Mededeling

Collapse
No announcement yet.

Problemen met het goed runnen van vista door spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Problemen met het goed runnen van vista door spyware

    Sinds vandaag begint mijn computer rare dingen te vertonen. Ik krijg continu een raar driehoekig icoontje in mijn taakbalk, en dan zegt het dat mijn computer traag werkt of dat er spyware aanvallen zijn. Image caps:






    Wat ik merk is dat hierdoor mijn computer langzamer gaa werken, mijn toetsenbord vaak niet meer reageert terwijl het een USB-toetsenbord is, enz enz. Een hijackthis log heb ik ook nog gemaakt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:29:18, on 3-5-2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\wmsdkns.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

    --
    End of file - 7112 bytes


    Hoop dat iemand mij kan helpen.

  • #2
    Download The Avenger en pak het programma uit op je bureaublad.
    Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
    In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


    Files to delete:
    C:\Windows\winself.exe
    C:\Windows\system32\hgGwTnNf.dll
    C:\Windows\system32\wmsdkns.exe


    Klik daarna op de knop Execute.
    The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
    Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

    Comment


    • #3
      Bedankt alvast, hieronder de log van The Avenger.

      Logfile of The Avenger Version 2.0, (c) by Swandog46
      http://swandog46.geekstogo.com

      Platform: Windows Vista

      *******************

      Script file opened successfully.
      Script file read successfully.

      Backups directory opened successfully at C:\Avenger

      *******************

      Beginning to process script file:

      Rootkit scan active.
      No rootkits found!


      Error: file "C:\Windows\winself.exe" not found!
      Deletion of file "C:\Windows\winself.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist

      File "C:\Windows\system32\hgGwTnNf.dll" deleted successfully.

      Error: file "C:\Windows\system32\wmsdkns.exe" not found!
      Deletion of file "C:\Windows\system32\wmsdkns.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Completed script processing.

      *******************

      Finished! Terminate.


      En dan de nieuwe log van HijackThis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:29:18, on 3-5-2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\wmsdkns.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
      C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Xfire\xfire.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Xfire\xfire.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\System32\wsqmcons.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
      O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
      O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O13 - Gopher Prefix:
      O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
      O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

      --
      End of file - 7112 bytes


      Heb trouwens in de 5 minuten dat de computer is opgestart nog geen 'melding' gekregen van dat ik spyware op mn computer heb.

      Comment


      • #4
        Volgens je logje is er niets veranderd?

        Rechtsklik Hijackthis en kies voor "Run as administrator".
        Start Hijackthis en plaats alleen een vinkje voor de volgende regels:
        F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
        O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
        O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll
        O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
        O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
        O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
        O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
        O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
        O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
        O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
        O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
        O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
        O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
        O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
        O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
        O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        sc delete MsSecurity1.209.4
        Druk daarna op OK.

        Herstart de computer.

        Start Hijackthis, maak een nieuw logje en post deze in je volgende bericht

        Comment


        • #5
          Nu is er wel wat verandert, al te zien aan het aantal bytes dat de log bevat.

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:59:12, on 3-5-2008
          Platform: Windows Vista SP1 (WinNT 6.00.1905)
          MSIE: Internet Explorer v7.00 (7.00.6001.18000)
          Boot mode: Normal

          Running processes:
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\Dwm.exe
          C:\Windows\Explorer.EXE
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
          C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Windows\ehome\ehtray.exe
          C:\Program Files\Windows Media Player\wmpnscfg.exe
          C:\Program Files\Xfire\xfire.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
          C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
          C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
          C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
          C:\Program Files\Xfire\xfire.exe
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O1 - Hosts: ::1 localhost
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
          O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
          O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
          O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O13 - Gopher Prefix:
          O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
          O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
          O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe (file missing)
          O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
          O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

          --
          End of file - 5635 bytes

          Comment


          • #6
            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              Done,

              ======C:\Windows====
              ----a-w 23,040 2008-05-03 14:40:29 C:\Windows\123messenger.per
              ----a-w 29,184 2008-05-03 14:40:39 C:\Windows\2020search.dll
              ----a-w 26,624 2008-05-03 14:40:39 C:\Windows\2020search2.dll
              ----a-w 25,600 2008-05-03 14:40:16 C:\Windows\apphelp32.dll
              ----a-w 17,408 2008-05-03 14:40:16 C:\Windows\asferror32.dll
              ----a-w 11,008 2008-05-03 14:40:16 C:\Windows\asycfilt32.dll
              ----a-w 22,528 2008-05-03 14:40:17 C:\Windows\athprxy32.dll
              ----a-w 21,504 2008-05-03 14:40:17 C:\Windows\ati2dvaa32.dll
              ----a-w 25,344 2008-05-03 14:40:17 C:\Windows\ati2dvag32.dll
              ----a-w 0 2008-04-30 10:02:04 C:\Windows\ativpsrm.bin
              ----a-w 31,744 2008-05-03 14:40:18 C:\Windows\audiosrv32.dll
              ----a-w 24,576 2008-05-03 14:40:18 C:\Windows\autodisc32.dll
              ----a-w 16,640 2008-05-03 14:40:18 C:\Windows\avifile32.dll
              ----a-w 17,408 2008-05-03 14:40:19 C:\Windows\avisynthex32.dll
              ----a-w 31,488 2008-05-03 14:40:19 C:\Windows\aviwrap32.dll
              ----a-w 16,384 2008-05-03 14:40:39 C:\Windows\bjam.dll
              ----a-w 19,200 2008-05-03 14:40:41 C:\Windows\bokja.exe
              --s-a-w 67,584 2008-05-03 20:04:58 C:\Windows\bootstat.dat
              ----a-w 15,872 2008-05-03 14:40:19 C:\Windows\browserad.dll
              ----a-w 10,752 2008-05-03 14:40:41 C:\Windows\cdsm32.dll
              ----a-w 24,832 2008-05-03 14:40:15 C:\Windows\changeurl_30.dll
              ----a-w 1,916 2008-05-03 15:17:07 C:\Windows\default.htm
              ----a-w 15,872 2008-05-03 14:40:33 C:\Windows\didduid.ini
              ----a-w 319,456 2008-05-01 14:18:15 C:\Windows\DIFxAPI.dll
              ----a-w 319 2008-05-02 12:46:15 C:\Windows\game.ini
              ----a-w 315,392 2008-04-30 12:16:28 C:\Windows\HideWin.exe
              ----a-w 87,979 2008-05-03 08:43:41 C:\Windows\lfn.exe
              ----a-w 22,016 2008-05-03 14:40:29 C:\Windows\licencia.txt
              --sh--r 138 2008-05-03 08:43:26 C:\Windows\mainms.vpi
              ------w 4 2008-05-03 15:14:31 C:\Windows\megavid.cdt
              ----a-w 147,902,029 2008-05-03 20:04:53 C:\Windows\MEMORY.DMP
              ----a-w 26,880 2008-05-03 14:40:29 C:\Windows\msa64chk.dll
              ----a-w 16,896 2008-05-03 14:40:29 C:\Windows\msapasrc.dll
              ----a-w 17,664 2008-05-03 14:40:40 C:\Windows\mspphe.dll
              ----a-w 31,488 2008-05-03 14:40:40 C:\Windows\mssvr.exe
              --sh--r 33 2008-05-03 15:18:40 C:\Windows\muotr.so
              ----a-w 180,028 2008-05-03 15:16:46 C:\Windows\ntbtlog.txt
              ----a-w 32,512 2008-05-03 14:40:21 C:\Windows\ntnut.exe
              ----a-w 1,834 2008-05-03 15:15:31 C:\Windows\PFRO.log
              ----a-w 1,196,032 2008-04-02 07:27:26 C:\Windows\RtlUpd.exe
              ----a-w 10,496 2008-05-03 14:40:33 C:\Windows\saiemod.dll
              ----a-w 26,624 2008-05-03 14:40:20 C:\Windows\shdocpe.dll
              ----a-w 27,136 2008-05-03 14:40:21 C:\Windows\shdocpl.dll
              ----a-w 11,776 2008-05-03 14:40:43 C:\Windows\stcloader.exe
              ----a-w 10,496 2008-05-03 14:40:41 C:\Windows\swin32.dll
              ----a-w 9,984 2008-05-03 14:40:29 C:\Windows\telefonos.txt
              ----a-w 16,384 2008-05-03 14:40:29 C:\Windows\textos.txt
              ----a-w 19,968 2008-05-03 14:40:42 C:\Windows\voiceip.dll
              ----a-w 577,985 2008-05-03 19:50:21 C:\Windows\WindowsUpdate.log
              ----a-w 27,648 2008-05-03 14:40:19 C:\Windows\winsb.dll

