Hallo Spek,

Welkom op Nucia!


Ga naar Start -> Configuratiescherm -> Software
Verwijder/de-installeer daar (indien aanwezig!) het volgende:

• MorpheusBar
• SrchAstt
• Yahoo! Toolbar / Yahoo! Toolbar Helper
• HitmanPro (en alle onderdelen van HitmanPro)

Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:

• R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
• O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
• O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - C:\Program Files\SystemApp\ie-improver.dll
• O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
• O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
• O2 - BHO: (no name) - {47A2A8C1-154D-48D8-B68E-F5AB52C46108} - C:\WINDOWS\system32\ddayw.dll (file missing)
• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
• O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
• O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
• O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
• O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
• O4 - HKLM\..\Run: [3c1291de] rundll32.exe "C:\WINDOWS\system32\mafayuwy.dll",b
• O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
• O20 - AppInit_DLLs: C:\WINDOWS\system32\__c003D086.dat

Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Indien er een vraag komt over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix en sla het op je bureaublad op.

Open Combofix.exe en volg de instructies, aanvaard de disclaimer door "1"te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

- Daniël

Heej , alvast bedankt voor de moeite, ik zie voor het eerst sinds tijden weer een fire wall tevoorschijn schieten na het rebooten van de computer ( of ik msn moet blokkeren of niet ).

Van alle bestanden die ik moest verwijderen bij " software" kon ik alleen de bovenste verwijderen ( MorpheusBar )
De rest stond niet in de lijst.

Hier is de log van Combofix:
- wat een lap tekst -
ComboFix 07-12-21.4 - Administrator 2007-12-27 11:08:42.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.200 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ravmonlog
C:\Program Files\internet explorer\iekey.dll
C:\Program Files\SystemApp
C:\Program Files\SystemApp\bho.dat
C:\Program Files\SystemApp\er.dat
C:\Program Files\SystemApp\uninstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\KB611311.log
C:\WINDOWS\system32\__c00EB5AC.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\bwhjyyyl.ini
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\lyyyjhwb.dll
C:\WINDOWS\system32\mafayuwy.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mvwsbvmj.dll
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\ywuyafam.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
.

2007-12-27 09:19 . 2007-12-27 09:19 <DIR> d--hs---- C:\FOUND.044
2007-12-25 23:57 . 2007-12-25 23:57 <DIR> d--hs---- C:\FOUND.043
2007-12-25 14:39 . 2007-12-25 14:39 <DIR> d--hs---- C:\FOUND.042
2007-12-25 14:04 . 2007-12-25 14:04 <DIR> d--hs---- C:\FOUND.041
2007-12-24 12:09 . 2007-12-24 12:09 <DIR> d--hs---- C:\FOUND.040
2007-12-23 12:09 . 2007-12-23 12:09 <DIR> d--hs---- C:\FOUND.039
2007-12-22 12:35 . 2007-12-22 12:35 <DIR> d--hs---- C:\FOUND.038
2007-12-22 11:14 . 2007-12-22 11:14 <DIR> d--hs---- C:\FOUND.037
2007-12-21 20:05 . 2007-12-21 20:05 <DIR> d--hs---- C:\FOUND.036
2007-12-20 18:49 . 2007-12-27 11:02 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 15:18 . 2007-12-17 15:18 <DIR> d--hs---- C:\FOUND.035
2007-12-13 19:14 . 2007-12-13 19:14 <DIR> d--hs---- C:\FOUND.034
2007-12-11 23:23 . 2007-12-23 11:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 23:23 . 2007-12-11 23:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 18:42 . 2007-12-11 18:42 <DIR> d--hs---- C:\FOUND.033
2007-12-09 14:57 . 2007-12-09 14:57 <DIR> d--hs---- C:\FOUND.032
2007-12-09 13:32 . 2007-12-09 13:32 <DIR> d--hs---- C:\FOUND.031
2007-12-09 12:18 . 2007-12-09 12:18 <DIR> d--hs---- C:\FOUND.030
2007-12-08 19:21 . 2007-12-08 19:21 <DIR> d--hs---- C:\FOUND.029
2007-12-08 18:13 . 2007-12-08 18:13 <DIR> d--hs---- C:\FOUND.028
2007-12-03 16:37 . 2007-12-03 16:37 <DIR> d--hs---- C:\FOUND.027
2007-12-02 19:32 . 2007-12-02 19:32 <DIR> d--hs---- C:\FOUND.026
2007-12-01 18:04 . 2007-12-01 18:04 <DIR> d--hs---- C:\FOUND.025
2007-12-01 15:46 . 2007-12-01 15:46 <DIR> d--hs---- C:\FOUND.024
2007-11-30 18:25 . 2007-11-30 18:25 <DIR> d--hs---- C:\FOUND.023
2007-11-29 22:18 . 2007-11-29 22:18 <DIR> d--hs---- C:\FOUND.022
2007-11-29 19:52 . 2007-11-29 19:52 <DIR> d--hs---- C:\FOUND.021
2007-11-29 19:10 . 2007-11-29 19:10 <DIR> d--hs---- C:\FOUND.020
2007-11-28 23:30 . 2007-11-28 23:30 <DIR> d--hs---- C:\FOUND.019
2007-11-27 22:38 . 2007-11-27 22:38 <DIR> d--hs---- C:\FOUND.018
2007-11-27 20:30 . 2007-11-27 20:30 <DIR> d--hs---- C:\FOUND.017
2007-11-27 19:30 . 2007-11-27 19:30 <DIR> d--hs---- C:\FOUND.016

