Vraag & Antwoord

Beveiliging & privacy

Graag Hijack Log bekijken

30 antwoorden
  • Heb WinXP Prp met SP2 en IE6. Het probleem is met IE dat wanneer op een website een Pop-up zou moeten verschijnen met bijv. een formulier om in te vullen dat dan dit formulier een fractie van een seconde verschijnt nog voor ook maar iets iingevuld kan worden. Heb veel instellingen veranderd; website is ook "Vertrouwd" ; pop-ups toegestaan enz. Bij FireFox echter geen problemen en bij Netscape weer wel. Een "Ouwe Rot" in het Software Forum Windows raadde mij aan een Hijack This te maken en in dit forum voor te leggen aan de experts. Bij voorbaat heel hartelijk dank. Paul Onderstaand de logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:02:03, on 9-9-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\VeriSign\NAVI\naviagent.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\CD-R\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe C:\Program Files\HHVcdV5Sys\VC5SecS.exe C:\WINDOWS\System32\WFXSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe E:\Pinnacle\PCTV\Remote\Remoterm.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\HHVcdV5Sys\VC5Play.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Eudora\Eudora.exe D:\Eudora\Plugins\Spamnix\spamnix.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ? O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted Zone: http://www.davilexbusiness.nl O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: http://www.nokia.nl O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted IP range: http://80.60.49.69 O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796 O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66 O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • Die ouwe rot heeft gelijk, er zit het een en ander aan rotzooi op. Onder andere een dailer. Wil je eerst je [b:d1e11a1578]Logitech\Desktop Messenger[/b:d1e11a1578] uninstallen opnieuw opstarten en dan pas verder gaan met de fix die ik zo neer zal gaan zetten. eric
  • juister/Eric bedankt voor de reactie. Twee opmerkingen: - het programma'tje Dialer Detect dat ik regelmatig run laat mij 4 dialers zien en alle 4 betrouwbaar. Namelijk MxStream (=ADSL),HCCNet (voor toegang tot het HCCNet, PCI Modem Dial-up ( mijn gewone ouderwetse modem en tenslotte het nieuwste Nokia 6233 ( het "modem" van mijn GSM) Je opmerking betekent dus helaas dat Dialer Detect niet alles vindt. - Logitech Messenger wordt geïnstalleerd als onderdeel van mijn draadloze muis en keyboard. Nu is het vreemde dat in Configuratie Scherm onder Software niets verschijnt dat met Logitech te maken heeft. In de map van Logitech ook geen uninstall file. Zal ik nu maar die hele map verwijderen en dan vervolgens door mijn RegVac Registry Cleaner dan tenminste de daardoor veroorzaakte chaos op laten knappen? Bij voorbaat dank Paul
  • Je logitech heeft de hik en je kan die het beste uninstallen(via software) jouw dailers 7AdPower Dialer X {3B623D23-2757-4881-A01E-D560EBCA5307} olanda_ver10.CAB 7AdPower_Dialer Changes your dialup connection settings. Trojan-Clicker.Win32.Adpower.a X {018A066F-584A-422F-AC4C-0B1F5FE5C040} http://www.viruslist.com/en/viruses/encyclopedia?virusid=49824 7AdPower Dialer X {018A066F-584A-422F-AC4C-0B1F5FE5C040} olanda_ver3.CAB 7AdPower_Dialer Changes your dialup connection settings. NetVenda Dialer X {91433D86-9F27-402C-B5E3-DEBDD122C339} identified by SpywareBlaster Dialer.Trafficadvance X {00000000-0000-0000-0000-000020040000} http://securityresponse.symantec.com/avcenter/venc/data/dialer.trafficadvance.html [url=http://www.castlecops.com/ActiveX.html]bron[/url] echt dailers die je niet hebben wil hoor.