              Entries: 50 (47)
              Directories: 0 Files: 50
              Bytes: 151,385,705 Blocks: 295,687
              ======C:\Windows\system32=====
              ---ha-w 3,760 2008-05-03 20:05:03 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
              ---ha-w 3,760 2008-05-03 20:05:03 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
              ----a-w 47,104 2008-03-29 03:41:35 C:\Windows\System32\amdpcom32.dll
              ----a-w 43,520 2008-03-29 04:18:38 C:\Windows\System32\ati2edxx.dll
              ----a-w 253,952 2008-03-29 04:18:29 C:\Windows\System32\Ati2evxx.dll
              ----a-w 667,648 2008-03-29 04:17:21 C:\Windows\System32\Ati2evxx.exe
              ----a-w 372,736 2008-03-29 04:19:21 C:\Windows\System32\ATIDEMGX.dll
              ----a-w 1,499,136 2008-03-29 04:10:09 C:\Windows\System32\atidxx32.dll
              ----a-w 9,662,464 2008-03-29 04:12:48 C:\Windows\System32\atioglxx.dll
              ----a-w 315,392 2008-03-29 04:18:59 C:\Windows\System32\atipdlxx.dll
              ----a-w 159,744 2008-03-29 04:19:10 C:\Windows\System32\atitmmxx.dll
              ----a-w 3,074,560 2008-03-29 04:05:15 C:\Windows\System32\atiumdag.dll
              ----a-w 3,107,788 2008-03-29 03:51:09 C:\Windows\System32\atiumdva.dat
              ----a-w 4,088,320 2008-03-29 03:51:31 C:\Windows\System32\atiumdva.dll
              ----a-w 0 2008-05-03 14:44:23 C:\Windows\System32\clkcnt.txt
              --sha-w 6,572 2008-05-03 15:08:10 C:\Windows\System32\fNnTwGgh.ini
              --sha-w 6,572 2008-05-03 15:05:10 C:\Windows\System32\fNnTwGgh.ini2
              ----a-w 228,896 2008-04-30 10:02:24 C:\Windows\System32\FNTCACHE.DAT
              ----a-w 678,408 2008-03-12 20:21:01 C:\Windows\System32\gpprefcl.dll
              ----a-w 6,242 2008-05-01 14:05:41 C:\Windows\System32\jupdate-1.6.0_05-b13.log
              ----a-w 34,064 2008-05-01 14:16:03 C:\Windows\System32\lhacm.acm
              ----a-w 1,044,480 2008-03-21 20:30:00 C:\Windows\System32\libdivx.dll
              ----a-w 49,052 2008-04-30 09:38:52 C:\Windows\System32\license.rtf
              ----a-w 45,056 2008-05-03 08:40:40 C:\Windows\System32\lJayVLDV.dll
              ----a-w 19,836,024 2008-04-05 20:56:22 C:\Windows\System32\mrt.exe
              ----a-w 249,856 2008-03-29 04:18:49 C:\Windows\System32\Oemdspif.dll
              ----a-w 43,008 2008-05-03 08:40:39 C:\Windows\System32\oPIAPHBt.dll
              ----a-w 101,052 2008-05-03 19:59:03 C:\Windows\System32\perfc009.dat
              ----a-w 126,158 2008-05-03 19:59:03 C:\Windows\System32\perfc013.dat
              ----a-w 125,472 2008-05-03 19:59:03 C:\Windows\System32\perfc019.dat
              ----a-w 41,976 2008-05-01 21:05:39 C:\Windows\System32\perfd013.dat
              ----a-w 586,980 2008-05-03 19:59:03 C:\Windows\System32\perfh009.dat
              ----a-w 664,926 2008-05-03 19:59:03 C:\Windows\System32\perfh013.dat
              ----a-w 644,592 2008-05-03 19:59:03 C:\Windows\System32\perfh019.dat
              ----a-w 336,440 2008-05-01 21:05:39 C:\Windows\System32\perfi013.dat
              ----a-w 2,239,730 2008-05-03 19:59:03 C:\Windows\System32\PerfStringBackup.INI
              ----a-w 66,872 2008-05-02 13:03:15 C:\Windows\System32\PnkBstrA.exe
              ----a-w 107,832 2008-05-03 18:17:52 C:\Windows\System32\PnkBstrB.exe
              ----a-w 2,172,416 2008-04-16 12:28:08 C:\Windows\System32\RtkAPO.dll
              ----a-w 31,232 2008-04-03 14:51:16 C:\Windows\System32\RtkCoInst.dll
              ----a-w 38,400 2008-04-11 15:23:54 C:\Windows\System32\SoundSchemes.exe
              ----a-w 552 2008-05-03 14:01:51 C:\Windows\System32\spsys.log
              ----a-w 200,704 2008-03-21 20:30:00 C:\Windows\System32\ssldivx.dll
              ----a-w 4 2008-05-03 08:43:42 C:\Windows\System32\winfrun32.bin
              ----a-w 41,296 2008-04-22 22:28:58 C:\Windows\System32\xfcodec.dll

