als ik aan het surfen ben krijg ik waarschuwingen dat explorer besmet is en dat ik veiligheidsagent moet installeren
ik weet wel dat ik dat niet mag doen
en ik probeer dat venster te sluiten en ook krijg ik het volgende venster:buffer overrun detected
program: c:\WINDOWS\explorer.exe

A buffer ovverrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must now be terminated
ik heb al virusscan gedaan
al adware gedraaid
niets blijkt te helpen dus hier mijn logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:08, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [9cd70d27] rundll32.exe "C:\WINDOWS\system32\kepyfbrl.dll",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM9fe43ebb] Rundll32.exe "C:\WINDOWS\system32\hdqmsisv.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Opzoeken - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Vertalen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} - http://fotobook.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 23856 bytes
ik hoop dat er iemand bereid is om mij te helpen want ik ben ten einde raad

Hallo krissie,

Ik ga even voor je kijken :D

Recep

Hallo krissie,

Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-MalwareKlik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

Succes,
Recep :D

bedankt dat u me wil helpen hier de gevraagde logs.


Malwarebytes' Anti-Malware 1.08
Database versie: 498
Scan type: Snelle Scan
Objecten gescand: 30836
Verstreken tijd: 4 minute(s), 49 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 3
Registersleutels geïnfecteerd: 19
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 7
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\geebc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\kepyfbrl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\awtrpqr.dll (Trojan.Vundo) -> Unloaded module successfully.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7cc0f2f8-fd48-4094-8cb7-e3c239a9c0a7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7cc0f2f8-fd48-4094-8cb7-e3c239a9c0a7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrpqr (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geebc.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geebc.dll -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\geebc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbeeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbeeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kepyfbrl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lrbfypek.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrpqr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Explorer.EXE.Z-missing.txt (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:34, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O2 - BHO: {a91b4877-ef58-27b9-5614-5ae683c294bf} - {fb492c38-6ea5-4165-9b72-85fe7784b19a} - C:\WINDOWS\system32\pyimrywv.dll
O3 - Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [9cd70d27] rundll32.exe "C:\WINDOWS\system32\kepyfbrl.dll",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM9fe43ebb] Rundll32.exe "C:\WINDOWS\system32\hdqmsisv.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Opzoeken - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Vertalen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} - http://fotobook.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 24934 bytes

Hallo krissie,

1. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O2 - BHO: {a91b4877-ef58-27b9-5614-5ae683c294bf} - {fb492c38-6ea5-4165-9b72-85fe7784b19a} - C:\WINDOWS\system32\pyimrywv.dll
O3 - Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [9cd70d27] rundll32.exe "C:\WINDOWS\system32\kepyfbrl.dll",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\hdqmsisv.dll",s
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Er wordt om een bevestiging gevraagd, antwoord hierop met 'Ja', en sluit hierna HijackThis. Herstart daarna je PC.

2. Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u5 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
Klik op de "Download" knop aan de rechterkant.
In het uitklapmenu rechts naast Platform, selecteer [B]Windows
Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.3. Download dit bestand: zoek.exe (http://home.hetnet.nl/%7Estefsmeenk/zoek.exe)
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje samen met een nieuw HijackThis logje in je volgende bericht ;)

Succes,
Recep :D

hier zijn mijn logs na alles te hebben uitgevoerd zoals gezegd
wil je me laten weten als het ok is.

