584A-422F-AC4C-0B1F5FE5C040} http://www.viruslist.com/en/viruses/encyclopedia?virusid=49824
    7AdPower Dialer X {018A066F-584A-422F-AC4C-0B1F5FE5C040} olanda_ver3.CAB 7AdPower_Dialer Changes your dialup connection settings.

    NetVenda Dialer X {91433D86-9F27-402C-B5E3-DEBDD122C339} identified by SpywareBlaster


    Dialer.Trafficadvance X {00000000-0000-0000-0000-000020040000} http://securityresponse.symantec.com/avcenter/venc/data/dialer.trafficadvance.html

    bron

    echt dailers die je niet hebben wil hoor.
  • Na bovenstaande info, wil je dit eerst uitvoeren, opruimen van de rommel komt NA de fix.



    Zet de [b:9a8a13c7ea] Ad-Watch[/b:9a8a13c7ea] van ad-aware even uit, die kan de fix in de weg zitten.




    Download [b:9a8a13c7ea]Combofix[/b:9a8a13c7ea] naar je Bureaublad.[list:9a8a13c7ea]
    Dubbelklik [b:9a8a13c7ea]Combofix.exe[/b:9a8a13c7ea]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:9a8a13c7ea]NIET[/b:9a8a13c7ea] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9a8a13c7ea]
    Wanneer de fix voltooid is en na herstart, zal de log [b:9a8a13c7ea]combofix.txt[/b:9a8a13c7ea] openen.
    [i:9a8a13c7ea]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9a8a13c7ea] ([b:9a8a13c7ea]aub doe dit posten na de onderstaande fix[/b:9a8a13c7ea]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Start HJT opnieuw en vink onderstaande regels(indien nog aanwezig) aan en sluit alle vensters(behalve HJT) en klik dan op fix checked.

    [b:9a8a13c7ea]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab[/b:9a8a13c7ea]


    Verwijder met behulp van verkenner de onderstaande bestand.

    [b:9a8a13c7ea] msnmsgrr.exe[/b:9a8a13c7ea] <<< even zoeken waar het staat.(als het er nog staat dus)

    Start opnieuw op en plaats een nieuw logje samen met de combofix log.

    Bvd
    eric
  • Weer een negatieve surprise: Combofix wil niet lopen!
    Na opstarten, Y intikken gevolgd door Enter komt de mededeling dat de machine gescand gaat worden maar dan komt de message "Het systeem kan de opgegeven registersleutel of - waarde niet vinden", en stopt het programma.
    Opnieuw PC opgestart en naast Ad-watch ook de Mcafee virusscan en firewall uitgezet en opnieuw Combofix gestart maar helaas hetzelfde debacle.

    Sorry Eric, hoe nu verder?
    Paul
  • Aangezien ComboFix.exe niet wilde lopen heb ik eerst maar geprobeerd de aangegeven regels te laten "Fixen" door Hijack This voor zover het ging. De 2 regels met "olanda" erin waren verdwenen en ook het bestand "msnmsgrr.exe was nergens meer te vinden.
    Vervolgens Hijack This opnieuw laten scannen en onderstaand de betreffende Log file.

    Als het totaal verkeerd was om eerst de regels te "fixen" nog voordat ComboFix gelopen had kan ik altijd nog de Ghost image van de betreffende partitie terugzetten en helemaal opnieuw beginnen.