              Entries: 45 (41)
              Directories: 0 Files: 45
              Bytes: 53,054,748 Blocks: 103,636
              ======C:\Windows\system32\drivers=====
              ----a-w 49,152 2008-03-29 03:29:32 C:\Windows\System32\drivers\ati2erec.dll
              ----a-w 3,544,064 2008-03-29 06:24:16 C:\Windows\System32\drivers\atikmdag.sys
              ----a-w 40,456 2008-03-13 14:43:42 C:\Windows\System32\drivers\eamon.sys
              ----a-w 29,704 2008-03-13 14:44:36 C:\Windows\System32\drivers\easdrv.sys
              ----a-w 71,176 2008-03-13 14:52:12 C:\Windows\System32\drivers\epfw.sys
              ----a-w 30,728 2008-03-13 14:52:16 C:\Windows\System32\drivers\epfwndis.sys
              ----a-w 54,280 2008-03-13 14:52:16 C:\Windows\System32\drivers\epfwtdi.sys
              ---ha-w 0 2008-04-30 10:31:56 C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
              ---ha-w 0 2008-04-30 10:31:30 C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
              ---ha-w 0 2008-04-30 10:34:26 C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
              ----a-w 22,328 2008-05-03 18:17:59 C:\Windows\System32\drivers\PnkBstrK.sys
              ----a-w 717,296 2008-04-30 12:49:55 C:\Windows\System32\drivers\sptd.sys
              ----a-w 4,114 2008-05-03 20:04:51 C:\Windows\System32\drivers\stwrte.log

              Entries: 13 (10)
              Directories: 0 Files: 13
              Bytes: 4,563,298 Blocks: 8,919
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              ----a-w 1,810 2008-05-03 17:22:40 C:\avenger.txt
              --s-a-r 8,192 2008-04-30 19:32:08 C:\BOOTSECT.BAK
              --sha-w 2,146,754,560 2008-05-03 20:04:54 C:\hiberfil.sys
              ----a-w 221,806 2008-04-30 10:28:00 C:\khalinstall.log
              --sha-w 2,460,565,504 2008-05-03 20:04:54 C:\pagefile.sys
              ----a-w 49,252 2008-05-02 09:47:04 C:\TurokGame.dmp

              Entries: 6 (3)
              Directories: 0 Files: 6
              Bytes: 4,607,601,124 Blocks: 8,999,223
              ======C:\Users\Dennis\AppData\Roaming======
              ----a-w 22,328 2008-05-02 12:46:39 C:\Users\Dennis\AppData\Roaming\PnkBstrK.sys

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 22,328 Blocks: 44
              ======C:\Temp======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Users\Dennis======
              ----a-w 5,527 2008-04-30 10:41:42 C:\Users\Dennis\eula.txt
              --sha-w 1,572,864 2008-05-03 20:09:27 C:\Users\Dennis\ntuser.dat
              ---ha-w 262,144 2008-05-03 20:09:26 C:\Users\Dennis\ntuser.dat.LOG1
              ---ha-w 0 2008-04-30 09:44:46 C:\Users\Dennis\ntuser.dat.LOG2
              --sha-w 65,536 2008-05-03 19:50:19 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
              --sha-w 524,288 2008-05-03 19:50:19 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
              --sha-w 524,288 2008-04-30 09:44:49 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
              --sh--w 20 2008-04-30 09:44:47 C:\Users\Dennis\ntuser.ini
              ----a-w 8,925 2008-04-30 10:41:09 C:\Users\Dennis\pbgame.htm
              ----a-w 0 2008-04-30 10:41:13 C:\Users\Dennis\pbsec.htm
              ----a-w 0 2008-04-30 10:41:42 C:\Users\Dennis\pbsecsv.htm
              ----a-w 59 2008-04-30 10:40:26 C:\Users\Dennis\pbuser.htm

              Entries: 12 (5)
              Directories: 0 Files: 12
              Bytes: 2,963,651 Blocks: 5,791
              ======C:\Windows\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\Windows\123messenger.per
                C:\Windows\2020search.dll
                C:\Windows\2020search2.dll
                C:\Windows\apphelp32.dll
                C:\Windows\asferror32.dll
                C:\Windows\asycfilt32.dll
                C:\Windows\athprxy32.dll
                C:\Windows\ati2dvaa32.dll
                C:\Windows\ati2dvag32.dll
                C:\Windows\audiosrv32.dll
                C:\Windows\autodisc32.dll
                C:\Windows\avifile32.dll
                C:\Windows\avisynthex32.dll
                C:\Windows\aviwrap32.dll
                C:\Windows\bjam.dll
                C:\Windows\bokja.exe
                C:\Windows\browserad.dll
                C:\Windows\cdsm32.dll
                C:\Windows\changeurl_30.dll
                C:\Windows\default.htm
                C:\Windows\didduid.ini
                C:\Windows\lfn.exe
                C:\Windows\licencia.txt
                C:\Windows\msa64chk.dll
                C:\Windows\msapasrc.dll
                C:\Windows\mspphe.dll
                C:\Windows\mssvr.exe
                C:\Windows\muotr.so
                C:\Windows\ntbtlog.txt
                C:\Windows\ntnut.exe
                C:\Windows\saiemod.dll
                C:\Windows\shdocpe.dll
                C:\Windows\shdocpl.dll
                C:\Windows\stcloader.exe
                C:\Windows\swin32.dll
                C:\Windows\telefonos.txt
                C:\Windows\textos.txt
                C:\Windows\voiceip.dll
                C:\Windows\winsb.dll
                C:\Windows\System32\clkcnt.txt
                C:\Windows\System32\fNnTwGgh.ini
                C:\Windows\System32\fNnTwGgh.ini2
                C:\Windows\System32\lJayVLDV.dll
                C:\Windows\System32\oPIAPHBt.dll
                C:\Windows\System32\spsys.log
                C:\Windows\System32\winfrun32.bin) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Heb hem in veilige modus gerunt, want in normale modus werd bij het deleten van de bestanden steeds access denied.
                  Logje:


                  Deleting files
                  C:\Windows\123messenger.per deleted
                  C:\Windows\2020search.dll deleted
                  C:\Windows\2020search2.dll deleted
                  C:\Windows\apphelp32.dll deleted
                  C:\Windows\asferror32.dll deleted
                  C:\Windows\asycfilt32.dll deleted
                  C:\Windows\athprxy32.dll deleted
                  C:\Windows\ati2dvaa32.dll deleted
                  C:\Windows\ati2dvag32.dll deleted
                  C:\Windows\audiosrv32.dll deleted
                  C:\Windows\autodisc32.dll deleted
                  C:\Windows\avifile32.dll deleted
                  C:\Windows\avisynthex32.dll deleted
                  C:\Windows\aviwrap32.dll deleted
                  C:\Windows\bjam.dll deleted
                  C:\Windows\bokja.exe deleted
                  C:\Windows\browserad.dll deleted
                  C:\Windows\cdsm32.dll deleted
                  C:\Windows\changeurl_30.dll deleted
                  C:\Windows\default.htm deleted
                  C:\Windows\didduid.ini deleted
                  C:\Windows\lfn.exe deleted
                  C:\Windows\licencia.txt deleted
                  C:\Windows\msa64chk.dll deleted
                  C:\Windows\msapasrc.dll deleted
                  C:\Windows\mspphe.dll deleted
                  C:\Windows\mssvr.exe deleted
                  C:\Windows\muotr.so deleted
                  C:\Windows\ntbtlog.txt deleted
                  C:\Windows\ntnut.exe deleted
                  C:\Windows\saiemod.dll deleted
                  C:\Windows\shdocpe.dll deleted
                  C:\Windows\shdocpl.dll deleted
                  C:\Windows\stcloader.exe deleted
                  C:\Windows\swin32.dll deleted
                  C:\Windows\telefonos.txt deleted
                  C:\Windows\textos.txt deleted
                  C:\Windows\voiceip.dll deleted
                  C:\Windows\winsb.dll deleted
                  C:\Windows\System32\clkcnt.txt deleted
                  C:\Windows\System32\fNnTwGgh.ini deleted
                  C:\Windows\System32\fNnTwGgh.ini2 deleted
                  C:\Windows\System32\lJayVLDV.dll not found
                  C:\Windows\System32\oPIAPHBt.dll deleted
                  C:\Windows\System32\spsys.log deleted
                  C:\Windows\System32\winfrun32.bin deleted
                  Last edited by niNsu; 04-05-08, 02:38.

                  Comment


                  • #10
                    Volgens mij is het nu opgelost, ik krijg helemaal geen meldingen meer en mijn computer doet reageert weer normaal. Ook geen problemen meer met mijn usb-toetsenbord. Dat de computer C:\Windows\System32\lJayVLDV.dll niet kon vinden, klopt wel, want hij staat er ook echt niet bij. Lijkt mij probleem opgelost. Bedankt!

                    Comment


                    • #11
                      Mooi zo

                      Je zou het volgende nog kunnen proberen, misschien vinden we nog meer restantjes:
                      Download: RVAXO.exe
                      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
                      • Start de computer in veilige modus.
                      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
                        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
                      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
                      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
                        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
                      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
                      • Post de inhoud van de logfile in je volgende bericht.
                      Post ook een nieuw logje van Hijackthis

                      Download Deckard's System Scanner naar je Bureaublad.
                      • Sluit alle toepassingen en vensters.
                      • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                      • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                      • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

                      Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                      - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                      Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                      Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

                      Comment


                      • #12
                        Done,

                        RVAXO
                        ---RVAXO.exe Updated: 2008-05-04---first run---
                        Uninstallers:

                        Files found:

                        Folders Found:


                        --------------RVAXO.exe last run---------------
                        Not deleted items:

                        --------------RVAXO.exe finished----------------

                        main.txt
                        Deckard's System Scanner v20071014.68
                        Run by Dennis on 2008-05-04 20:32:34
                        Computer is in Normal Mode.
                        --------------------------------------------------------------------------------

                        -- Last 2 Restore Point(s) --
                        2: 2008-05-04 18:09:00 UTC - RP44 - Geïnstalleerd GTAIII
                        1: 2008-05-04 17:55:27 UTC - RP42 - Installed Logitech GamePanel Software 2.02.


                        Backed up registry hives.
                        Performed disk cleanup.



                        -- HijackThis (run as Dennis.exe) ----------------------------------------------

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 20:33:12, on 4-5-2008
                        Platform: Windows Vista SP1 (WinNT 6.00.1905)
                        MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                        Boot mode: Normal

                        Running processes:
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files\Windows Defender\MSASCui.exe
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\Program Files\ESET\ESET Smart Security\egui.exe
                        C:\Windows\ehome\ehtray.exe
                        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                        C:\Program Files\Windows Media Player\wmpnscfg.exe
                        C:\Windows\ehome\ehmsas.exe
                        C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
                        C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
                        C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
                        C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
                        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                        C:\Program Files\Internet Explorer\ieuser.exe
                        C:\Windows\system32\wbem\unsecapp.exe
                        C:\Users\Dennis\Desktop\dss.exe
                        C:\PROGRA~1\TRENDM~1\HIJACK~1\Dennis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        O1 - Hosts: ::1 localhost
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                        O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                        O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
                        O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
                        O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                        O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
                        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O13 - Gopher Prefix:
                        O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                        O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                        O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                        O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
                        O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe (file missing)
                        O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                        O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

                        --
                        End of file - 5105 bytes

                        -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                        backup-20080503-195506-100 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
                        backup-20080503-195506-108 O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll (file missing)
                        backup-20080503-195506-138 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
                        backup-20080503-195506-145 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
                        backup-20080503-195506-152 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
                        backup-20080503-195506-153 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
                        backup-20080503-195506-211 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
                        backup-20080503-195506-344 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
                        backup-20080503-195506-583 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                        backup-20080503-195506-630 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
                        backup-20080503-195506-650 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
                        backup-20080503-195506-713 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
                        backup-20080503-195506-743 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
                        backup-20080503-195506-745 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
                        backup-20080503-195506-825 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
                        backup-20080503-195506-893 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
                        backup-20080503-195506-922 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
                        backup-20080503-195506-933 F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,

                        -- File Associations -----------------------------------------------------------

                        All associations okay.