----a-w 0 2008-03-17 21:04:05 C:\WINDOWS\0.log
----a-w 60,416 2008-03-01 14:34:49 C:\WINDOWS\ALCFDRTM.VER
----a-w 10,073 2008-03-17 18:23:25 C:\WINDOWS\BM9fe43ebb.txt
--s-a-w 2,048 2008-03-17 21:03:39 C:\WINDOWS\bootstat.dat
----a-w 116 2008-03-15 08:23:37 C:\WINDOWS\NeroDigital.ini
----a-w 1,409 2008-03-17 20:10:54 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-03-17 20:10:54 C:\WINDOWS\QTFont.qfn
----a-w 32,526 2008-03-17 21:02:09 C:\WINDOWS\SchedLgU.Txt
----a-w 120 2008-03-16 18:03:14 C:\WINDOWS\setupact.log
----a-w 5,051 2008-03-16 16:35:15 C:\WINDOWS\setupapi.log
----a-w 0 2008-03-16 17:56:53 C:\WINDOWS\setuperr.log
----a-w 18,603 2008-03-17 18:27:12 C:\WINDOWS\system.ini
----a-w 549 2008-03-17 21:04:04 C:\WINDOWS\wiadebug.log
----a-w 50 2008-03-17 21:04:00 C:\WINDOWS\wiaservc.log
----a-w 1,032 2008-03-02 12:25:59 C:\WINDOWS\win.ini
----a-w 1,136,373 2008-03-17 21:04:49 C:\WINDOWS\WindowsUpdate.log
----a-w 69,120 2008-03-11 20:55:46 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
----a-w 66,728 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\big5.nlp
----a-w 82,172 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\bopomofo.nlp
----a-w 116,756 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\ksc.nlp
----a-w 4,444,160 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
----a-w 59,342 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\normidna.nlp
----a-w 45,794 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\normnfc.nlp
----a-w 39,284 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\normnfd.nlp
----a-w 66,384 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\normnfkc.nlp
----a-w 60,294 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\normnfkd.nlp
----a-w 83,748 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\prc.nlp
----a-w 83,748 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\prcp.nlp
----a-w 262,148 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\sortkey.nlp
----a-w 20,320 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\sorttbls.nlp
----a-w 28,288 2008-03-11 20:55:40 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\xjis.nlp
----a-w 3,036,160 2008-03-11 20:55:43 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
----a-w 483,840 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
----a-w 258,048 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
----a-w 113,664 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
----a-w 261,120 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,431,296 2008-03-11 20:55:42 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2008-03-11 20:55:45 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2008-03-11 20:55:43 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2008-03-11 20:55:46 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 77,824 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
----a-w 6,656 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
----a-w 348,160 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
----a-w 36,864 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
----a-w 655,360 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
----a-w 77,824 2008-03-11 20:55:51 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
----a-w 749,568 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 671,744 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
----a-w 372,736 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
----a-w 110,592 2008-03-11 20:55:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
----a-w 5,632 2008-03-11 20:55:41 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2008-03-11 20:55:46 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2008-03-11 20:55:46 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
----a-w 3,076,096 2008-03-11 20:55:44 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
----a-w 425,984 2008-03-11 20:55:43 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
----a-w 741,376 2008-03-11 20:55:44 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 933,888 2008-03-11 20:55:44 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,070,848 2008-03-11 20:55:51 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
----a-w 401,408 2008-03-11 20:55:45 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
----a-w 188,416 2008-03-11 20:55:50 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
----a-w 630,784 2008-03-11 20:55:41 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
----a-w 372,736 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2008-03-11 20:55:49 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
----a-w 131,072 2008-03-11 20:55:48 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2008-03-11 20:55:42 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2008-03-11 20:55:42 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
----a-w 884,736 2008-03-11 20:55:45 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 90,112 2008-03-11 20:55:45 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
----a-w 839,680 2008-03-11 20:55:44 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,013,504 2008-03-11 20:55:46 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,068,480 2008-03-11 20:55:42 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