    Eric weer bij voorbaat hartelijk dank als je me verder kan helpen
    Paul


    Logfile of HijackThis v1.99.1
    Scan saved at 00:06, on 06-09-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\system32\carpserv.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\VeriSign\NAVI
    aviagent.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    E:\Pinnacle\PCTV\Remote\Remoterm.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\HHVcdV5Sys\VC5Play.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

    Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: i-Nav IDN SearchHook -

    {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program

    Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    N4 - Mozilla: user_pref("browser.search.defaultengine",

    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchpl

    ugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul

    Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js)
    O2 - BHO: HelperObject Class -

    {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program

    Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EWPBrowseObject Class -

    {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program

    Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent -

    {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common

    Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: i-Nav IDN Resolver -

    {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program

    Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} -

    C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

    Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

    Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

    Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic

    PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard

    Monitor\MBM5.EXE"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe]

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask]

    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online]

    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe]

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]

    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck]

    C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton

    Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

    Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program

    Files\Spy\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
    O4 - Startup: Registration-PCTV.lnk =

    E:\Pinnacle\PCTV\ERegister\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

    Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared

    Files\Programs\Scheduler\PCLEScheduler.exe
    O4 - Global Startup: VirtualCD 5.lnk = C:\Program

    Files\HHVcdV5Sys\VC5Play.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program

    Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List -

    res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print -

    res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

    Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

    Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program

    Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

    - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C}

    - C:\Program Files\Common Files\Microsoft Shared\Encarta Search

    Bar\ENCSBAR.DLL
    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F}

    - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help -

    {CE000992-A58C-4441-8938-744CD72AB27F} -

    http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -

    C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: i-Nav Options -

    {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program

    Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O15 - Trusted Zone: http://www.davilexbusiness.nl
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: http://www.nokia.nl
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O15 - Trusted IP range: http://80.60.49.69
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA

    Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

    Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

    Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID

    Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class)

    - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -

    http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

    Operating System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

    Class) -

    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/

    wuweb_site.cab?1097937495656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

    Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe

    b_site.cab?1149778818796
    O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A}

    (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec

    Download Bridge) -

    http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operat

    ions/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime

    Environment 1.4.1_02) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -

    https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software

    XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwfile-8876480 -

    {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

    file)
    O18 - Protocol: offline-8876480 -

    {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier -

    C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

    Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) -

    Unknown owner - E:\Adobe\Photoshop Elements

    4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program

    Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation

    - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

    32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. -

    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

    c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

    McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

    Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program

    Files\VeriSign\NAVI
    aviagent.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

    C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program

    Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec Shared\Security

    Console\NSCSRVCE.EXE
    O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

    - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH -

    C:\WINDOWS\system32\oodag.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

    Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program

    Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions -

    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common

    Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions -

    C:\Program Files\Common Files\Roxio

    Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator

    8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions -

    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program

    Files\Test\Sandra Professional\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program

    Files\Test\Sandra Professional\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common

    Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default))

    - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division

    Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot

    Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software

    GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -

    C:\WINDOWS\System32\WFXSVC.EXE
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

    C:\WINDOWS\system32\wwSecure.exe
  • probeer deze fix eens, jammer dat die combo niet draait.

    Download [b:de68cb0f72]Dr.Web CureIt[/color:de68cb0f72][/b:de68cb0f72] naar je Bureaublad:[list:de68cb0f72][*:de68cb0f72]Dubbelklik [b:de68cb0f72]drweb-cureit.exe[/b:de68cb0f72] en sta het toe om de express scan te starten.
    [*:de68cb0f72]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:de68cb0f72]Yes to all[/b:de68cb0f72] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:de68cb0f72]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
    [*:de68cb0f72]Selecteer hier [b:de68cb0f72]alle drives[/b:de68cb0f72]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:de68cb0f72]Klik daarna de [b:de68cb0f72]groene pijl[/b:de68cb0f72] rechts om de scan te starten.
    [*:de68cb0f72]Klik [b:de68cb0f72]Yes to all[/b:de68cb0f72] wanneer er gevraagd wordt om cure of move uit te voeren.
    [*:de68cb0f72]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:de68cb0f72]
    [*:de68cb0f72]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:de68cb0f72]Move incurable[/b:de68cb0f72] zoals je hier ziet:
    [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:de68cb0f72]
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
    [*:de68cb0f72]Nadat de scan gedaan is, in het menu bovenaan, klik [b:de68cb0f72]File[/b:de68cb0f72] en kies [b:de68cb0f72]Save report List[/b:de68cb0f72]. Bewaar het op je Bureaublad.
    [*:de68cb0f72]Sluit daarna Dr.Web Cureit.
    [*:de68cb0f72][b:de68cb0f72]Herstart[/b:de68cb0f72] je computer!! [i:de68cb0f72]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:de68cb0f72].
    [*:de68cb0f72]Na het herstarten, [b:de68cb0f72]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:de68cb0f72].
    [/list:u:de68cb0f72]

    Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is.

    bvd
    eric
  • Dr.Web Cureit heeft wel gelopen gelukkig. In het geheugen niets gevonden en in de 4 drives ook maar weinig. Ik vermoed dat ik in ieder geval 1 van de 4 "verhuisde" bestandjes weer terug moet zetten. Namelijk mgclose. dat.
    Hoe dan ook na de herstart is het oorspronkelijke probleem met IE niet opgelost. Volledigheidshalve met FireFox dat ik gisteren ook gedownload heb is er geen probleem; misschien NOG niet!

    Eric weer bedankt en ik hoop dat je ondanks het feit dat ComboFix niet wil lopen toch verder kan helpen graag.
    Paul

    Onderstaand de inhoud van de Dr Web log:

    VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
    VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
    sdcmon.dll C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved.
    tgupdate.exe C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved.
    mgclose.dat D:\Database\MG12\prog Tool.Prockill Incurable.Moved.
  • [quote:743525e6fd]Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is.
    [/quote:743525e6fd]

    aub logje dus.
  • Ik hoop dat de log zo beter te lezen is:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:49, on 06-09-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\system32\carpserv.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\VeriSign\NAVI
    aviagent.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    E:\Pinnacle\PCTV\Remote\Remoterm.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\HHVcdV5Sys\VC5Play.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Eudora\Eudora.exe
    D:\Eudora\Plugins\Spamnix\spamnix.exe
    C:\Program Files\eDonkey2000\edonkey2000.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
    O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O15 - Trusted Zone: http://www.davilexbusiness.nl
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: http://www.nokia.nl
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O15 - Trusted IP range: http://80.60.49.69
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
    O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
    aviagent.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • Start HJT nogmaals en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve die van HJT en klik op fix checked.

    [b:cbfb29e38b]O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe[/b:cbfb29e38b]
    Alle regels met [b:cbfb29e38b]O18 – Protocol >> (no file)[/b:cbfb29e38b]

    Start op in [b:cbfb29e38b]veilige modus[/b:cbfb29e38b] en verwijder via verkenner onderstaand dikgedrukt bestand.

    [b:cbfb29e38b]msnmsgrr.exe[/b:cbfb29e38b] even zoeken met de zoekfunctie.


    Mag ik daarna een nieuw HJT logje, zag er goed gemaakt uit trouwens goed te lezen.

    Eric
  • Hallo Eric,

    Heb al eens tevergeefs naar "msnmsgrr.exe" gezocht en daarom als eerste na je mail weer de hele PC af laten zoeken maar zonder resultaat.
    Vervolgens je aanwiijzingen gevolgd en na het opstarten in Veilige Modus weer naar "msnmsgrr.exe" gezocht en weer zonder resultaat.
    Opnieuw gestart in normale modus en een LOG gemaakt; zie onderstaand.
    Warempel daar staat weer "msnmsgrr.exe" in! Is dat niet hoogst merkwaardig? Heeft het zin om via regedit die 2 regels te deleten?