                        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                        All drivers whitelisted.


                        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                        S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service (file missing)


                        -- Device Manager: Disabled ----------------------------------------------------

                        Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
                        Description: IDT HDMI
                        Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&27B8FD22&0&0001
                        Manufacturer: IDT
                        Name: IDT HDMI
                        PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&27B8FD22&0&0001
                        Service: STHDA


                        -- Files created between 2008-04-04 and 2008-05-04 -----------------------------

                        2008-05-04 20:19:39 0 d-------- C:\RVAXO
                        2008-05-04 20:17:29 817570 --a------ C:\Windows\system32\RVAXO.bat
                        2008-05-04 20:17:29 69632 --a------ C:\Windows\system32\remove.exe
                        2008-05-04 20:09:10 0 d-------- C:\Program Files\Rockstar Games
                        2008-05-04 12:41:57 0 d-------- C:\Program Files\Real Desktop
                        2008-05-03 21:39:28 0 d-------- C:\Program Files\Lavalys
                        2008-05-03 19:19:08 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
                        2008-05-03 17:48:45 0 d-------- C:\Temp
                        2008-05-03 17:29:01 0 d-------- C:\Program Files\Trend Micro
                        2008-05-03 17:05:48 0 d-------- C:\Program Files\CCleaner
                        2008-05-03 16:52:05 0 d-------- C:\bintheredunthat
                        2008-05-03 16:49:02 0 d-------- C:\BFU
                        2008-05-03 16:47:45 5702 --ah----- C:\Windows\nod32restoretemdono.reg
                        2008-05-03 16:47:45 568 --ah----- C:\Windows\nod32fixtemdono.reg
                        2008-05-03 13:48:39 0 d-a------ C:\Users\All Users\TEMP
                        2008-05-03 13:47:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
                        2008-05-03 13:47:25 0 d-------- C:\Program Files\Lavasoft
                        2008-05-03 13:46:53 0 d-------- C:\Program Files\SpywareBlaster
                        2008-05-03 13:44:41 0 d-------- C:\Users\All Users\Prevx
                        2008-05-03 13:38:06 0 d-------- C:\Program Files\Hitman Pro
                        2008-05-03 11:55:27 0 d-------- C:\Users\All Users\avg8
                        2008-05-03 11:55:27 0 d-------- C:\Program Files\AVG
                        2008-05-03 11:25:05 0 d-------- C:\Windows\system32\appmgmt
                        2008-05-03 11:16:15 0 d-------- C:\Users\All Users\ESET
                        2008-05-03 10:43:10 0 d-------- C:\Program Files\LimeWire Turbo Accelerator
                        2008-05-02 17:47:00 0 d-------- C:\Windows\.jagex_cache_32
                        2008-05-02 12:11:58 0 d-------- C:\Program Files\DivX
                        2008-05-02 11:18:09 0 d-------- C:\Windows\system32\AGEIA
                        2008-05-02 11:18:07 0 d-------- C:\Program Files\AGEIA Technologies
                        2008-05-01 23:07:32 664926 --a------ C:\Windows\system32\perfh013.dat
                        2008-05-01 23:07:32 126158 --a------ C:\Windows\system32\perfc013.dat
                        2008-05-01 23:06:34 0 d-------- C:\Windows\nl-NL
                        2008-05-01 23:06:33 0 d-------- C:\Windows\system32\nl
                        2008-05-01 23:06:33 0 d-------- C:\Windows\system32\0413
                        2008-05-01 23:06:27 0 d-------- C:\Windows\system32\drivers\nl-NL
                        2008-05-01 21:48:13 0 d-------- C:\Program Files\IDT
                        2008-05-01 21:47:57 0 d-------- C:\Program Files\Microsoft Silverlight
                        2008-05-01 21:47:47 0 d-------- C:\Program Files\BitLocker
                        2008-05-01 21:36:01 0 d-------- C:\Windows\Sun
                        2008-05-01 21:06:53 0 d-------- C:\Windows\system32\directx
                        2008-05-01 19:48:54 0 d-------- C:\Program Files\Windows Live Safety Center
                        2008-05-01 19:09:13 0 d-------- C:\Program Files\mIRC
                        2008-05-01 16:37:44 0 d-------- C:\Users\All Users\Adobe
                        2008-05-01 16:37:37 0 d-------- C:\Program Files\Common Files\Adobe
                        2008-05-01 16:16:01 0 d-------- C:\Program Files\Teamspeak2_RC2
                        2008-05-01 16:06:37 0 d-------- C:\Users\Dennis\Incomplete
                        2008-05-01 16:04:55 0 d-------- C:\Program Files\Java
                        2008-05-01 16:04:42 0 d-------- C:\Program Files\Common Files\Java
                        2008-05-01 15:57:47 0 d-------- C:\Program Files\LimeWire
                        2008-04-30 21:32:22 0 d-------- C:\Windows\Panther
                        2008-04-30 21:32:07 0 d--hs---- C:\Boot
                        2008-04-30 21:32:00 171136 -rahs---- C:\grldr
                        2008-04-30 20:39:58 0 d-------- C:\Program Files\Sierra Online
                        2008-04-30 16:30:38 0 d-------- C:\Program Files\uTorrent
                        2008-04-30 15:05:54 0 d-------- C:\Program Files\EA SPORTS
                        2008-04-30 14:59:57 0 d-------- C:\Program Files\DAEMON Tools Lite
                        2008-04-30 14:49:55 717296 --a------ C:\Windows\system32\drivers\sptd.sys
                        2008-04-30 14:16:53 0 d-------- C:\Windows\system32\RTCOM
                        2008-04-30 14:16:37 1196032 --a------ C:\Windows\RtlUpd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Update and remove driver Tool>
                        2008-04-30 14:16:36 31232 --a------ C:\Windows\system32\RtkCoInst.dll <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Coinstaller>
                        2008-04-30 14:16:34 2172416 --a------ C:\Windows\system32\RtkAPO.dll <Not Verified; Realtek Semiconductor Corp.; Realtek(r) LFX/GFX DSP component>
                        2008-04-30 14:16:27 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
                        2008-04-30 14:05:32 0 d-------- C:\Windows\PCHEALTH
                        2008-04-30 14:02:33 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
                        2008-04-30 14:02:13 0 d-------- C:\Program Files\Windows Live
                        2008-04-30 14:01:56 0 d-------- C:\Users\All Users\WLInstaller
                        2008-04-30 13:45:12 0 d-------- C:\Program Files\SmartFTP Client
                        2008-04-30 13:44:59 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
                        2008-04-30 12:27:56 0 d-------- C:\Program Files\Common Files\Logishrd
                        2008-04-30 12:27:47 0 d-------- C:\Users\All Users\Logitech
                        2008-04-30 12:27:38 0 d-------- C:\Program Files\Logitech
                        2008-04-30 12:19:22 0 d--hs---- C:\Windows\ftpcache
                        2008-04-30 12:19:02 0 d--h----- C:\Program Files\InstallShield Installation Information
                        2008-04-30 12:13:40 0 d-------- C:\Program Files\Activision
                        2008-04-30 12:12:31 0 d-------- C:\Program Files\Common Files\InstallShield
                        2008-04-30 12:11:20 0 d-------- C:\Program Files\Ventrilo
                        2008-04-30 12:09:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                        2008-04-30 12:09:24 0 d-------- C:\Windows\system32\Macromed
                        2008-04-30 12:03:43 0 d-------- C:\Users\All Users\ATI
                        2008-04-30 12:02:04 0 --a------ C:\Windows\ativpsrm.bin
                        2008-04-30 11:56:03 0 d--hs---- C:\Windows\Installer
                        2008-04-30 11:56:03 0 d-------- C:\Program Files\ATI
                        2008-04-30 11:55:29 0 d-------- C:\Program Files\ATI Technologies
                        2008-04-30 11:54:34 0 d-------- C:\ATI
                        2008-04-30 11:53:37 0 d-------- C:\Users\All Users\Xfire
                        2008-04-30 11:53:37 0 d-------- C:\Program Files\Xfire
                        2008-04-30 11:46:23 0 dr------- C:\Users\Dennis\Searches
                        2008-04-30 11:46:13 0 dr------- C:\Users\Dennis\Contacts
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Templates
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Start Menu
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\SendTo
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Recent
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\PrintHood
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\NetHood
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\My Documents
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Local Settings
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Cookies
                        2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Application Data
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Videos
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Pictures
                        2008-04-30 11:44:46 1572864 --ahs---- C:\Users\Dennis\ntuser.dat
                        2008-04-30 11:44:46 0 d-------- C:\Users\Dennis\Music
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Links
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Favorites
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Downloads
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Documents
                        2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Desktop
                        2008-04-30 11:44:46 0 d--h----- C:\Users\Dennis\AppData
                        2008-04-30 11:40:58 0 d-------- C:\Windows\Debug
                        2008-04-30 11:37:22 0 d-------- C:\Windows\SoftwareDistribution
                        2008-04-30 11:35:14 0 d-------- C:\Windows\CSC
                        2008-04-30 11:33:14 0 d-------- C:\Windows\Prefetch
                        2008-04-30 11:33:07 0 d--hs---- C:\System Volume Information
                        2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