---h--r 0 2008-03-12 04:33:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex5f.dat
---h--r 0 2008-03-12 04:33:53 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex60.dat
----a-w 27,136 2008-03-12 04:33:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Acc essibility\c6772fd12a581ad3be49e3f2a80b5622\Access ibility.ni.dll
----a-w 884,736 2008-03-12 04:33:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Asp NetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetM MCExt.ni.dll
----a-w 237,568 2008-03-12 04:33:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Cus tomMarshalers\c10ec9b4de2b366236ec83237dc31281\Cus tomMarshalers.ni.dll
----a-w 15,360 2008-03-12 04:33:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfs vc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
----a-w 876,544 2008-03-12 04:33:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b \Microsoft.Build.Engine.ni.dll
----a-w 81,920 2008-03-12 04:33:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e \Microsoft.Build.Framework.ni.dll
----a-w 1,695,744 2008-03-12 04:33:23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8 \Microsoft.Build.Tasks.ni.dll
----a-w 167,936 2008-03-12 04:33:24 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Uti#\11cb5418c06e30100616fbf205588489 \Microsoft.Build.Utilities.ni.dll
----a-w 1,740,800 2008-03-12 04:33:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\923bd55258380eae77353d36a5a1b08f \Microsoft.VisualBasic.ni.dll
----a-w 11,722,752 2008-03-12 04:29:10 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni .dll
----a-w 8,265,728 2008-03-12 04:29:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
----a-w 1,011,712 2008-03-12 04:33:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\eee9b48577689e92db5a7b5c5de98d9b \System.Configuration.ni.dll
----a-w 7,049,216 2008-03-12 04:29:28 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\5f669e819da7010c1dca347a25597c42\System.D ata.ni.dll
----a-w 1,798,144 2008-03-12 04:33:29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Deployment\c7dea4895e1fa33d65e448c03de48d26\Sy stem.Deployment.ni.dll
----a-w 10,969,088 2008-03-12 04:29:39 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Design\c1e16b40e30a05c39be8aee46311841c\System .Design.ni.dll
----a-w 1,224,704 2008-03-12 04:33:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\914668b240550f529e54bb772c6fc881 \System.DirectoryServices.ni.dll
----a-w 512,000 2008-03-12 04:33:31 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\f11bc82c09955cb8438d3885a99c297d \System.DirectoryServices.Protocols.ni.dll
----a-w 1,667,072 2008-03-12 04:29:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\0e83aac37b2623f1a24c70979f31dd56\Syste m.Drawing.ni.dll
----a-w 229,376 2008-03-12 04:29:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa \System.Drawing.Design.ni.dll
----a-w 659,456 2008-03-12 04:33:33 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.ni.dll
----a-w 294,912 2008-03-12 04:33:33 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.Wrapper.dll
----a-w 733,184 2008-03-12 04:33:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Security\2b5994269cc5b996231c9b21afea9a91\Syst em.Security.ni.dll
----a-w 233,472 2008-03-12 04:33:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\193ac978af569ad9ee45110b359961b9 \System.ServiceProcess.ni.dll
----a-w 679,936 2008-03-12 04:33:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\12e0aa1030badf4524f897e3f57b037a\ System.Transactions.ni.dll
----a-w 12,509,184 2008-03-12 04:33:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\67cfb70213562afe2ca9b9066764af3a\System.We b.ni.dll
----a-w 2,342,912 2008-03-12 04:33:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\Sy stem.Web.Mobile.ni.dll
----a-w 237,568 2008-03-12 04:33:50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa \System.Web.RegularExpressions.ni.dll
----a-w 1,986,560 2008-03-12 04:33:53 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\38991368499e2109ea4099a0fe29c5a3\ System.Web.Services.ni.dll
----a-w 13,193,216 2008-03-12 04:29:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5 \System.Windows.Forms.ni.dll
----a-w 5,771,264 2008-03-12 04:30:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xm l.ni.dll
--s-a-w 64 2008-03-16 19:32:46 C:\WINDOWS\CSC\csc1.tmp
----a-w 0 2008-03-17 21:03:39 C:\WINDOWS\Debug\PASSWD.LOG
----a-w 18,976 2008-03-17 21:03:50 C:\WINDOWS\Debug\UserMode\userenv.log
----a-w 110 2008-03-17 18:25:03 C:\WINDOWS\erdnt\CFrecovery.bat
----a-w 673 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON
----a-w 1,235 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF
----a-w 229,376 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
----a-w 8,192 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
----a-w 229,376 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
----a-w 8,192 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
----a-w 8,204,288 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
----a-w 192,512 2008-03-17 18:18:13 C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
----a-w 673 2008-03-17 18:25:05 C:\WINDOWS\erdnt\subs\ERDNT.CON
----a-w 460 2008-03-17 18:25:05 C:\WINDOWS\erdnt\subs\ERDNT.INF