  • Na bovenstaande info, wil je dit eerst uitvoeren, opruimen van de rommel komt NA de fix. Zet de [b:9a8a13c7ea] Ad-Watch[/b:9a8a13c7ea] van ad-aware even uit, die kan de fix in de weg zitten. Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:9a8a13c7ea]Combofix[/b:9a8a13c7ea][/url] naar je Bureaublad.[list:9a8a13c7ea] Dubbelklik [b:9a8a13c7ea]Combofix.exe[/b:9a8a13c7ea] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:9a8a13c7ea]NIET[/b:9a8a13c7ea] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9a8a13c7ea] Wanneer de fix voltooid is en na herstart, zal de log [b:9a8a13c7ea]combofix.txt[/b:9a8a13c7ea] openen. [i:9a8a13c7ea]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9a8a13c7ea] ([b:9a8a13c7ea]aub doe dit posten na de onderstaande fix[/b:9a8a13c7ea] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Start HJT opnieuw en vink onderstaande regels(indien nog aanwezig) aan en sluit alle vensters(behalve HJT) en klik dan op fix checked. [b:9a8a13c7ea]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab[/b:9a8a13c7ea] Verwijder met behulp van verkenner de onderstaande bestand. [b:9a8a13c7ea] msnmsgrr.exe[/b:9a8a13c7ea] <<< even zoeken waar het staat.(als het er nog staat dus) Start opnieuw op en plaats een nieuw logje samen met de combofix log. Bvd eric
  • Weer een negatieve surprise: Combofix wil niet lopen! Na opstarten, Y intikken gevolgd door Enter komt de mededeling dat de machine gescand gaat worden maar dan komt de message "Het systeem kan de opgegeven registersleutel of - waarde niet vinden", en stopt het programma. Opnieuw PC opgestart en naast Ad-watch ook de Mcafee virusscan en firewall uitgezet en opnieuw Combofix gestart maar helaas hetzelfde debacle. Sorry Eric, hoe nu verder? Paul
  • Aangezien ComboFix.exe niet wilde lopen heb ik eerst maar geprobeerd de aangegeven regels te laten "Fixen" door Hijack This voor zover het ging. De 2 regels met "olanda" erin waren verdwenen en ook het bestand "msnmsgrr.exe was nergens meer te vinden. Vervolgens Hijack This opnieuw laten scannen en onderstaand de betreffende Log file. Als het totaal verkeerd was om eerst de regels te "fixen" nog voordat ComboFix gelopen had kan ik altijd nog de Ghost image van de betreffende partitie terugzetten en helemaal opnieuw beginnen. Eric weer bij voorbaat hartelijk dank als je me verder kan helpen Paul Logfile of HijackThis v1.99.1 Scan saved at 00:06, on 06-09-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\carpserv.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\VeriSign\NAVI\naviagent.exe C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe E:\Pinnacle\PCTV\Remote\Remoterm.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\CD-R\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\HHVcdV5Sys\VC5Play.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HHVcdV5Sys\VC5SecS.exe C:\WINDOWS\System32\WFXSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchpl ugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ? O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted Zone: http://www.davilexbusiness.nl O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: http://www.nokia.nl O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted IP range: http://80.60.49.69 O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/ wuweb_site.cab?1097937495656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe b_site.cab?1149778818796 O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operat ions/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • probeer deze fix eens, jammer dat die combo niet draait. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe][b:de68cb0f72][color=blue:de68cb0f72]Dr.Web CureIt[/color:de68cb0f72][/b:de68cb0f72][/url] naar je Bureaublad:[list:de68cb0f72][*:de68cb0f72]Dubbelklik [b:de68cb0f72]drweb-cureit.exe[/b:de68cb0f72] en sta het toe om de express scan te starten. [*:de68cb0f72]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:de68cb0f72]Yes to all[/b:de68cb0f72] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. [*:de68cb0f72]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen. [*:de68cb0f72]Selecteer hier [b:de68cb0f72]alle drives[/b:de68cb0f72]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. [*:de68cb0f72]Klik