                        -- Find3M Report ---------------------------------------------------------------

                        2008-05-04 20:30:54 0 d-------- C:\Users\Dennis\AppData\Roaming\Xfire
                        2008-05-04 20:25:45 4498 --a------ C:\Windows\system32\perfh019.dat
                        2008-05-04 20:25:45 125472 --a------ C:\Windows\system32\perfc019.dat
                        2008-05-04 20:14:57 0 d-------- C:\Users\Dennis\AppData\Roaming\uTorrent
                        2008-05-04 16:59:19 0 d-------- C:\Users\Dennis\AppData\Roaming\mIRC
                        2008-05-03 23:33:48 0 d-------- C:\Users\Dennis\AppData\Roaming\NoNameScript
                        2008-05-03 13:51:27 0 d-------- C:\Users\Dennis\AppData\Roaming\Lavasoft
                        2008-05-03 12:06:14 0 d-------- C:\Users\Dennis\AppData\Roaming\Logitech
                        2008-05-03 11:18:08 0 d-------- C:\Users\Dennis\AppData\Roaming\ESET
                        2008-05-03 11:07:05 0 d-------- C:\Users\Dennis\AppData\Roaming\LimeWire
                        2008-05-02 11:27:34 0 d-------- C:\Users\Dennis\AppData\Roaming\Touchstone
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Sidebar
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Photo Gallery
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Mail
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Journal
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Collaboration
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Calendar
                        2008-05-01 23:06:36 0 d-------- C:\Program Files\Movie Maker
                        2008-05-01 23:06:35 0 d-------- C:\Program Files\Windows Defender
                        2008-05-01 21:46:18 0 d-------- C:\Program Files\Microsoft Games
                        2008-05-01 16:39:13 0 d-------- C:\Users\Dennis\AppData\Roaming\Adobe
                        2008-05-01 16:37:37 0 d-------- C:\Program Files\Common Files
                        2008-05-01 16:16:07 0 d-------- C:\Users\Dennis\AppData\Roaming\teamspeak2
                        2008-04-30 14:49:54 0 d-------- C:\Users\Dennis\AppData\Roaming\DAEMON Tools
                        2008-04-30 14:24:12 0 d-------- C:\Users\Dennis\AppData\Roaming\WinRAR
                        2008-04-30 13:45:40 0 d-------- C:\Users\Dennis\AppData\Roaming\SmartFTP
                        2008-04-30 12:27:35 0 d-------- C:\Users\Dennis\AppData\Roaming\InstallShield
                        2008-04-30 12:23:38 0 d-------- C:\Users\Dennis\AppData\Roaming\Ventrilo
                        2008-04-30 12:09:56 0 d-------- C:\Users\Dennis\AppData\Roaming\Macromedia
                        2008-04-30 12:03:43 0 d-------- C:\Users\Dennis\AppData\Roaming\ATI
                        2008-04-30 11:46:15 0 d-------- C:\Users\Dennis\AppData\Roaming\Identities


                        -- Registry Dump ---------------------------------------------------------------

                        *Note* empty entries & legit default entries are not shown


                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21-01-2008 04:21]
                        "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21-01-2008 12:17]
                        "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 02:17 C:\Windows\KHALMNPR.Exe]
                        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
                        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
                        "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [13-03-2008 16:48]
                        "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [13-12-2007 17:43]
                        "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [13-12-2007 17:57]