---ha-w 1,024 2008-03-17 18:25:09 C:\WINDOWS\erdnt\subs\software.LOG
---ha-w 1,024 2008-03-17 18:25:09 C:\WINDOWS\erdnt\subs\system.LOG
----a-w 1,516,152 2008-03-01 15:37:12 C:\WINDOWS\inf\INFCACHE.1
----a-w 7,362 2008-03-01 15:37:11 C:\WINDOWS\inf\oem16.PNF
----a-w 5,306 2008-03-01 15:37:12 C:\WINDOWS\inf\oem37.PNF
----a-w 86,528 2008-03-11 20:55:54 C:\WINDOWS\Installer\124fb26.msi
----a-w 1,383,424 2008-03-17 20:52:59 C:\WINDOWS\Installer\189df.msi
----a-w 834,560 2008-03-01 15:37:17 C:\WINDOWS\Installer\af927.msi
----a-r 7 2008-03-12 05:01:14 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109 030000000000000000F01FEC\CacheSize.txt
----a-r 1,165,584 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 766 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\graph.ico
----a-r 293,950 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
----a-r 159,504 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2008-03-12 05:01:27 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2008-03-12 05:01:26 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 10,134 2008-03-01 15:37:17 C:\WINDOWS\Installer\{D5480218-2D05-4B99-BCDE-1FF6E4A738FE}\callmsi.exe
----a-r 140,544 2008-03-01 15:37:17 C:\WINDOWS\Installer\{D5480218-2D05-4B99-BCDE-1FF6E4A738FE}\egui.exe
----a-w 78,932 2008-03-11 20:56:54 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen .log
----a-w 372,712 2008-03-12 04:33:55 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen _service.log
----a-w 18,578,385 2008-03-16 11:52:50 C:\WINDOWS\pchealth\ErrorRep\UserDumps\aawservice. exe.20080316-115248-00.hdmp
-c--a-w 45,441 2008-03-16 11:52:48 C:\WINDOWS\pchealth\ErrorRep\UserDumps\aawservice. exe.20080316-115248-00.mdmp
----a-w 3,752 2008-03-02 19:28:29 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11637.xml
----a-w 17,624 2008-03-02 19:28:29 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11645.xml
----a-w 2,112 2008-03-02 19:28:29 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11651.xml
----a-w 3,752 2008-03-03 19:33:35 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11667.xml
----a-w 2,034 2008-03-04 19:38:40 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11697.xml
----a-w 3,752 2008-03-05 20:08:45 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11727.xml
----a-w 2,098 2008-03-05 20:08:45 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11737.xml
----a-w 2,974 2008-03-05 20:08:58 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11745.xml
----a-w 2,034 2008-03-06 20:17:52 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11757.xml
----a-w 2,104 2008-03-06 20:17:53 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11767.xml
----a-w 7,980 2008-03-06 20:18:05 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11775.xml
----a-w 2,034 2008-03-09 07:45:40 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11787.xml
----a-w 10,648 2008-03-09 07:45:41 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11803.xml
----a-w 3,752 2008-03-10 11:29:05 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11817.xml
----a-w 10,612 2008-03-10 11:29:06 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11833.xml
----a-w 2,034 2008-03-11 15:55:10 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11847.xml
----a-w 3,752 2008-03-12 16:01:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11877.xml
----a-w 10,648 2008-03-12 16:01:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11893.xml
----a-w 3,752 2008-03-13 17:13:54 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11907.xml
----a-w 10,612 2008-03-13 17:13:56 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11923.xml
----a-w 3,752 2008-03-14 19:23:06 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11937.xml
----a-w 12,320 2008-03-14 19:23:07 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11953.xml
----a-w 38,576 2008-03-14 19:23:21 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11955.xml
----a-w 70,412 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11956.xml
----a-w 1,450 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11958.xml
----a-w 38,904 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11960.xml
----a-w 3,604 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11962.xml
----a-w 16,696 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11964.xml
----a-w 3,472 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11966.xml
----a-w 3,752 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11967.xml
----a-w 1,578 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11968.xml
----a-w 20,752 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11970.xml
----a-w 2,040 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11972.xml
----a-w 511,366 2008-03-15 19:40:23 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11974.xml
----a-w 252,780 2008-03-15 19:40:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11976.xml
----a-w 2,098 2008-03-15 19:40:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11977.xml
----a-w 84,032 2008-03-15 19:40:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11978.xml
----a-w 4,928 2008-03-15 19:40:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11980.xml