daarna de [b:de68cb0f72]groene pijl[/b:de68cb0f72] rechts om de scan te starten. [*:de68cb0f72]Klik [b:de68cb0f72]Yes to all[/b:de68cb0f72] wanneer er gevraagd wordt om cure of move uit te voeren. [*:de68cb0f72]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:de68cb0f72] [*:de68cb0f72]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:de68cb0f72]Move incurable[/b:de68cb0f72] zoals je hier ziet: [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:de68cb0f72] Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is. [*:de68cb0f72]Nadat de scan gedaan is, in het menu bovenaan, klik [b:de68cb0f72]File[/b:de68cb0f72] en kies [b:de68cb0f72]Save report List[/b:de68cb0f72]. Bewaar het op je Bureaublad. [*:de68cb0f72]Sluit daarna Dr.Web Cureit. [*:de68cb0f72][b:de68cb0f72]Herstart[/b:de68cb0f72] je computer!! [i:de68cb0f72]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:de68cb0f72]. [*:de68cb0f72]Na het herstarten, [b:de68cb0f72]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:de68cb0f72]. [/list:u:de68cb0f72] Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is. bvd eric
  • Dr.Web Cureit heeft wel gelopen gelukkig. In het geheugen niets gevonden en in de 4 drives ook maar weinig. Ik vermoed dat ik in ieder geval 1 van de 4 "verhuisde" bestandjes weer terug moet zetten. Namelijk mgclose. dat. Hoe dan ook na de herstart is het oorspronkelijke probleem met IE niet opgelost. Volledigheidshalve met FireFox dat ik gisteren ook gedownload heb is er geen probleem; misschien NOG niet! Eric weer bedankt en ik hoop dat je ondanks het feit dat ComboFix niet wil lopen toch verder kan helpen graag. Paul Onderstaand de inhoud van de Dr Web log: VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved. sdcmon.dll C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved. tgupdate.exe C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved. mgclose.dat D:\Database\MG12\prog Tool.Prockill Incurable.Moved.
  • [quote:743525e6fd]Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is. [/quote:743525e6fd] aub logje dus.
  • Ik hoop dat de log zo beter te lezen is: Logfile of HijackThis v1.99.1 Scan saved at 21:49, on 06-09-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\carpserv.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\VeriSign\NAVI\naviagent.exe C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe E:\Pinnacle\PCTV\Remote\Remoterm.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\CD-R\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\HHVcdV5Sys\VC5Play.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HHVcdV5Sys\VC5SecS.exe C:\WINDOWS\System32\WFXSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Eudora\Eudora.exe D:\Eudora\Plugins\Spamnix\spamnix.exe C:\Program Files\eDonkey2000\edonkey2000.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ? O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted Zone: http://www.davilexbusiness.nl O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: http://www.nokia.nl O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted IP range: http://80.60.49.69 O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796 O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66 O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • Start HJT nogmaals en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve die van HJT en klik op fix checked. [b:cbfb29e38b]O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe[/b:cbfb29e38b] Alle regels met [b:cbfb29e38b]O18 – Protocol >> (no file)[/b:cbfb29e38b] Start op in [b:cbfb29e38b]veilige modus[/b:cbfb29e38b] en verwijder via verkenner onderstaand dikgedrukt bestand. [b:cbfb29e38b]msnmsgrr.exe[/b:cbfb29e38b] even zoeken met de zoekfunctie. Mag ik daarna een nieuw HJT logje, zag er goed gemaakt uit trouwens goed te lezen. Eric