                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21-01-2008 04:21]
                        "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
                        "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21-01-2008 04:23]
                        "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21-01-2008 04:23]

                        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                        Xfire.lnk - C:\Program Files\Xfire\xfire.exe [4/23/2008 12:28:56 AM]

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
                        Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/30/2008 12:28:13 PM]

                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                        "ConsentPromptBehaviorAdmin"=2 (0x2)
                        "EnableUIADesktopToggle"=0 (0x0)

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
                        @="Service"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
                        @="Driver"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
                        @="Driver"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                        @="Volume shadow copy"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
                        @="IEEE 1394 Bus host controllers"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
                        @="SBP2 IEEE 1394 Devices"

                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
                        @="SecurityDevices"

                        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                        LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
                        GPSvcGroup GPSvc


                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bf8abc0-16b5-11dd-b964-0019662eb6e3}]
                        AutoRun\command- G:\Autorun.exe

                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b694db0-1698-11dd-bd99-806e6f6e6963}]
                        AutoRun\command- E:\Setup.exe


                        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
                        C:\Windows\system32\unregmp2.exe /ShowWMP

                        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
                        %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

                        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
                        %SystemRoot%\system32\soundschemes.exe /AddRegistration



                        -- End of Deckard's System Scanner: finished at 2008-05-04 20:33:50 ------------

                        extra.txt
                        Deckard's System Scanner v20071014.68
                        Extra logfile - please post this as an attachment with your post.
                        --------------------------------------------------------------------------------

                        -- System Information ----------------------------------------------------------

                        Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
                        Architecture: X86; Language: English

                        CPU 0: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
                        Percentage of Memory in Use: 32%
                        Physical Memory (total/avail): 2046.58 MiB / 1385.11 MiB
                        Pagefile Memory (total/avail): 4342.46 MiB / 3570.36 MiB
                        Virtual Memory (total/avail): 2047.88 MiB / 1914.43 MiB

                        C: is Fixed (NTFS) - 74.5 GiB total, 36.56 GiB free.
                        D: is Fixed (NTFS) - 298.09 GiB total, 268.94 GiB free.
                        E: is CDROM (CDFS)
                        F: is CDROM (No Media)
                        G: is CDROM (No Media)

                        \\.\PHYSICALDRIVE0 - Hitachi HDT725032VLAT80 ATA Device - 298.09 GiB - 1 partition
                        \PARTITION0 (bootable) - Installable File System - 298.09 GiB - D:

                        \\.\PHYSICALDRIVE1 - WDC WD800BB-75CAA0 ATA Device - 74.5 GiB - 1 partition
                        \PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:



                        -- Security Center -------------------------------------------------------------

                        AUOptions is scheduled to auto-install.
                        Windows Internal Firewall is disabled.

                        FW: ESET Personal firewall v3.0.650.0 (ESET, spol. s r. o.)
                        AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
                        AS: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
                        AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

                        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

                        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


                        -- Environment Variables -------------------------------------------------------

                        ALLUSERSPROFILE=C:\ProgramData
                        APPDATA=C:\Users\Dennis\AppData\Roaming
                        CommonProgramFiles=C:\Program Files\Common Files
                        COMPUTERNAME=DENNIS-PC
                        ComSpec=C:\Windows\system32\cmd.exe
                        DFSTRACINGON=FALSE
                        FP_NO_HOST_CHECK=NO
                        HOMEDRIVE=C:
                        HOMEPATH=\Users\Dennis
                        LOCALAPPDATA=C:\Users\Dennis\AppData\Local
                        LOGONSERVER=\\DENNIS-PC
                        NUMBER_OF_PROCESSORS=2
                        OS=Windows_NT
                        Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
                        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                        PROCESSOR_ARCHITECTURE=x86
                        PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
                        PROCESSOR_LEVEL=6
                        PROCESSOR_REVISION=0f02
                        ProgramData=C:\ProgramData
                        ProgramFiles=C:\Program Files
                        PROMPT=$P$G
                        PUBLIC=C:\Users\Public
                        SystemDrive=C:
                        SystemRoot=C:\Windows
                        TEMP=C:\Users\Dennis\AppData\Local\Temp
                        TMP=C:\Users\Dennis\AppData\Local\Temp
                        TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
                        USERDOMAIN=Dennis-PC
                        USERNAME=Dennis
                        USERPROFILE=C:\Users\Dennis
                        windir=C:\Windows


                        -- User Profiles ---------------------------------------------------------------

                        Dennis


                        -- Add/Remove Programs ---------------------------------------------------------

                        --> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
                        Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
                        Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
                        Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
                        AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
                        µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
                        Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
                        Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
                        Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
                        Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
                        Catalyst Control Center - Branding --> MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
                        CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
                        CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
                        DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
                        EA*SPORTS™ NBA*LIVE*08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
                        ESET Smart Security --> MsiExec.exe /I{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}
                        EVEREST Ultimate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
                        FreeStyle Street Basketball(TM) --> C:\Program Files\InstallShield Installation Information\{E192E363-0D29-4D22-B034-F2E457CC0660}\setup.exe -runfromtemp -l0x0009 -removeonly
                        GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x13
                        HijackThis 2.0.2 --> "C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8CQLVVA\HijackThis.exe" /uninstall
                        Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
                        Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
                        KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
                        Logitech GamePanel Software 2.02 --> MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
                        Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0013 -removeonly
                        Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
                        Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
                        mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
                        NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
                        NoNameScript --> C:\Users\Dennis\AppData\Roaming\NoNameScript\nnuninstall.exe
                        Real Desktop 1.15 --> "C:\Program Files\Real Desktop\unins000.exe"
                        SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
                        SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
                        SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
                        TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
                        Turok --> C:\Program Files\InstallShield Installation Information\{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}\setup.exe -runfromtemp -l0x0009Turok -removeonly
                        Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
                        Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
                        Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
                        Windows Live Mail --> MsiExec.exe /I{DB8DEC88-4D53-4A3A-964A-D22509D27455}
                        Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
                        Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
                        Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
                        Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
                        WinRAR --> C:\Program Files\WinRAR\uninstall.exe
                        Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


                        -- Application Event Log -------------------------------------------------------

                        Event Record #/Type1845 / Error
                        Event Submitted/Written: 05/04/2008 08:23:08 PM
                        Event ID/Source: 33 / SideBySide
                        Event Description:
                        Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
                        Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
                        Please use sxstrace.exe for detailed diagnosis.

