Vraag & Antwoord

Beveiliging & privacy

Graag Hijack Log bekijken

Anoniem
juisterr
30 antwoorden
 • Heb WinXP Prp met SP2 en IE6.
  Het probleem is met IE dat wanneer op een website een Pop-up zou moeten verschijnen met bijv. een formulier om in te vullen dat dan dit formulier een fractie van een seconde verschijnt nog voor ook maar iets iingevuld kan worden. Heb veel instellingen veranderd; website is ook "Vertrouwd" ; pop-ups toegestaan enz.
  Bij FireFox echter geen problemen en bij Netscape weer wel.
  Een "Ouwe Rot" in het Software Forum Windows raadde mij aan een Hijack This te maken en in dit forum voor te leggen aan de experts.

  Bij voorbaat heel hartelijk dank.
  Paul

  Onderstaand de logfile:

  Logfile of HijackThis v1.99.1
  Scan saved at 17:02:03, on 9-9-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  C:\Program Files\VeriSign\NAVI\naviagent.exe
  c:\program files\mcafee.com\vso\mcvsshld.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\oodag.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
  C:\WINDOWS\system32\wwSecure.exe
  C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  C:\WINDOWS\system32\carpserv.exe
  C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  E:\Pinnacle\PCTV\Remote\Remoterm.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Launchy\Launchy.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\HHVcdV5Sys\VC5Play.exe
  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Eudora\Eudora.exe
  D:\Eudora\Plugins\Spamnix\spamnix.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src";); (C:\Documents and Settings\Paul Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js)
  O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
  O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
  O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
  O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
  O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O15 - Trusted Zone: http://www.davilexbusiness.nl
  O15 - Trusted Zone: *.musicmatch.com
  O15 - Trusted Zone: http://www.nokia.nl
  O15 - Trusted Zone: *.musicmatch.com (HKLM)
  O15 - Trusted IP range: http://80.60.49.69
  O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
  O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
  O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
  O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
  O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB
  O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
  O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
  O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab
  O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
  O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
  O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
  O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
  O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
  O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
  O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
  O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
 • Die ouwe rot heeft gelijk, er zit het een en ander aan rotzooi op. Onder andere een dailer.

  Wil je eerst je [b:d1e11a1578]Logitech\Desktop Messenger[/b:d1e11a1578] uninstallen opnieuw opstarten en dan pas verder gaan met de fix die ik zo neer zal gaan zetten.

  eric
 • juister/Eric bedankt voor de reactie.
  Twee opmerkingen:
  - het programma'tje Dialer Detect dat ik regelmatig run laat mij 4 dialers zien en alle 4 betrouwbaar. Namelijk MxStream (=ADSL),HCCNet (voor toegang tot het HCCNet, PCI Modem Dial-up ( mijn gewone ouderwetse modem en tenslotte het nieuwste Nokia 6233 ( het "modem" van mijn GSM) Je opmerking betekent dus helaas dat Dialer Detect niet alles vindt.
  - Logitech Messenger wordt geïnstalleerd als onderdeel van mijn draadloze muis en keyboard. Nu is het vreemde dat in Configuratie Scherm onder Software niets verschijnt dat met Logitech te maken heeft.
  In de map van Logitech ook geen uninstall file. Zal ik nu maar die hele map verwijderen en dan vervolgens door mijn RegVac Registry Cleaner dan tenminste de daardoor veroorzaakte chaos op laten knappen?

  Bij voorbaat dank
  Paul
 • Je logitech heeft de hik en je kan die het beste uninstallen(via software)

  jouw dailers

  7AdPower Dialer X {3B623D23-2757-4881-A01E-D560EBCA5307} olanda_ver10.CAB 7AdPower_Dialer Changes your dialup connection settings.

  Trojan-Clicker.Win32.Adpower.a X {018A066F-584A-422F-AC4C-0B1F5FE5C040} http://www.viruslist.com/en/viruses/encyclopedia?virusid=49824
  7AdPower Dialer X {018A066F-584A-422F-AC4C-0B1F5FE5C040} olanda_ver3.CAB 7AdPower_Dialer Changes your dialup connection settings.