  • Hallo Eric, Heb al eens tevergeefs naar "msnmsgrr.exe" gezocht en daarom als eerste na je mail weer de hele PC af laten zoeken maar zonder resultaat. Vervolgens je aanwiijzingen gevolgd en na het opstarten in Veilige Modus weer naar "msnmsgrr.exe" gezocht en weer zonder resultaat. Opnieuw gestart in normale modus en een LOG gemaakt; zie onderstaand. Warempel daar staat weer "msnmsgrr.exe" in! Is dat niet hoogst merkwaardig? Heeft het zin om via regedit die 2 regels te deleten? In ieder geval alweer bedankt en hier dus de laatste log: Logfile of HijackThis v1.99.1 Scan saved at 11:36, on 06-09-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\VeriSign\NAVI\naviagent.exe C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\Pinnacle\PCTV\Remote\Remoterm.exe E:\CD-R\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\HHVcdV5Sys\VC5Play.exe C:\Program Files\HHVcdV5Sys\VC5SecS.exe C:\WINDOWS\System32\WFXSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Eudora\Eudora.exe D:\Eudora\Plugins\Spamnix\spamnix.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ? O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted Zone: http://www.davilexbusiness.nl O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: http://www.nokia.nl O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted IP range: http://80.60.49.69 O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796 O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • nieuwe download locatie download de killbox en pak hem uit naar je bureaublad http://www.killbox.net/ start de killbox en zet een vinkje bij "delete on reboot" kopieer de vetgedrukte tekst: [b:4992c41c85]C:\WINDOWS\System32\msnmsgrr.exe [/b:4992c41c85] open[b:4992c41c85] "file" [/b:4992c41c85]in het killboxmenu bovenaan en kies: Paste from clipboard je zal zien, het bovenstaande vetgedrukte zal staan in het [b:4992c41c85]"Full Path of File to Delete"[/b:4992c41c85]-veld. Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes ( indien bestanden aanwezig ) die je gekopieerd hebt zien staan ( dat is tenminste de bedoeling ) Daarna klik je op de rode knop met het wit kruisje erin,klik in beide popschermpjes op "OK" start opnieuw op en plaats een verst hjt logje aub.
  • Het lijkt erop dat Killbox niet veel gedaan heeft. Na het kopieren naar het veld "Full Path of...." gebeurt er na het klikken op het verticale pijltje verder niets. Ook niet na het klikken op het rode knopje met witte kruis. Er verschijnt (maar 1x de gelegenheid om op OK te drukken overigens)een mededeling die ook in onderstaande logfile staat. Tenslotte maar op Exit geklikt en opnieuw gestart. Overigens ik heb eerst gekeken of in de folder c:\windows\system32 wel de beruchte file staat. Helaas niet en voor alle zekerheid het volgende: mijn Windows Explorer staat zodanig ingesteld dat alle "hidden" files e.d. getoond worden! Hierbij de logfile van Killbox: Pocket Killbox version 2.0.0.881 Running on Windows XP as Paul Lemmens(Administrator) was started @ Monday, September 11, 2006, 2:18 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\msnmsgrr.exe PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:20:20 PM Killbox Closed(Exit) @ 2:21:22 PM __________________________________________________ Heb wel een nog een keer na het rebooten Hijack This laten lopen maar die Logfile is identiek aan de vorige. Dezelfde 2 regels met "msnmsgrr.exe". Dus ik dacht dat het niet zoveel zin had. Als je dit onterecht vindt zend ik alsnog een verse LOG. vriendelijke groet, Paul
  • Hmm even advies inwinnen, ik kom er op terug.
  • MSNMSGRR is inderdaad een smerig ding. Mijn Mcafee heeft die nooit gevonden. Trend Micro heeft er een mooi verhaal over maar een run via hun HouseCall free scanner vindt het ook niet ondanks de mooie praatjes op de website en met True Sword idem dito. Vervolgens heb ik via Regedit op de 2 plaatsen waar het in het register voorkomt, het item verwijderd maar als je dan van de 1e plaats naar de 2e plaats gaat en dan weer terugkeert naar de 1e staat alles er weer precies zoals voor de verwijdering! En dat allemaal zonder dat het bestand msnmsgrr.exe zelf te vinden is.!! Eric, ik wacht met spanning op je advies en mag ik aannemen dat Hijack This verder geen "foute" dingen meer laat zien? Bij voorbaat weer dank en veel groeten, Paul
  • Ik heb het vermoeden dat je een rootkit op je pc hebt die we niet kunnen zien, daarom is het extra jammer dat de combofix het niet deed. Wil je die instructie nogmaals lezen en dan proberen nogmaals uit te voeren. Ik ben bij anderen aan het navragen wat de juiste actie moet zijn in dit geval, ik kan wel zelf allerlei dingen gaan uitproberen maar ik vraag het liever eerst even na. Ik laat het je weten.