    In ieder geval alweer bedankt en hier dus de laatste log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:36, on 06-09-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\VeriSign\NAVI
    aviagent.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\Pinnacle\PCTV\Remote\Remoterm.exe
    E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\HHVcdV5Sys\VC5Play.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Eudora\Eudora.exe
    D:\Eudora\Plugins\Spamnix\spamnix.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
    O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
    O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O15 - Trusted Zone: http://www.davilexbusiness.nl
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: http://www.nokia.nl
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O15 - Trusted IP range: http://80.60.49.69
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
    O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
    aviagent.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • nieuwe download locatie
    download de killbox en pak hem uit naar je bureaublad
    http://www.killbox.net/


    start de killbox en zet een vinkje bij "delete on reboot"
    kopieer de vetgedrukte tekst:

    [b:4992c41c85]C:\WINDOWS\System32\msnmsgrr.exe [/b:4992c41c85]

    open[b:4992c41c85] "file" [/b:4992c41c85]in het killboxmenu bovenaan en kies: Paste from clipboard

    je zal zien, het bovenstaande vetgedrukte zal staan in het [b:4992c41c85]"Full Path of File to Delete"[/b:4992c41c85]-veld.
    Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes ( indien bestanden aanwezig ) die je gekopieerd hebt zien staan ( dat is tenminste de bedoeling )

    Daarna klik je op de rode knop met het wit kruisje erin,klik in beide popschermpjes op "OK"

    start opnieuw op en plaats een verst hjt logje aub.
  • Het lijkt erop dat Killbox niet veel gedaan heeft. Na het kopieren naar het veld "Full Path of…." gebeurt er na het klikken op het verticale pijltje verder niets. Ook niet na het klikken op het rode knopje met witte kruis. Er verschijnt (maar 1x de gelegenheid om op OK te drukken overigens)een mededeling die ook in onderstaande logfile staat. Tenslotte maar op Exit geklikt en opnieuw gestart. Overigens ik heb eerst gekeken of in de folder c:\windows\system32 wel de beruchte file staat. Helaas niet en voor alle zekerheid het volgende: mijn Windows Explorer staat zodanig ingesteld dat alle "hidden" files e.d. getoond worden!
    Hierbij de logfile van Killbox:
    Pocket Killbox version 2.0.0.881
    Running on Windows XP as Paul Lemmens(Administrator)
    was started @ Monday, September 11, 2006, 2:18 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\System32\msnmsgrr.exe


    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:20:20 PM
    Killbox Closed(Exit) @ 2:21:22 PM
    __________________________________________________

    Heb wel een nog een keer na het rebooten Hijack This laten lopen maar die Logfile is identiek aan de vorige. Dezelfde 2 regels met "msnmsgrr.exe".
    Dus ik dacht dat het niet zoveel zin had. Als je dit onterecht vindt zend ik alsnog een verse LOG.

    vriendelijke groet,
    Paul
  • Hmm even advies inwinnen, ik kom er op terug.
  • MSNMSGRR is inderdaad een smerig ding. Mijn Mcafee heeft die nooit gevonden. Trend Micro heeft er een mooi verhaal over maar een run via hun HouseCall free scanner vindt het ook niet ondanks de mooie praatjes op de website en met True Sword idem dito.
    Vervolgens heb ik via Regedit op de 2 plaatsen waar het in het register voorkomt, het item verwijderd maar als je dan van de 1e plaats naar de 2e plaats gaat en dan weer terugkeert naar de 1e staat alles er weer precies zoals voor de verwijdering!
    En dat allemaal zonder dat het bestand msnmsgrr.exe zelf te vinden is.!!

    Eric, ik wacht met spanning op je advies en mag ik aannemen dat Hijack This verder geen "foute" dingen meer laat zien?

    Bij voorbaat weer dank en veel groeten,
    Paul
  • Ik heb het vermoeden dat je een rootkit op je pc hebt die we niet kunnen zien, daarom is het extra jammer dat de combofix het niet deed. Wil je die instructie nogmaals lezen en dan proberen nogmaals uit te voeren.

    Ik ben bij anderen aan het navragen wat de juiste actie moet zijn in dit geval, ik kan wel zelf allerlei dingen gaan uitproberen maar ik vraag het liever eerst even na.