  NetVenda Dialer X {91433D86-9F27-402C-B5E3-DEBDD122C339} identified by SpywareBlaster


  Dialer.Trafficadvance X {00000000-0000-0000-0000-000020040000} http://securityresponse.symantec.com/avcenter/venc/data/dialer.trafficadvance.html

  bron

  echt dailers die je niet hebben wil hoor.
 • Na bovenstaande info, wil je dit eerst uitvoeren, opruimen van de rommel komt NA de fix.  Zet de [b:9a8a13c7ea] Ad-Watch[/b:9a8a13c7ea] van ad-aware even uit, die kan de fix in de weg zitten.
  Download [b:9a8a13c7ea]Combofix[/b:9a8a13c7ea] naar je Bureaublad.[list:9a8a13c7ea]
  Dubbelklik [b:9a8a13c7ea]Combofix.exe[/b:9a8a13c7ea]
  Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
  Tijdens het runnen van de fix, [b:9a8a13c7ea]NIET[/b:9a8a13c7ea] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9a8a13c7ea]
  Wanneer de fix voltooid is en na herstart, zal de log [b:9a8a13c7ea]combofix.txt[/b:9a8a13c7ea] openen.
  [i:9a8a13c7ea]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9a8a13c7ea] ([b:9a8a13c7ea]aub doe dit posten na de onderstaande fix[/b:9a8a13c7ea]

  NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

  Start HJT opnieuw en vink onderstaande regels(indien nog aanwezig) aan en sluit alle vensters(behalve HJT) en klik dan op fix checked.

  [b:9a8a13c7ea]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
  O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
  O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
  O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} - http://advnt01.com/dialer/olanda_ver10.CAB
  O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games29.cab
  O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-loader.com/load/ccaccess.cab[/b:9a8a13c7ea]


  Verwijder met behulp van verkenner de onderstaande bestand.

  [b:9a8a13c7ea] msnmsgrr.exe[/b:9a8a13c7ea] <<< even zoeken waar het staat.(als het er nog staat dus)

  Start opnieuw op en plaats een nieuw logje samen met de combofix log.

  Bvd
  eric
 • Je schrijft: [i:108249e9ec]Leeg de quarantaine box van Norton[/i:108249e9ec].

  Is dat een simpele vergissing want ik heb geen programma's, dacht ik,
  van Norton die iets met een quarantaine box hebben.
  De vraag die ik een mail of wat terug had was of een bepaald bestand iets met Norton Internet Security te maken kon hebben hoewel ik dat ook niet meende te hebben.

  m.vr.gr.
  Paul
 • Weer een negatieve surprise: Combofix wil niet lopen!
  Na opstarten, Y intikken gevolgd door Enter komt de mededeling dat de machine gescand gaat worden maar dan komt de message "Het systeem kan de opgegeven registersleutel of - waarde niet vinden", en stopt het programma.
  Opnieuw PC opgestart en naast Ad-watch ook de Mcafee virusscan en firewall uitgezet en opnieuw Combofix gestart maar helaas hetzelfde debacle.

  Sorry Eric, hoe nu verder?
  Paul
 • Aangezien ComboFix.exe niet wilde lopen heb ik eerst maar geprobeerd de aangegeven regels te laten "Fixen" door Hijack This voor zover het ging. De 2 regels met "olanda" erin waren verdwenen en ook het bestand "msnmsgrr.exe was nergens meer te vinden.
  Vervolgens Hijack This opnieuw laten scannen en onderstaand de betreffende Log file.

  Als het totaal verkeerd was om eerst de regels te "fixen" nog voordat ComboFix gelopen had kan ik altijd nog de Ghost image van de betreffende partitie terugzetten en helemaal opnieuw beginnen.

  Eric weer bij voorbaat hartelijk dank als je me verder kan helpen
  Paul


  Logfile of HijackThis v1.99.1
  Scan saved at 00:06, on 06-09-10
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  C:\WINDOWS\system32\carpserv.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  c:\program files\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\VeriSign\NAVI\naviagent.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\oodag.exe
  C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  E:\Pinnacle\PCTV\Remote\Remoterm.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\Launchy\Launchy.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\HHVcdV5Sys\VC5Play.exe
  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
  C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
  C:\WINDOWS\system32\wwSecure.exe
  C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

  http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

  Microsoft Internet Explorer
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

  Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: i-Nav IDN SearchHook -

  {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program

  Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  N4 - Mozilla: user_pref("browser.search.defaultengine",

  "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchpl

  ugins%5CSBWeb_01.src";); (C:\Documents and Settings\Paul

  Lemmens\Application Data\Mozilla\Profiles\default\0ozciuhi.slt\prefs.js)
  O2 - BHO: HelperObject Class -