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 09:58 --------- d-----w C:\Program Files\Image-Line
2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-10-27 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-27 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-27 21:47 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-27 21:47 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-27 21:47 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-27 10:17 10,816 ----a-w C:\WINDOWS\system32\orakbexk.dll
2007-10-27 10:14 10,816 ----a-w C:\WINDOWS\system32\dxpeuojl.dll
2007-10-26 09:22 10,816 ----a-w C:\WINDOWS\system32\iiieqcqe.dll
2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 14:28 520,192 ----a-w C:\WINDOWS\system32\AssassinsCreed 2.scr
2007-10-25 14:27 520,192 ----a-w C:\WINDOWS\system32\AssassinsCreed 1.scr
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-11-09 11:51 1 ----a-w C:\Documents and Settings\Administrator\SI.bin
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-22 13:51]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 21:10]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-26 12:44]
"nod32kui"="d:\Program Files\Eset\nod32kui.exe" [2007-10-27 21:47]
"Hitman Pro Expiration Helper"="d:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 13:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-22 13:51]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-12 20:01:49]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-22 13:51:55]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdxgthkn.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-06-25 17:47]

.
Inhoud van de 'Gedeelde Taken' map
"2007-12-27 10:11:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 11:12:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> d:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2007-12-27 11:13:57 - machine was rebooted
.
2007-12-21 19:22:15 --- E O F ---

En hier is het log van HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21, on 2007-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Hitman Pro\xphelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "d:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = D:\heroes torrent\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bw+0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://tn3-1.deviantart.com/fs6/300W/i/2005/091/4/5/Travelling_Without_moving_by_reiq.jpg

--
End of file - 20554 bytes





Nu moet ik er wel bij vertellen dat na het verwijderen van de hijackthis bestanden, en tijdens het downloaden van combofix mijn pc vastliep.
Ik weet neit of dit gevolgen heeft of iets dergelijks.

MvG
ik

Hallo Spek,

Het lijkt erop dat het goed is gegaan hoor

Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:

• O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
• O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Indien er een vraag komt over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