    Ik laat het je weten.
  • This threat copies its file(s) to your harddisk. Its typical file name is blah service . Then it creates new startup key with name blah service and value msnmsgrr.exe . You can also find it in your processes list with name msnmsgrr.exe or blah service .



    Kan je eens zoeken op je pc naar [b:123d4044e9]blah service???[/b:123d4044e9]
  • Heb nadat ik adwatch uitgeschakeld heb ComboFix opnieuw geprobeerd en weer kwam die FOUT mededeling maar het programma bleef dit keer lopen en produceerde een log txt bestand die ik hieronder plak.
    Ook mijn PC helemaal doorzocht op BLAH maar niets gevonden helaas.

    ComboFix Log:

    Paul Lemmens - 06-09-12 10:19:54.34
    ComboFix 06.09.11 - Running from: C:\ZZZ\Download

    Microsoft Windows XP [versie 5.1.2600]

    ((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 ))))))))))))))))))))))))))))))))))


    2006-09-06 09:54 4,608 –a—— C:\WINDOWS\system32
    mwcdlog.dll
    2006-09-06 09:54 30,720 –a—— C:\WINDOWS\system32
    mwcdcocls.dll
    2006-09-05 12:58 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2006-09-05 12:58 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2006-09-05 12:58 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2006-08-30 18:46 50,688 –a—— C:\WINDOWS\system32
    mwcdcls.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-12 09:49 ——– d——– C:\Program Files\HijackThis
    2006-09-11 22:24 ——– d——– C:\Program Files\eDonkey2000
    2006-09-11 09:49 ——– d——– C:\Program Files\Nokia
    2006-09-10 23:07 ——– d——– C:\Program Files\Mozilla Firefox
    2006-09-10 15:43 ——– d——– C:\Program Files\RegVac
    2006-09-10 14:58 ——– d——– C:\Program Files\Netscape
    2006-09-10 14:57 ——– d——– C:\Program Files\Common Files
    2006-09-10 14:57 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\Netscape
    2006-09-09 20:41 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\Logitech
    2006-09-09 20:35 ——– d——– C:\Program Files\Logitech
    2006-09-09 20:35 ——– d——– C:\Program Files\Common Files\Logitech
    2006-09-09 15:51 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla
    2006-09-08 18:49 ——– d——– C:\Program Files\PestPatrol
    2006-09-07 22:18 8 –a—— C:\Documents and Settings\Paul Lemmens\Application Data\NMM-MetaData.db
    2006-09-07 22:11 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\Nokia
    2006-09-07 15:35 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\Nokia Multimedia Player
    2006-09-06 09:56 ——– d——– C:\Program Files\Common Files\PCSuite
    2006-09-06 09:56 ——– d——– C:\Program Files\Common Files\Nokia
    2006-09-06 09:31 ——– d——– C:\Program Files\lotus
    2006-09-05 18:20 ——– d——– C:\Program Files\OrgUpgrade
    2006-09-05 18:20 ——– d——– C:\Program Files\Common Files\RandSync
    2006-09-05 16:21 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-09-05 13:11 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\DataLayer
    2006-08-30 18:47 ——– d——– C:\Program Files\DIFX
    2006-08-30 18:47 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\PC Suite
    2006-08-23 17:46 ——– d——– C:\Documents and Settings\Paul Lemmens\Application Data\{7B99F2C5-16AD-4205-ACB3-116D9C489C1B}
    2006-08-21 13:14 ——– d——– C:\Program Files\ViceVersa Pro 2
    2006-08-15 10:20 ——– d——– C:\Program Files\Canon
    2006-08-10 15:25 ——– d——– C:\Program Files\Internet Explorer
    2006-08-10 09:46 ——– d——– C:\Program Files\eMule
    2006-08-09 13:45 ——– d——– C:\Program Files\Eudora
    2006-08-07 19:54 ——– d——– C:\Program Files\Launchy
    2006-08-06 23:16 76560 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-24 09:55 ——– d——– C:\Program Files\Common Files\Wise Installation Wizard
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-07-12 11:43 ——– d——– C:\Program Files\ASUS
    2006-07-09 18:46 143553 –a—— C:\WINDOWS\Curves 2 Uninstaller.exe
    2006-07-04 14:26 704000 –a—— C:\WINDOWS\system32\DAAPI.dll
    2006-07-04 14:25 245760 –a—— C:\WINDOWS\system32\VersitConverter.dll
    2006-07-04 14:25 131072 –a—— C:\WINDOWS\system32\NclAPI.dll
    2006-06-25 15:44 73 –a—— C:\WINDOWS\system32\ssprs.dll
    2006-06-23 01:49 277328 –a—— C:\WINDOWS\system32\odc.dll
    2006-06-19 16:19 571184 –a—— C:\WINDOWS\system32\muBlinder_ValBackup.dll
    2006-06-12 13:55 61440 –a—— C:\WINDOWS\system32\NclTools.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "AWMON"="\"C:\\Program Files\\Spy\\Ad-Aware\\Ad-Watch.exe\""
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
    "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
    "PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
    "CARPService"="carpserv.exe"
    "CapFax"="C:\\Program Files\\Classic PhoneTools\\CapFax.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
    "MBM 5"="\"C:\\Program Files\\TechSmith\\Motherboard Monitor\\MBM5.EXE\""
    "Logitech Utility"="Logi_MwX.Exe"
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
    "PCTVRemote"="E:\\Pinnacle\\PCTV\\Remote\\Remoterm.exe"
    "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
    @=""
    "Norton Ghost 9.0"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "blah service"="msnmsgrr.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
    "blah service"="msnmsgrr.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e0,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,fe,01,00,00,00,00,00,00,02,02,00,00,00,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,fe,01,00,00,00,00,00,00,02,02,00,00,00,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
    "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=""
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000020
    "NoDrives"=dword:00000000
    "NoViewOnDrive"=dword:00000000
    "NoDriveAutoRun"=hex:ff,07,00,00