  {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program

  Files\TechSmith\SnagIt 8\SnagItBHO.dll
  O2 - BHO: Adobe PDF Reader Link Helper -

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program

  Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

  C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: EWPBrowseObject Class -

  {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program

  Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

  - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent -

  {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common

  Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
  O2 - BHO: i-Nav IDN Resolver -

  {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program

  Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} -

  C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

  Devices\SoundMAX\SMax4PNP.exe
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

  Devices\SoundMAX\Smax4.exe" /tray
  O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

  Files\Intel\NCS\PROSet\PRONoMgr.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic

  PhoneTools\CapFax.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

  C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard

  Monitor\MBM5.EXE"
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [MPFExe]

  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask]

  "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online]

  "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe]

  c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe]

  C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck]

  C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton

  Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

  Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [AWMON] "C:\Program

  Files\Spy\Ad-Aware\Ad-Watch.exe"
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

  C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

  Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
  O4 - Startup: Registration-PCTV.lnk =

  E:\Pinnacle\PCTV\ERegister\RegTool.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

  Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program

  Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

  Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

  Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared

  Files\Programs\Scheduler\PCLEScheduler.exe
  O4 - Global Startup: VirtualCD 5.lnk = C:\Program

  Files\HHVcdV5Sys\VC5Play.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: Download with GetRight - C:\Program

  Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel -

  res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List -

  res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print -

  res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

  Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

  Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program

  Files\GetRight\GRbrowse.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

  - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console -

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

  Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

  - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C}

  - C:\Program Files\Common Files\Microsoft Shared\Encarta Search

  Bar\ENCSBAR.DLL
  O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F}

  - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra 'Tools' menuitem: i-Nav Help -

  {CE000992-A58C-4441-8938-744CD72AB27F} -

  http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -

  C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra 'Tools' menuitem: i-Nav Options -

  {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program

  Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

  C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger -

  {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

  Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O15 - Trusted Zone: http://www.davilexbusiness.nl
  O15 - Trusted Zone: *.musicmatch.com
  O15 - Trusted Zone: http://www.nokia.nl
  O15 - Trusted Zone: *.musicmatch.com (HKLM)
  O15 - Trusted IP range: http://80.60.49.69
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA

  Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

  Control) - http://www.ipix.com/viewers/ipixx.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

  Advantage Validation Tool) -

  http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
  O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID

  Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
  O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class)

  - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
  O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -

  http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

  Operating System Class) -

  http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

  Class) -

  http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/

  wuweb_site.cab?1097937495656
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

  Class) -

  http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe

  b_site.cab?1149778818796
  O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A}

  (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
  O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec

  Download Bridge) -

  http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operat

  ions/symbizpr/xcontrol/SymDlBrg.cab
  O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime

  Environment 1.4.1_02) -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -

  https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software

  XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwfile-8876480 -

  {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
  O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no

  file)
  O18 - Protocol: offline-8876480 -

  {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier -

  C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

  Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) -

  Unknown owner - E:\Adobe\Photoshop Elements

  4.0\PhotoshopElementsFileAgent.exe
  O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program

  Files\Acesoft\Tracks Eraser Pro\autocomp.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation

  - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

  Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

  32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation -

  C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. -

  c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

  c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

  McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

  Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program

  Files\VeriSign\NAVI\naviagent.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

  C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program

  Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec

  Corporation - C:\Program Files\Common Files\Symantec Shared\Security

  Console\NSCSRVCE.EXE
  O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

  - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: O&O Defrag - O&O Software GmbH -

  C:\WINDOWS\system32\oodag.exe
  O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

  Files\Raxco\PerfectDisk\PDEngine.exe
  O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program

  Files\Raxco\PerfectDisk\PDSched.exe
  O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions -

  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
  O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common

  Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions -

  C:\Program Files\Common Files\Roxio

  Shared\SharedCom\RoxUpnpRenderer.exe
  O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator

  8\Digital Home\RoxUpnpServer.exe
  O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions -

  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program

  Files\Test\Sandra Professional\RpcDataSrv.exe
  O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program

  Files\Test\Sandra Professional\RpcSandraSrv.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common

  Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default))

  - Analog Devices, Inc. - C:\Program Files\Analog

  Devices\SoundMAX\SMAgent.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division

  Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot

  Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

  Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software

  GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -

  C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

  C:\WINDOWS\system32\wwSecure.exe
 • probeer deze fix eens, jammer dat die combo niet draait.