                        Event Record #/Type1844 / Error
                        Event Submitted/Written: 05/04/2008 08:23:07 PM
                        Event ID/Source: 33 / SideBySide
                        Event Description:
                        Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
                        Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
                        Please use sxstrace.exe for detailed diagnosis.

                        Event Record #/Type1843 / Error
                        Event Submitted/Written: 05/04/2008 08:23:00 PM
                        Event ID/Source: 33 / SideBySide
                        Event Description:
                        Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
                        Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
                        Please use sxstrace.exe for detailed diagnosis.

                        Event Record #/Type1841 / Error
                        Event Submitted/Written: 05/04/2008 08:20:58 PM
                        Event ID/Source: 10 / WinMgmt
                        Event Description:
                        //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

                        Event Record #/Type1837 / Success
                        Event Submitted/Written: 05/04/2008 08:19:27 PM
                        Event ID/Source: 5617 / WinMgmt
                        Event Description:




                        -- Security Event Log ----------------------------------------------------------

                        No Errors/Warnings found.


                        -- System Event Log ------------------------------------------------------------

                        Event Record #/Type11601 / Warning
                        Event Submitted/Written: 05/04/2008 08:33:20 PM
                        Event ID/Source: 3004 / WinDefend
                        Event Description:
                        %Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

                        For more information please see the following:
                        %Dennis-PC275

                        Scan ID: {39B80684-3234-4A56-A3E5-9CD88B2434AC}

                        User: Dennis-PC\Dennis

                        Name: %Dennis-PC271

                        ID: %Dennis-PC272

                        Severity ID: %Dennis-PC273

                        Category ID: %Dennis-PC274

                        Path Found: %Dennis-PC276

                        Alert Type: %Dennis-PC278

                        Detection Type: 1.1.1600.02

                        Event Record #/Type11600 / Warning
                        Event Submitted/Written: 05/04/2008 08:33:20 PM
                        Event ID/Source: 3004 / WinDefend
                        Event Description:
                        %Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

                        For more information please see the following:
                        %Dennis-PC275

                        Scan ID: {37C5FE72-4F0F-4C83-9033-C8A23A2F75CF}

                        User: Dennis-PC\Dennis

                        Name: %Dennis-PC271

                        ID: %Dennis-PC272

                        Severity ID: %Dennis-PC273

                        Category ID: %Dennis-PC274

                        Path Found: %Dennis-PC276

                        Alert Type: %Dennis-PC278

                        Detection Type: 1.1.1600.02

                        Event Record #/Type11599 / Warning
                        Event Submitted/Written: 05/04/2008 08:33:20 PM
                        Event ID/Source: 3004 / WinDefend
                        Event Description:
                        %Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

                        For more information please see the following:
                        %Dennis-PC275

                        Scan ID: {39536044-2AAC-45D3-B187-47FB1A10826F}

                        User: Dennis-PC\Dennis

                        Name: %Dennis-PC271

                        ID: %Dennis-PC272

                        Severity ID: %Dennis-PC273

                        Category ID: %Dennis-PC274

                        Path Found: %Dennis-PC276

                        Alert Type: %Dennis-PC278

                        Detection Type: 1.1.1600.02

                        Event Record #/Type11598 / Warning
                        Event Submitted/Written: 05/04/2008 08:33:17 PM
                        Event ID/Source: 3004 / WinDefend
                        Event Description:
                        %Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

                        For more information please see the following:
                        %Dennis-PC275

                        Scan ID: {35CB28C6-F0E1-40F0-8C4A-051DCEC50824}

                        User: Dennis-PC\Dennis

                        Name: %Dennis-PC271

                        ID: %Dennis-PC272

                        Severity ID: %Dennis-PC273

                        Category ID: %Dennis-PC274

                        Path Found: %Dennis-PC276

                        Alert Type: %Dennis-PC278

                        Detection Type: 1.1.1600.02

                        Event Record #/Type11597 / Warning
                        Event Submitted/Written: 05/04/2008 08:33:17 PM
                        Event ID/Source: 3004 / WinDefend
                        Event Description:
                        %Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

                        For more information please see the following:
                        %Dennis-PC275

                        Scan ID: {FDDFB83C-730E-46E7-8B13-42C39257ABA1}

                        User: Dennis-PC\Dennis

                        Name: %Dennis-PC271

                        ID: %Dennis-PC272

                        Severity ID: %Dennis-PC273

                        Category ID: %Dennis-PC274

                        Path Found: %Dennis-PC276

                        Alert Type: %Dennis-PC278

                        Detection Type: 1.1.1600.02



                        -- End of Deckard's System Scanner: finished at 2008-05-04 20:33:50 ------------

                        Comment


                        • #13
                          Zou je deze stap eens in veilige modus willen proberen:

                          Start - Uitvoeren en geef bij het invulvenster de volgende regel in:
                          sc delete MsSecurity1.209.4
                          Druk op OK.

                          Herstart naar normale modus en post een nieuw logje van Hijackthis

                          Comment


                          • #14
                            Ook gedaan ,
                            Logje van hijackthis:
                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 0:25:24, on 5-5-2008
                            Platform: Windows Vista SP1 (WinNT 6.00.1905)
                            MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                            Boot mode: Normal

                            Running processes:
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\Explorer.EXE
                            C:\Program Files\Windows Defender\MSASCui.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                            C:\Program Files\ESET\ESET Smart Security\egui.exe
                            C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
                            C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
                            C:\Program Files\Windows Sidebar\sidebar.exe
                            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                            C:\Windows\ehome\ehtray.exe
                            C:\Program Files\Windows Media Player\wmpnscfg.exe
                            C:\Program Files\Xfire\xfire.exe
                            C:\Windows\ehome\ehmsas.exe
                            C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
                            C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
                            C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
                            C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
                            C:\Program Files\Internet Explorer\ieuser.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Windows\system32\wbem\unsecapp.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                            C:\Program Files\Xfire\xfire.exe
                            C:\Windows\system32\SearchFilterHost.exe
                            C:\Windows\system32\SearchProtocolHost.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            O1 - Hosts: ::1 localhost
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                            O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                            O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                            O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
                            O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
                            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                            O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
                            O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O13 - Gopher Prefix:
                            O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                            O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
                            O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                            O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

                            --
                            End of file - 5555 bytes

                            Comment


                            • #15
                              Logje ziet er goed uit

                              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                              Kijk hier hoe je je systeemherstel moet uitschakelen.
                              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                              Dan denk ik dat het wel weer OK is

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X