----a-w 236,962 2008-03-15 19:40:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11982.xml
----a-w 9,860,524 2008-03-15 19:40:26 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11984.xml
----a-w 30,964 2008-03-15 19:40:36 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData _11985.xml
----a-w 75,746 2008-03-15 19:40:37 C:\WINDOWS\pchealth\helpctr\DataColl\history_db.xm l
----a-w 41,710 2008-03-17 21:04:54 C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
----a-w 13,376 2008-03-16 19:27:55 C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf
----a-w 20,906 2008-03-16 16:32:14 C:\WINDOWS\Prefetch\ATF-CLEANER[1].EXE-00C5AF67.pf
----a-w 17,432 2008-03-16 16:36:11 C:\WINDOWS\Prefetch\AVGAS-SETUP-7.5.1.43-3339[1].-03C12792.pf
----a-w 95,098 2008-03-17 19:15:44 C:\WINDOWS\Prefetch\AVGAS.EXE-27525987.pf
----a-w 53,968 2008-03-16 11:41:51 C:\WINDOWS\Prefetch\BECLEAN.EXE-168F58FF.pf
----a-w 39,260 2008-03-16 11:41:03 C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf
----a-w 17,468 2008-03-17 18:17:52 C:\WINDOWS\Prefetch\CF29211.EXE-299B2E44.pf
----a-w 5,644 2008-03-17 18:23:17 C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf
----a-w 58,896 2008-03-17 16:34:25 C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf
----a-w 26,490 2008-03-17 21:06:08 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
----a-w 65,484 2008-03-17 18:23:16 C:\WINDOWS\Prefetch\COMBOFIX.EXE-1C38089C.pf
----a-w 32,770 2008-03-17 18:30:07 C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf
----a-w 35,114 2008-03-16 18:05:25 C:\WINDOWS\Prefetch\CUREIT[1].EXE-371C2663.pf
----a-w 53,796 2008-03-17 12:12:22 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
----a-w 100,728 2008-03-17 12:12:22 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
----a-w 60,636 2008-03-16 18:04:08 C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-02A6F6D8.pf
----a-w 35,284 2008-03-16 18:01:45 C:\WINDOWS\Prefetch\DRWEB-CUREIT[1].EXE-3B555846.pf
----a-w 6,252 2008-03-17 18:30:11 C:\WINDOWS\Prefetch\DUMPHIVE.CFEXE-2ED3B134.pf
----a-w 85,506 2008-03-16 11:43:31 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
----a-w 94,920 2008-03-17 18:25:04 C:\WINDOWS\Prefetch\ERUNT.CFEXE-039977DB.pf
----a-w 100,086 2008-03-17 18:23:25 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
----a-w 12,554 2008-03-17 18:30:04 C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf
----a-w 65,964 2008-03-16 19:37:06 C:\WINDOWS\Prefetch\GBMENU.EXE-2FA6165F.pf
----a-w 19,846 2008-03-16 19:37:25 C:\WINDOWS\Prefetch\GBREVERT.EXE-13C5887B.pf
----a-w 16,616 2008-03-16 19:37:06 C:\WINDOWS\Prefetch\GBSAFETRY.EXE-005F1D91.pf
----a-w 3,952 2008-03-17 18:29:53 C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf
----a-w 12,136 2008-03-17 18:23:14 C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf
----a-w 75,282 2008-03-16 16:36:24 C:\WINDOWS\Prefetch\GUARD.EXE-0ED6BFA5.pf
----a-w 293,900 2008-03-15 19:39:04 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
----a-w 25,998 2008-03-17 20:56:05 C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf
----a-w 19,876 2008-03-16 19:43:52 C:\WINDOWS\Prefetch\HJTINSTALL[1].EXE-3A0609BF.pf
----a-w 75,564 2008-03-17 21:04:54 C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
----a-w 62,910 2008-03-17 18:28:07 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
----a-w 542,100 2008-03-17 17:21:40 C:\WINDOWS\Prefetch\layout.ini
----a-w 40,792 2008-03-17 18:30:18 C:\WINDOWS\Prefetch\LISTDLLS.CFEXE-163777B3.pf
----a-w 125,136 2008-03-17 17:16:57 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
----a-w 19,374 2008-03-17 21:02:07 C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
----a-w 47,206 2008-03-16 19:28:10 C:\WINDOWS\Prefetch\LOOK2ME-DESTROYER.EXE-324E1C54.pf
----a-w 19,708 2008-03-17 11:23:52 C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-041D4978.pf
----a-w 20,180 2008-03-17 11:23:52 C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-25E8A467.pf
----a-w 64,926 2008-03-17 11:40:43 C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
----a-w 2,778 2008-03-17 18:25:03 C:\WINDOWS\Prefetch\MOVEEX.CFEXE-01B74CA8.pf
----a-w 102,888 2008-03-17 20:34:41 C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf
----a-w 4,528 2008-03-17 18:30:04 C:\WINDOWS\Prefetch\MTEE.CFEXE-1E067BC7.pf
----a-w 9,126 2008-03-17 18:30:04 C:\WINDOWS\Prefetch\NIRCMD.CFEXE-19FF4781.pf
----a-w 10,242 2008-03-17 18:23:16 C:\WINDOWS\Prefetch\NIRCMD.COM-223F42C3.pf
----a-w 9,598 2008-03-17 18:24:35 C:\WINDOWS\Prefetch\NIRCMD.COM-323C21EC.pf
----a-w 10,006 2008-03-17 18:30:17 C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf
----a-w 58,236 2008-03-16 19:37:11 C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf
----a-w 75,536 2008-03-17 19:03:21 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
----a-w 1,263,066 2008-03-17 21:04:54 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
----a-w 60,570 2008-03-16 11:06:20 C:\WINDOWS\Prefetch\OUTLOOK.EXE-2FC6F8AB.pf
----a-w 73,096 2008-03-17 20:09:28 C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-0306E9BB.pf
----a-w 87,834 2008-03-17 16:07:49 C:\WINDOWS\Prefetch\POWERPNT.EXE-364EC56A.pf
----a-w 9,506 2008-03-17 18:25:00 C:\WINDOWS\Prefetch\PSEXEC.CFEXE-2CB6A9EC.pf