  Download [b:de68cb0f72] naar je Bureaublad:[list:de68cb0f72][*:de68cb0f72]Dubbelklik [b:de68cb0f72]drweb-cureit.exe[/b:de68cb0f72] en sta het toe om de express scan te starten.
  [*:de68cb0f72]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
  klik de [b:de68cb0f72]Yes to all[/b:de68cb0f72] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  [*:de68cb0f72]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  [*:de68cb0f72]Selecteer hier [b:de68cb0f72]alle drives[/b:de68cb0f72]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  [*:de68cb0f72]Klik daarna de [b:de68cb0f72]groene pijl[/b:de68cb0f72] rechts om de scan te starten.
  [*:de68cb0f72]Klik [b:de68cb0f72]Yes to all[/b:de68cb0f72] wanneer er gevraagd wordt om cure of move uit te voeren.
  [*:de68cb0f72]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:de68cb0f72]
  [*:de68cb0f72]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:de68cb0f72]Move incurable[/b:de68cb0f72] zoals je hier ziet:
  [img:de68cb0f72]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:de68cb0f72]
  Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
  [*:de68cb0f72]Nadat de scan gedaan is, in het menu bovenaan, klik [b:de68cb0f72]File[/b:de68cb0f72] en kies [b:de68cb0f72]Save report List[/b:de68cb0f72]. Bewaar het op je Bureaublad.
  [*:de68cb0f72]Sluit daarna Dr.Web Cureit.
  [*:de68cb0f72][b:de68cb0f72]Herstart[/b:de68cb0f72] je computer!! [i:de68cb0f72]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:de68cb0f72].
  [*:de68cb0f72]Na het herstarten, [b:de68cb0f72]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:de68cb0f72].
  [/list:u:de68cb0f72]

  Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is.

  bvd
  eric
 • Dr.Web Cureit heeft wel gelopen gelukkig. In het geheugen niets gevonden en in de 4 drives ook maar weinig. Ik vermoed dat ik in ieder geval 1 van de 4 "verhuisde" bestandjes weer terug moet zetten. Namelijk mgclose. dat.
  Hoe dan ook na de herstart is het oorspronkelijke probleem met IE niet opgelost. Volledigheidshalve met FireFox dat ik gisteren ook gedownload heb is er geen probleem; misschien NOG niet!

  Eric weer bedankt en ik hoop dat je ondanks het feit dat ComboFix niet wil lopen toch verder kan helpen graag.
  Paul

  Onderstaand de inhoud van de Dr Web log:

  VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
  VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
  sdcmon.dll C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved.
  tgupdate.exe C:\Program Files\Support.com\bin Probably DLOADER.Trojan Incurable.Moved.
  mgclose.dat D:\Database\MG12\prog Tool.Prockill Incurable.Moved.
 • [quote:743525e6fd]Maak weer een nieuw hijackthis logje, die is mooi te maken door doe een scan and save a logfile te doen, ga dan naar bewerken > alles kopieren> nogmaals naar bewerken en dan kopieren, dan krijg je een mooi logje wat goed te lezen is.
  [/quote:743525e6fd]

  aub logje dus.
 • Ik hoop dat de log zo beter te lezen is:

  Logfile of HijackThis v1.99.1
  Scan saved at 21:49, on 06-09-10
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  C:\WINDOWS\system32\carpserv.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\program files\mcafee.com\vso\mcvsshld.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  c:\program files\mcafee.com\agent\mcagent.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\VeriSign\NAVI\naviagent.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\oodag.exe
  E:\Pinnacle\PCTV\Remote\Remoterm.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\Launchy\Launchy.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\HHVcdV5Sys\VC5Play.exe
  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
  C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
  C:\WINDOWS\system32\wwSecure.exe
  C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Eudora\Eudora.exe
  D:\Eudora\Plugins\Spamnix\spamnix.exe
  C:\Program Files\eDonkey2000\edonkey2000.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
  O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
  O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
  O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O15 - Trusted Zone: http://www.davilexbusiness.nl
  O15 - Trusted Zone: *.musicmatch.com
  O15 - Trusted Zone: http://www.nokia.nl
  O15 - Trusted Zone: *.musicmatch.com (HKLM)
  O15 - Trusted IP range: http://80.60.49.69
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
  O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
  O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
  O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
  O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
  O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
  O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
  O18 - Protocol: bw+0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw+0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw-0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw-0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw00 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw00s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw10 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw10s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw20 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw20s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw30 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw30s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw40 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw40s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw50 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw50s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw60 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw60s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw70 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw70s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw80 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw80s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw90 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bw90s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwa0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwa0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwb0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwb0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwc0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwc0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwd0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwd0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwe0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwe0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwf0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwf0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
  O18 - Protocol: bwg0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwg0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwh0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwh0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwi0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwi0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwj0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwj0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwk0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwk0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwl0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwl0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwm0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwm0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwn0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwn0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwo0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwo0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwp0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwp0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwq0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwq0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwr0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwr0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bws0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bws0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwt0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwt0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwu0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwu0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwv0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwv0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bww0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bww0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwx0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwx0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwy0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwy0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwz0 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: bwz0s - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O18 - Protocol: offline-8876480 - {A40C3347-2EC7-44BB-9D34-A3C0B3CB28A9} - (no file)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
  O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
  O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
  O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
  O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
  O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
 • Start HJT nogmaals en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve die van HJT en klik op fix checked.