Open vervolgens een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

- Daniël

combofix log =

ComboFix 07-12-21.4 - Administrator 2007-12-27 18:48:47.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.241 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dxpeuojl.dll
C:\WINDOWS\system32\iiieqcqe.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orakbexk.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.016
C:\FOUND.016\FILE0000.CHK
C:\FOUND.016\FILE0001.CHK
C:\FOUND.016\FILE0002.CHK
C:\FOUND.016\FILE0003.CHK
C:\FOUND.017
C:\FOUND.017\FILE0000.CHK
C:\FOUND.018
C:\FOUND.018\FILE0000.CHK
C:\FOUND.019
C:\FOUND.019\FILE0000.CHK
C:\FOUND.020
C:\FOUND.020\FILE0000.CHK
C:\FOUND.020\FILE0001.CHK
C:\FOUND.020\FILE0002.CHK
C:\FOUND.020\FILE0003.CHK
C:\FOUND.020\FILE0004.CHK
C:\FOUND.020\FILE0005.CHK
C:\FOUND.020\FILE0006.CHK
C:\FOUND.020\FILE0007.CHK
C:\FOUND.020\FILE0008.CHK
C:\FOUND.020\FILE0009.CHK
C:\FOUND.020\FILE0010.CHK
C:\FOUND.020\FILE0011.CHK
C:\FOUND.020\FILE0012.CHK
C:\FOUND.020\FILE0013.CHK
C:\FOUND.020\FILE0014.CHK
C:\FOUND.020\FILE0015.CHK
C:\FOUND.020\FILE0016.CHK
C:\FOUND.020\FILE0017.CHK
C:\FOUND.021
C:\FOUND.021\FILE0000.CHK
C:\FOUND.021\FILE0001.CHK
C:\FOUND.022
C:\FOUND.022\FILE0000.CHK
C:\FOUND.022\FILE0001.CHK
C:\FOUND.023
C:\FOUND.023\FILE0000.CHK
C:\FOUND.024
C:\FOUND.024\FILE0000.CHK
C:\FOUND.025
C:\FOUND.025\FILE0000.CHK
C:\FOUND.026
C:\FOUND.026\FILE0000.CHK
C:\FOUND.026\FILE0001.CHK
C:\FOUND.026\FILE0002.CHK
C:\FOUND.026\FILE0003.CHK
C:\FOUND.026\FILE0004.CHK
C:\FOUND.026\FILE0005.CHK
C:\FOUND.026\FILE0006.CHK
C:\FOUND.026\FILE0007.CHK
C:\FOUND.026\FILE0008.CHK
C:\FOUND.026\FILE0009.CHK
C:\FOUND.027
C:\FOUND.027\FILE0000.CHK
C:\FOUND.027\FILE0001.CHK
C:\FOUND.027\FILE0002.CHK
C:\FOUND.028
C:\FOUND.028\FILE0000.CHK
C:\FOUND.028\FILE0001.CHK
C:\FOUND.029
C:\FOUND.029\FILE0000.CHK
C:\FOUND.030
C:\FOUND.030\FILE0000.CHK
C:\FOUND.030\FILE0001.CHK
C:\FOUND.031
C:\FOUND.031\FILE0000.CHK
C:\FOUND.032
C:\FOUND.032\FILE0000.CHK
C:\FOUND.033
C:\FOUND.033\FILE0000.CHK
C:\FOUND.034
C:\FOUND.034\FILE0000.CHK
C:\FOUND.035
C:\FOUND.035\FILE0000.CHK
C:\FOUND.036
C:\FOUND.036\FILE0000.CHK
C:\FOUND.036\FILE0001.CHK
C:\FOUND.036\FILE0002.CHK
C:\FOUND.036\FILE0003.CHK
C:\FOUND.036\FILE0004.CHK
C:\FOUND.036\FILE0005.CHK
C:\FOUND.036\FILE0006.CHK
C:\FOUND.036\FILE0007.CHK
C:\FOUND.036\FILE0008.CHK
C:\FOUND.036\FILE0009.CHK
C:\FOUND.036\FILE0010.CHK
C:\FOUND.036\FILE0011.CHK
C:\FOUND.036\FILE0012.CHK
C:\FOUND.036\FILE0013.CHK
C:\FOUND.036\FILE0014.CHK
C:\FOUND.037
C:\FOUND.037\FILE0000.CHK
C:\FOUND.037\FILE0001.CHK
C:\FOUND.037\FILE0002.CHK
C:\FOUND.038
C:\FOUND.038\FILE0000.CHK
C:\FOUND.039
C:\FOUND.039\FILE0000.CHK
C:\FOUND.039\FILE0001.CHK
C:\FOUND.040
C:\FOUND.040\FILE0000.CHK
C:\FOUND.041
C:\FOUND.041\FILE0000.CHK
C:\FOUND.042
C:\FOUND.042\FILE0000.CHK
C:\FOUND.043
C:\FOUND.043\FILE0000.CHK
C:\FOUND.043\FILE0001.CHK
C:\FOUND.044
C:\FOUND.044\FILE0000.CHK
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dxpeuojl.dll
C:\WINDOWS\system32\iiieqcqe.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orakbexk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MDXGTHKN
-------\LEGACY_NOCASHIO
-------\mdxgthkn
-------\nocashio


(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 09:58 --------- d-----w C:\Program Files\Image-Line
2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-10-27 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-27 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-27 21:47 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-27 21:47 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-27 21:47 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 14:28 520,192 ----a-w C:\WINDOWS\system32\AssassinsCreed 2.scr
2007-10-25 14:27 520,192 ----a-w C:\WINDOWS\system32\AssassinsCreed 1.scr
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-11-09 11:51 1 ----a-w C:\Documents and Settings\Administrator\SI.bin
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-22 13:51]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 21:10]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-26 12:44]
"nod32kui"="d:\Program Files\Eset\nod32kui.exe" [2007-10-27 21:47]
"Hitman Pro Expiration Helper"="d:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 13:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-22 13:51]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-12 20:01:49]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-22 13:51:55]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""


.
Inhoud van de 'Gedeelde Taken' map
"2007-12-27 17:51:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 18:52:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> d:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2007-12-27 18:53:59 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-27 11:14
.
2007-12-21 19:22:15 --- E O F ---

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59, on 2007-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Hitman Pro\xphelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "d:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = D:\heroes torrent\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bw+0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5880A8C4-8C05-4432-9DBB-F8772DF15CAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://tn3-1.deviantart.com/fs6/300W/i/2005/091/4/5/Travelling_Without_moving_by_reiq.jpg

--
End of file - 20329 bytes

Hi,

Ziet er weer aardig goed uit, heb je nog problemen?

- Dani&#235;l

nee, hij loopt minder snel vast enzo, ff defragmenteren en goed schoonmaken , that schould do the trick.

heel erg bedankt voor je hulp

Nog gelukt?

jup.

en nu door naar familie -> vrienden -> grote tent op het dorp -> cafe -> bed , dus totziens

Fijne jaarwisseling!