----a-w 10,520 2008-03-17 18:25:00 C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf
----a-w 12,792 2008-03-17 21:01:37 C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
----a-w 28,712 2008-03-17 18:16:15 C:\WINDOWS\Prefetch\REGEDT32.EXE-11878ACD.pf
----a-w 22,804 2008-03-17 18:24:53 C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
----a-w 13,008 2008-03-17 18:30:10 C:\WINDOWS\Prefetch\REGT.CFEXE-15DB5DAE.pf
----a-w 15,218 2008-03-17 18:23:19 C:\WINDOWS\Prefetch\ROUTE.EXE-371D32DE.pf
----a-w 31,290 2008-03-17 16:34:55 C:\WINDOWS\Prefetch\RUNDLL32.EXE-119778A1.pf
----a-w 35,444 2008-03-17 11:19:59 C:\WINDOWS\Prefetch\RUNDLL32.EXE-11CE924D.pf
----a-w 30,962 2008-03-16 17:52:51 C:\WINDOWS\Prefetch\RUNDLL32.EXE-12041BAE.pf
----a-w 32,740 2008-03-17 11:30:27 C:\WINDOWS\Prefetch\RUNDLL32.EXE-130972FD.pf
----a-w 32,056 2008-03-16 19:40:22 C:\WINDOWS\Prefetch\RUNDLL32.EXE-130DDDAC.pf
----a-w 30,906 2008-03-16 17:51:40 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1367D59F.pf
----a-w 30,006 2008-03-17 17:04:24 C:\WINDOWS\Prefetch\RUNDLL32.EXE-14C17D7E.pf
----a-w 38,694 2008-03-16 17:55:50 C:\WINDOWS\Prefetch\RUNDLL32.EXE-14CAA144.pf
----a-w 34,136 2008-03-16 19:34:53 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1692EB53.pf
----a-w 76,144 2008-03-16 19:15:45 C:\WINDOWS\Prefetch\RUNDLL32.EXE-17867E8C.pf
----a-w 32,080 2008-03-16 11:38:28 C:\WINDOWS\Prefetch\RUNDLL32.EXE-17B1E805.pf
----a-w 30,960 2008-03-16 15:55:20 C:\WINDOWS\Prefetch\RUNDLL32.EXE-180F4A38.pf
----a-w 34,232 2008-03-16 11:10:48 C:\WINDOWS\Prefetch\RUNDLL32.EXE-187F8F6E.pf
----a-w 28,666 2008-03-17 16:08:38 C:\WINDOWS\Prefetch\RUNDLL32.EXE-194B9496.pf
----a-w 21,168 2008-03-17 20:09:24 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A3AC403.pf
----a-w 31,200 2008-03-17 11:37:05 C:\WINDOWS\Prefetch\RUNDLL32.EXE-20B0C81D.pf
----a-w 34,108 2008-03-16 17:46:35 C:\WINDOWS\Prefetch\RUNDLL32.EXE-21585D04.pf
----a-w 31,080 2008-03-17 17:02:11 C:\WINDOWS\Prefetch\RUNDLL32.EXE-230528A8.pf
----a-w 29,132 2008-03-17 16:13:32 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2423FA4E.pf
----a-w 32,296 2008-03-17 04:55:00 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2490AD09.pf
----a-w 18,232 2008-03-16 16:17:41 C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
----a-w 29,230 2008-03-17 16:51:34 C:\WINDOWS\Prefetch\RUNDLL32.EXE-29FB794D.pf
----a-w 31,548 2008-03-16 19:57:58 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CBD3418.pf
----a-w 32,174 2008-03-16 17:50:00 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3500FB77.pf
----a-w 32,498 2008-03-16 17:59:28 C:\WINDOWS\Prefetch\RUNDLL32.EXE-36688575.pf
----a-w 31,576 2008-03-16 11:37:36 C:\WINDOWS\Prefetch\RUNDLL32.EXE-378B4313.pf
----a-w 55,462 2008-03-16 16:43:53 C:\WINDOWS\Prefetch\RUNDLL32.EXE-40A0C136.pf
----a-w 31,682 2008-03-16 16:26:20 C:\WINDOWS\Prefetch\RUNDLL32.EXE-43059F3F.pf
----a-w 13,170 2008-03-13 20:14:57 C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
----a-w 24,958 2008-03-17 17:58:15 C:\WINDOWS\Prefetch\RUNDLL32.EXE-48E99C51.pf
----a-w 51,316 2008-03-17 11:27:42 C:\WINDOWS\Prefetch\RUNDLL32.EXE-49118BB9.pf
----a-w 31,548 2008-03-16 20:02:24 C:\WINDOWS\Prefetch\RUNDLL32.EXE-493A0916.pf
----a-w 31,160 2008-03-16 20:34:54 C:\WINDOWS\Prefetch\RUNDLL32.EXE-49D44D12.pf
----a-w 18,232 2008-03-17 18:23:15 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C45840F.pf
----a-w 31,706 2008-03-16 20:17:00 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CDD5A53.pf
----a-w 30,898 2008-03-17 18:23:15 C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf
----a-w 38,890 2008-03-16 19:36:19 C:\WINDOWS\Prefetch\SBAUTOUPDATE.EXE-1D16DE15.pf
----a-w 3,922 2008-03-17 18:30:09 C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf
----a-w 18,372 2008-03-17 18:18:17 C:\WINDOWS\Prefetch\SETPATH.CFEXE-034E3D26.pf
----a-w 88,224 2008-03-16 18:05:51 C:\WINDOWS\Prefetch\SETUP.EXE-31BBA402.pf
----a-w 74,228 2008-03-16 11:40:41 C:\WINDOWS\Prefetch\SPYBOTSD.EXE-2D651752.pf
----a-w 48,824 2008-03-16 19:38:13 C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf
----a-w 18,884 2008-03-16 19:37:50 C:\WINDOWS\Prefetch\SPYWAREBLASTERSETUP40[1].EXE-2B2A9FFD.pf
----a-w 23,876 2008-03-16 19:37:50 C:\WINDOWS\Prefetch\SPYWAREBLASTERSETUP40[1].TMP-082FAC31.pf
----a-w 19,994 2008-03-17 18:28:07 C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
----a-w 9,052 2008-03-17 18:23:14 C:\WINDOWS\Prefetch\SWREG.CFEXE-287CC9EF.pf
----a-w 9,100 2008-03-17 18:30:04 C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf
----a-w 7,398 2008-03-17 18:24:48 C:\WINDOWS\Prefetch\SWSC.CFEXE-3B4FE4FE.pf
----a-w 7,018 2008-03-17 18:23:14 C:\WINDOWS\Prefetch\SWXCACLS.CFEXE-24057B3B.pf
----a-w 29,044 2008-03-16 10:08:50 C:\WINDOWS\Prefetch\TMASTER.EXE-3983DA71.pf
----a-w 23,452 2008-03-16 19:57:18 C:\WINDOWS\Prefetch\UNINS000.EXE-065007E2.pf
----a-w 14,966 2008-03-17 04:21:43 C:\WINDOWS\Prefetch\UPDATE.EXE-08C9746D.pf
----a-w 18,792 2008-03-17 20:56:16 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
----a-w 3,224 2008-03-17 18:30:11 C:\WINDOWS\Prefetch\VFIND.CFEXE-2033727F.pf
----a-w 112,154 2008-03-17 18:28:19 C:\WINDOWS\Prefetch\VFIND.EXE-0CB9A64E.pf
----a-w 63,998 2008-03-12 08:52:53 C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf
----a-w 39,534 2008-03-17 18:18:38 C:\WINDOWS\Prefetch\WINDOWSXP-KB310994-SP2-PRO-BO-269F787D.pf
----a-w 68,584 2008-03-17 20:08:10 C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf
----a-w 81,622 2008-03-17 20:40:52 C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf
----a-w 18,550 2008-03-17 18:16:15 C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf
----a-w 96,920 2008-03-17 20:56:19 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
----a-w 72,968 2008-03-17 16:06:32 C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA3.pf
----a-w 63,468 2008-03-17 04:40:50 C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf
----a-w 33,218 2008-03-17 18:28:07 C:\WINDOWS\Prefetch\WMPNETWK.EXE-2C0727AF.pf
----a-w 12,304 2008-03-17 21:04:54 C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
----a-w 25,106 2008-03-17 21:04:57 C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
----a-w 19,084 2008-03-16 19:57:22 C:\WINDOWS\Prefetch\_IU14D2N.TMP-08D77990.pf
----a-w 17,618 2008-03-16 18:05:33 C:\WINDOWS\Prefetch\_START.EXE-0365FB93.pf
----a-w 570,814 2008-03-17 04:22:08 C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g
----a-w 10,334 2008-03-11 04:21:08 C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.c ab
----a-w 7,630 2008-03-10 19:44:43 C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.ca b
----a-w 10,334 2008-03-11 04:21:08 C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab
----a-w 7,630 2008-03-10 19:44:43 C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\muauth.cab
----a-w 18,882,560 2008-03-17 21:04:48 C:\WINDOWS\SoftwareDistribution\DataStore\DataStor e.edb
----a-w 8,192 2008-03-17 21:05:17 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .chk
----a-w 131,072 2008-03-17 21:04:48 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log
----a-w 131,072 2008-03-17 04:22:03 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb 0016E.log
----a-w 65,536 2008-03-17 21:04:48 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb
----a-w 7,680,155 2008-03-06 22:03:55 C:\WINDOWS\SoftwareDistribution\Download\1b7fa063c d668198c06ff39928e5569a\xlconv.cab
----a-w 3,367,755 2008-03-06 22:02:19 C:\WINDOWS\SoftwareDistribution\Download\97309187e 2473dddf2ec2251bbfb6a9f\outlfltr.cab
----a-w 8,795,102 2008-03-06 21:56:21 C:\WINDOWS\SoftwareDistribution\Download\b9eb8261e 7410bdc3f68a2840939f0c8\excel.cab
----a-w 10,718,926 2008-03-06 22:00:56 C:\WINDOWS\SoftwareDistribution\Download\cda90f107 71552805738884d22496388\outlook.cab
----a-w 8 2008-03-01 06:02:04 C:\WINDOWS\SoftwareDistribution\EventCache\{096284 08-9AA4-4CFB-962D-60949E2403D3}.bin
----a-w 8 2008-03-13 16:52:48 C:\WINDOWS\SoftwareDistribution\EventCache\{2EF0E1 1E-B995-4EA8-A709-95A37B0211D8}.bin
----a-w 8 2008-03-09 14:20:32 C:\WINDOWS\SoftwareDistribution\EventCache\{317A07 B7-8B27-4101-B88F-FDEF85887B01}.bin
----a-w 8 2008-03-06 04:22:38 C:\WINDOWS\SoftwareDistribution\EventCache\{49D945 12-3AE4-4DFF-9BBC-FC81D5C773F1}.bin
----a-w 8 2008-03-15 12:46:48 C:\WINDOWS\SoftwareDistribution\EventCache\{58E2D9 0E-F45C-48D1-8FC6-CED557B74E41}.bin
----a-w 8 2008-03-07 04:19:48 C:\WINDOWS\SoftwareDistribution\EventCache\{780D93 65-B727-4030-ACE8-F522F840BB99}.bin
----a-w 8 2008-03-11 15:36:24 C:\WINDOWS\SoftwareDistribution\EventCache\{8D2A48 51-4B37-46C8-853C-2178F7B94BD5}.bin
----a-w 25,384 2008-03-17 04:21:44 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default \wsus3setup.cab
----a-w 17,836 2008-03-17 04:21:45 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registe red\musetup.cab
----a-w 25,384 2008-03-10 19:44:45 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setu p.cab
----a-w 10,144 2008-03-10 19:44:44 C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.c ab
--sh--r 88 2008-03-17 20:10:30 C:\WINDOWS\system32\31CC814646.sys
----a-w 6,300 2008-03-17 20:53:21 C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log
--sha-w 3,350 2008-03-17 20:10:30 C:\WINDOWS\system32\KGyGaAvL.sys
----a-w 19,148,408 2008-03-05 16:30:54 C:\WINDOWS\system32\MRT.exe
----a-w 39 2008-03-02 12:25:25 C:\WINDOWS\system32\mscandc.ini
--sh--w 1,367,403 2008-03-15 11:42:02 C:\WINDOWS\system32\ndbwdddw.ini
----a-w 62,140 2008-03-11 20:55:53 C:\WINDOWS\system32\perfc009.dat
----a-w 81,322 2008-03-11 20:55:53 C:\WINDOWS\system32\perfc013.dat
----a-w 402,946 2008-03-11 20:55:53 C:\WINDOWS\system32\perfh009.dat
----a-w 468,038 2008-03-11 20:55:53 C:\WINDOWS\system32\perfh013.dat
----a-w 980,218 2008-03-11 20:55:53 C:\WINDOWS\system32\PerfStringBackup.INI
----a-w 355 2008-03-16 11:50:48 C:\WINDOWS\system32\plb7s6o.tgz
----a-w 100 2008-03-16 11:50:47 C:\WINDOWS\system32\prsgrc.dll
----a-w 114 2008-03-16 11:50:47 C:\WINDOWS\system32\prsgrc.tgz
----a-w 86 2008-03-16 11:50:47 C:\WINDOWS\system32\ssprs.tgz
--sh--w 1,367,763 2008-03-16 11:09:50 C:\WINDOWS\system32\xuuxlbwj.ini
----a-w 28,324 2008-03-16 19:14:47 C:\WINDOWS\system32\CatRoot2\dberr.txt
----a-w 8,192 2008-03-17 20:50:16 C:\WINDOWS\system32\CatRoot2\edb.chk
----a-w 131,072 2008-03-17 20:50:17 C:\WINDOWS\system32\CatRoot2\edb.log
----a-w 131,072 2008-03-16 19:31:05 C:\WINDOWS\system32\CatRoot2\edb00149.log
----a-w 131,072 2008-03-16 19:31:05 C:\WINDOWS\system32\CatRoot2\edb0014A.log