  • This threat copies its file(s) to your harddisk. Its typical file name is blah service . Then it creates new startup key with name blah service and value msnmsgrr.exe . You can also find it in your processes list with name msnmsgrr.exe or blah service . Kan je eens zoeken op je pc naar [b:123d4044e9]blah service???[/b:123d4044e9]
  • Heb nadat ik adwatch uitgeschakeld heb ComboFix opnieuw geprobeerd en weer kwam die FOUT mededeling maar het programma bleef dit keer lopen en produceerde een log txt bestand die ik hieronder plak. Ook mijn PC helemaal doorzocht op BLAH maar niets gevonden helaas. ComboFix Log: Paul Lemmens - 06-09-12 10:19:54.34 ComboFix 06.09.11 - Running from: C:\ZZZ\Download Microsoft Windows XP [versie 5.1.2600] ((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 )))))))))))))))))))))))))))))))))) 2006-09-06 09:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2006-09-06 09:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2006-09-05 12:58 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2006-09-05 12:58 28,160 --a------ C:\WINDOWS\system32\irmon.dll 2006-09-05 12:58 154,112 --a------ C:\WINDOWS\system32\irftp.exe 2006-08-30 18:46 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-12 09:49 -------- d-------- C:\Program Files\HijackThis 2006-09-11 22:24 -------- d-------- C:\Program Files\eDonkey2000 2006-09-11 09:49 -------- d-------- C:\Program Files\Nokia 2006-09-10 23:07 -------- d-------- C:\Program Files\Mozilla Firefox 2006-09-10 15:43 -------- d-------- C:\Program Files\RegVac 2006-09-10 14:58 -------- d-------- C:\Program Files\Netscape 2006-09-10 14:57 -------- d-------- C:\Program Files\Common Files 2006-09-10 14:57 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\Netscape 2006-09-09 20:41 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\Logitech 2006-09-09 20:35 -------- d-------- C:\Program Files\Logitech 2006-09-09 20:35 -------- d-------- C:\Program Files\Common Files\Logitech 2006-09-09 15:51 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla 2006-09-08 18:49 -------- d-------- C:\Program Files\PestPatrol 2006-09-07 22:18 8 --a------ C:\Documents and Settings\Paul Lemmens\Application Data\NMM-MetaData.db 2006-09-07 22:11 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\Nokia 2006-09-07 15:35 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\Nokia Multimedia Player 2006-09-06 09:56 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-09-06 09:56 -------- d-------- C:\Program Files\Common Files\Nokia 2006-09-06 09:31 -------- d-------- C:\Program Files\lotus 2006-09-05 18:20 -------- d-------- C:\Program Files\OrgUpgrade 2006-09-05 18:20 -------- d-------- C:\Program Files\Common Files\RandSync 2006-09-05 16:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-05 13:11 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\DataLayer 2006-08-30 18:47 -------- d-------- C:\Program Files\DIFX 2006-08-30 18:47 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\PC Suite 2006-08-23 17:46 -------- d-------- C:\Documents and Settings\Paul Lemmens\Application Data\{7B99F2C5-16AD-4205-ACB3-116D9C489C1B} 2006-08-21 13:14 -------- d-------- C:\Program Files\ViceVersa Pro 2 2006-08-15 10:20 -------- d-------- C:\Program Files\Canon 2006-08-10 15:25 -------- d-------- C:\Program Files\Internet Explorer 2006-08-10 09:46 -------- d-------- C:\Program Files\eMule 2006-08-09 13:45 -------- d-------- C:\Program Files\Eudora 2006-08-07 19:54 -------- d-------- C:\Program Files\Launchy 2006-08-06 23:16 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-24 09:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-12 11:43 -------- d-------- C:\Program Files\ASUS 2006-07-09 18:46 143553 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe 2006-07-04 14:26 704000 --a------ C:\WINDOWS\system32\DAAPI.dll 2006-07-04 14:25 245760 --a------ C:\WINDOWS\system32\VersitConverter.dll 2006-07-04 14:25 131072 --a------ C:\WINDOWS\system32\NclAPI.dll 2006-06-25 15:44 73 --a------ C:\WINDOWS\system32\ssprs.dll 2006-06-23 01:49 277328 --a------ C:\WINDOWS\system32\odc.dll 2006-06-19 16:19 571184 --a------ C:\WINDOWS\system32\muBlinder_ValBackup.dll 2006-06-12 13:55 61440 --a------ C:\WINDOWS\system32\NclTools.