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowCpl]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowRun]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\RestrictCpl]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\RestrictRun]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Adobe Reader Snelle start"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GetRight - Tray Icon.lnk]
    "backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
    "location"="Common Startup"
    "item"="GetRight - Tray Icon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "item"="InterVideo WinCinema Manager"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Logitech Desktop Messenger"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    "backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Picture Package Menu"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    "backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Picture Package VCD Maker"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
    "backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Service Manager"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon iP5200R.lnk]
    "backup"="C:\\WINDOWS\\pss\\Canon IJ Status Monitor Canon iP5200R.lnkStartup"
    "location"="Startup"
    "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\DOCUME~1\\PAULLE~1\\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP5200R;cnmss Canon iP5200R (Local).dll;Canon IJ Status Monitor Canon iP5200R.lnk"
    "item"="Canon IJ Status Monitor Canon iP5200R"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Dialer Detect.lnk]
    "backup"="C:\\WINDOWS\\pss\\Dialer Detect.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\DIALER~1\\dd.exe "
    "item"="Dialer Detect"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^PartMetBackup.lnk]
    "backup"="C:\\WINDOWS\\pss\\PartMetBackup.lnkStartup"
    "location"="Startup"
    "item"="PartMetBackup"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Webshots.lnk]
    "backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\Webshots\\Launcher.exe /t"
    "item"="Webshots"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 11.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "inimapping"="0"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\NSRTray.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 9.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\zBrowser Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTouch"
    "hkey"="HKLM"
    "inimapping"="0"



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\McAfee AntiSpyware.job
    C:\WINDOWS\tasks\RoxioUpdator.job

    Completion time: 2006-09-12 10:21:04.73
    ComboFix.txt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.