  [b:cbfb29e38b]O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe[/b:cbfb29e38b]
  Alle regels met [b:cbfb29e38b]O18 – Protocol >> (no file)[/b:cbfb29e38b]

  Start op in [b:cbfb29e38b]veilige modus[/b:cbfb29e38b] en verwijder via verkenner onderstaand dikgedrukt bestand.

  [b:cbfb29e38b]msnmsgrr.exe[/b:cbfb29e38b] even zoeken met de zoekfunctie.


  Mag ik daarna een nieuw HJT logje, zag er goed gemaakt uit trouwens goed te lezen.

  Eric
 • Hallo Eric,

  Heb al eens tevergeefs naar "msnmsgrr.exe" gezocht en daarom als eerste na je mail weer de hele PC af laten zoeken maar zonder resultaat.
  Vervolgens je aanwiijzingen gevolgd en na het opstarten in Veilige Modus weer naar "msnmsgrr.exe" gezocht en weer zonder resultaat.
  Opnieuw gestart in normale modus en een LOG gemaakt; zie onderstaand.
  Warempel daar staat weer "msnmsgrr.exe" in! Is dat niet hoogst merkwaardig? Heeft het zin om via regedit die 2 regels te deleten?

  In ieder geval alweer bedankt en hier dus de laatste log:

  Logfile of HijackThis v1.99.1
  Scan saved at 11:36, on 06-09-11
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\program files\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  C:\WINDOWS\system32\carpserv.exe
  C:\Program Files\VeriSign\NAVI\naviagent.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\oodag.exe
  C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  E:\Pinnacle\PCTV\Remote\Remoterm.exe
  E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Launchy\Launchy.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\HHVcdV5Sys\VC5Play.exe
  C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
  C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
  C:\WINDOWS\system32\wwSecure.exe
  C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Eudora\Eudora.exe
  D:\Eudora\Plugins\Spamnix\spamnix.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
  O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
  O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\TechSmith\Motherboard Monitor\MBM5.EXE"
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [PCTVRemote] E:\Pinnacle\PCTV\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
  O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Spy\Ad-Aware\Ad-Watch.exe"
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: Canon IJ Status Monitor Canon iP5200R.lnk = ?
  O4 - Startup: Registration-PCTV.lnk = E:\Pinnacle\PCTV\ERegister\RegTool.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = E:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  O4 - Global Startup: VirtualCD 5.lnk = C:\Program Files\HHVcdV5Sys\VC5Play.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
  O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O15 - Trusted Zone: http://www.davilexbusiness.nl
  O15 - Trusted Zone: *.musicmatch.com
  O15 - Trusted Zone: http://www.nokia.nl
  O15 - Trusted Zone: *.musicmatch.com (HKLM)
  O15 - Trusted IP range: http://80.60.49.69
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
  O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
  O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
  O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097937495656
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149778818796
  O16 - DPF: {750CEB9F-B16A-11D3-9022-B6AC27ECD87A} (CDFreaks.CDFreaksProtectionDetector) - file://E:\CD-R\Detect\Detect.CAB
  O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
  O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7976B6F5-BD3D-49C0-8D5E-01C245DAD18A}: NameServer = 195.121.1.34 195.121.1.66
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\VProSvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: NTBOOTMGR (NTBOOT) - Symantec Corporation - (no file)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
  O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
  O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
  O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
  O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
  O23 - Service: RoxUpnpServer - Sonic Solutions - E:\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
  O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
  O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcDataSrv.exe
  O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Test\Sandra Professional\RpcSandraSrv.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\CD-R\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
 • nieuwe download locatie
  download de killbox en pak hem uit naar je bureaublad
  http://www.killbox.net/


  start de killbox en zet een vinkje bij "delete on reboot"
  kopieer de vetgedrukte tekst:

  [b:4992c41c85]C:\WINDOWS\System32\msnmsgrr.exe [/b:4992c41c85]

  open[b:4992c41c85] "file" [/b:4992c41c85]in het killboxmenu bovenaan en kies: Paste from clipboard

  je zal zien, het bovenstaande vetgedrukte zal staan in het [b:4992c41c85]"Full Path of File to Delete"[/b:4992c41c85]-veld.
  Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes ( indien bestanden aanwezig ) die je gekopieerd hebt zien staan ( dat is tenminste de bedoeling )

  Daarna klik je op de rode knop met het wit kruisje erin,klik in beide popschermpjes op "OK"

  start opnieuw op en plaats een verst hjt logje aub.
 • Het lijkt erop dat Killbox niet veel gedaan heeft. Na het kopieren naar het veld "Full Path of…." gebeurt er na het klikken op het verticale pijltje verder niets. Ook niet na het klikken op het rode knopje met witte kruis. Er verschijnt (maar 1x de gelegenheid om op OK te drukken overigens)een mededeling die ook in onderstaande logfile staat. Tenslotte maar op Exit geklikt en opnieuw gestart. Overigens ik heb eerst gekeken of in de folder c:\windows\system32 wel de beruchte file staat. Helaas niet en voor alle zekerheid het volgende: mijn Windows Explorer staat zodanig ingesteld dat alle "hidden" files e.d. getoond worden!
  Hierbij de logfile van Killbox:
  Pocket Killbox version 2.0.0.881
  Running on Windows XP as Paul Lemmens(Administrator)
  was started @ Monday, September 11, 2006, 2:18 PM

  # 1 [Delete on Reboot]
  Path = C:\WINDOWS\System32\msnmsgrr.exe


  PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:20:20 PM
  Killbox Closed(Exit) @ 2:21:22 PM
  __________________________________________________

  Heb wel een nog een keer na het rebooten Hijack This laten lopen maar die Logfile is identiek aan de vorige. Dezelfde 2 regels met "msnmsgrr.exe".
  Dus ik dacht dat het niet zoveel zin had. Als je dit onterecht vindt zend ik alsnog een verse LOG.

  vriendelijke groet,
  Paul
 • Hmm even advies inwinnen, ik kom er op terug.
 • MSNMSGRR is inderdaad een smerig ding. Mijn Mcafee heeft die nooit gevonden. Trend Micro heeft er een mooi verhaal over maar een run via hun HouseCall free scanner vindt het ook niet ondanks de mooie praatjes op de website en met True Sword idem dito.
  Vervolgens heb ik via Regedit op de 2 plaatsen waar het in het register voorkomt, het item verwijderd maar als je dan van de 1e plaats naar de 2e plaats gaat en dan weer terugkeert naar de 1e staat alles er weer precies zoals voor de verwijdering!
  En dat allemaal zonder dat het bestand msnmsgrr.exe zelf te vinden is.!!

  Eric, ik wacht met spanning op je advies en mag ik aannemen dat Hijack This verder geen "foute" dingen meer laat zien?

  Bij voorbaat weer dank en veel groeten,
  Paul
 • Ik heb het vermoeden dat je een rootkit op je pc hebt die we niet kunnen zien, daarom is het extra jammer dat de combofix het niet deed. Wil je die instructie nogmaals lezen en dan proberen nogmaals uit te voeren.

  Ik ben bij anderen aan het navragen wat de juiste actie moet zijn in dit geval, ik kan wel zelf allerlei dingen gaan uitproberen maar ik vraag het liever eerst even na.

  Ik laat het je weten.
 • This threat copies its file(s) to your harddisk. Its typical file name is blah service . Then it creates new startup key with name blah service and value msnmsgrr.exe . You can also find it in your processes list with name msnmsgrr.exe or blah service .  Kan je eens zoeken op je pc naar [b:123d4044e9]blah service???[/b:123d4044e9]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.