----a-w 131,072 2008-03-16 19:31:06 C:\WINDOWS\system32\CatRoot2\edb0014B.log
----a-w 131,072 2008-03-16 19:31:06 C:\WINDOWS\system32\CatRoot2\edb0014C.log
----a-w 131,072 2008-03-16 19:31:06 C:\WINDOWS\system32\CatRoot2\edb0014D.log
----a-w 131,072 2008-03-16 19:31:07 C:\WINDOWS\system32\CatRoot2\edb0014E.log
----a-w 131,072 2008-03-16 19:31:10 C:\WINDOWS\system32\CatRoot2\edb0014F.log
----a-w 131,072 2008-03-16 19:31:10 C:\WINDOWS\system32\CatRoot2\edb00150.log
----a-w 131,072 2008-03-16 19:31:10 C:\WINDOWS\system32\CatRoot2\edb00151.log
----a-w 131,072 2008-03-16 19:31:11 C:\WINDOWS\system32\CatRoot2\edb00152.log
----a-w 131,072 2008-03-16 19:31:11 C:\WINDOWS\system32\CatRoot2\edb00153.log
----a-w 131,072 2008-03-17 18:29:56 C:\WINDOWS\system32\CatRoot2\edb00154.log
----a-w 524,288 2008-03-17 21:02:09 C:\WINDOWS\system32\config\AppEvent.Evt
----a-w 262,144 2008-03-17 18:25:47 C:\WINDOWS\system32\config\default.bak
---ha-w 1,024 2008-03-17 21:04:31 C:\WINDOWS\system32\config\default.LOG
---ha-w 8,192 2008-03-17 18:25:12 C:\WINDOWS\system32\config\default.tmp.LOG
----a-w 1,441,792 2008-03-17 21:02:09 C:\WINDOWS\system32\config\OSession.evt
----a-w 28,672 2008-03-17 18:25:47 C:\WINDOWS\system32\config\SAM.bak
---ha-w 1,024 2008-03-17 21:03:40 C:\WINDOWS\system32\config\SAM.LOG
----a-w 49,152 2008-03-17 18:25:47 C:\WINDOWS\system32\config\SECURITY.bak
---ha-w 1,024 2008-03-17 21:04:31 C:\WINDOWS\system32\config\SECURITY.LOG
---ha-w 8,192 2008-03-17 18:25:09 C:\WINDOWS\system32\config\SECURITY.tmp.LOG
----a-w 37,748,736 2008-03-17 18:25:47 C:\WINDOWS\system32\config\software.bak
---ha-w 16,384 2008-03-17 21:06:08 C:\WINDOWS\system32\config\software.LOG
----a-w 524,288 2008-03-17 21:02:09 C:\WINDOWS\system32\config\SysEvent.Evt
----a-w 6,291,456 2008-03-17 18:25:47 C:\WINDOWS\system32\config\system.bak
---ha-w 1,024 2008-03-17 21:05:05 C:\WINDOWS\system32\config\system.LOG
---ha-w 1,024 2008-03-17 18:18:21 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG
----a-w 78 2008-03-16 13:49:10 C:\WINDOWS\system32\Restore\MachineGuid.txt
----a-w 107,496 2008-03-11 20:55:52 C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF8 15A32641E6185350A9E.mof
----a-w 29,388 2008-03-11 20:55:40 C:\WINDOWS\system32\wbem\AutoRecover\DFB9AD54AC2D3 B8122567AAD3BF3EB7F.mof
----a-w 3,623 2008-03-17 21:04:29 C:\WINDOWS\system32\wbem\Logs\wbemess.log
----a-w 65,629 2008-03-17 21:02:09 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_
----a-w 3,437 2008-03-17 21:04:07 C:\WINDOWS\system32\wbem\Logs\wmiprov.log
----a-w 20 2008-03-17 21:04:01 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
----a-w 1,327,104 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
----a-w 688 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
----a-w 4 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
----a-w 5,208 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P
----a-w 5,208 2008-03-17 21:04:17 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P
----a-w 9,019,392 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A
----a-w 4,536 2008-03-17 21:04:24 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
----a-w 284 2008-03-16 19:39:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
----a-w 408 2008-03-05 02:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
---ha-w 6 2008-03-17 21:03:43 C:\WINDOWS\Tasks\SA.DAT
----a-w 383 2008-03-11 20:55:47 C:\WINDOWS\WinSxS\Manifests\MSIL_IEExecRemote_b03f 5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest
----a-w 8,173 2008-03-11 20:55:50 C:\WINDOWS\WinSxS\Manifests\x86_System.EnterpriseS ervices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790.manifest
----a-w 8,192 2008-03-11 20:55:47 C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
----a-w 258,048 2008-03-11 20:55:50 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 113,664 2008-03-11 20:55:50 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
Entries: 420 (400)
Directories: 0 Files: 420
Bytes: 321,495,755 Blocks: 628,062
=============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:50, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Opzoeken - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Vertalen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} - http://fotobook.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {DD962E13-B765-4800-83F0-6606847024FD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 23353 bytes

Hallo krissie,

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\31CC814646.sys
C:\WINDOWS\system32\ndbwdddw.ini
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\prsgrc.tgz
C:\WINDOWS\system32\xuuxlbwj.ini
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
C:\WINDOWS\system32\hdqmsisv.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Succes,
Recep :D

hier de gevraagde log
Deleting files
C:\WINDOWS\system32\31CC814646.sys deleted
C:\WINDOWS\system32\ndbwdddw.ini not found
C:\WINDOWS\system32\prsgrc.dll not found
C:\WINDOWS\system32\prsgrc.tgz deleted
C:\WINDOWS\system32\xuuxlbwj.ini not found
C:\WINDOWS\Tasks\ErrorKiller not found
Scheduled not found
Scan.job not found
C:\WINDOWS\system32\hdqmsisv.dll not found

Hallo krissie,

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Hoe is het met je problemen?

Succes,
Recep :D