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "AWMON"="\"C:\\Program Files\\Spy\\Ad-Aware\\Ad-Watch.exe\"" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "CARPService"="carpserv.exe" "CapFax"="C:\\Program Files\\Classic PhoneTools\\CapFax.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "MBM 5"="\"C:\\Program Files\\TechSmith\\Motherboard Monitor\\MBM5.EXE\"" "Logitech Utility"="Logi_MwX.Exe" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" "PCTVRemote"="E:\\Pinnacle\\PCTV\\Remote\\Remoterm.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg" @="" "Norton Ghost 9.0"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe" "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" "blah service"="msnmsgrr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "blah service"="msnmsgrr.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e0,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,fe,01,00,00,00,00,00,00,02,02,00,00,00,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,fe,01,00,00,00,00,00,00,02,02,00,00,00,03,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension" "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"="" "{A213B520-C6C2-11d0-AF9D-008029E1027E}"="" "{93994DE8-8239-4655-B1D1-5F4E91300429}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000020 "NoDrives"=dword:00000000 "NoViewOnDrive"=dword:00000000 "NoDriveAutoRun"=hex:ff,07,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowCpl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowRun] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\RestrictCpl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\RestrictRun] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup" "location"="Common Startup" "item"="Adobe Reader Snelle start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GetRight - Tray Icon.lnk] "backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup" "location"="Common Startup" "item"="GetRight - Tray Icon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "item"="InterVideo WinCinema Manager" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup" "location"="Common Startup" "item"="Logitech Desktop Messenger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] "backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup" "location"="Common Startup" "item"="Picture Package Menu" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] "backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup" "location"="Common Startup" "item"="Picture Package VCD Maker" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk] "backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup" "location"="Common Startup" "item"="Service Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon iP5200R.lnk] "backup"="C:\\WINDOWS\\pss\\Canon IJ Status Monitor Canon iP5200R.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\DOCUME~1\\PAULLE~1\\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP5200R;cnmss Canon iP5200R (Local).dll;Canon IJ Status Monitor Canon iP5200R.lnk" "item"="Canon IJ Status Monitor Canon iP5200R" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Dialer Detect.lnk] "backup"="C:\\WINDOWS\\pss\\Dialer Detect.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\DIALER~1\\dd.exe " "item"="Dialer Detect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^PartMetBackup.lnk] "backup"="C:\\WINDOWS\\pss\\PartMetBackup.lnkStartup" "location"="Startup" "item"="PartMetBackup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Paul Lemmens^Menu Start^Programma's^Opstarten^Webshots.lnk] "backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Webshots\\Launcher.exe /t" "item"="Webshots" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 11.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\NSRTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 9.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\zBrowser Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTouch" "hkey"="HKLM" "inimapping"="0" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee AntiSpyware.job C:\WINDOWS\tasks\RoxioUpdator.job Completion time: 2006-09-12 10:21:04.73 ComboFix.txt

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.