Download The Avenger en pak het programma uit op je bureaublad.
Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


Files to delete:
C:\Windows\winself.exe
C:\Windows\system32\hgGwTnNf.dll
C:\Windows\system32\wmsdkns.exe

Klik daarna op de knop Execute.
The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

Bedankt alvast, hieronder de log van The Avenger.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\winself.exe" not found!
Deletion of file "C:\Windows\winself.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\hgGwTnNf.dll" deleted successfully.

Error: file "C:\Windows\system32\wmsdkns.exe" not found!
Deletion of file "C:\Windows\system32\wmsdkns.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


En dan de nieuwe log van HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:18, on 3-5-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\wmsdkns.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 7112 bytes


Heb trouwens in de 5 minuten dat de computer is opgestart nog geen 'melding' gekregen van dat ik spyware op mn computer heb.

Volgens je logje is er niets veranderd?

Rechtsklik Hijackthis en kies voor "Run as administrator".
Start Hijackthis en plaats alleen een vinkje voor de volgende regels:
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Ga naar Start - Uitvoeren en geef hier het volgende in:
sc delete MsSecurity1.209.4
Druk daarna op OK.

Herstart de computer.

Start Hijackthis, maak een nieuw logje en post deze in je volgende bericht

Nu is er wel wat verandert, al te zien aan het aantal bytes dat de log bevat.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:12, on 3-5-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 5635 bytes

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

Done,

======C:\Windows====
----a-w 23,040 2008-05-03 14:40:29 C:\Windows\123messenger.per
----a-w 29,184 2008-05-03 14:40:39 C:\Windows\2020search.dll
----a-w 26,624 2008-05-03 14:40:39 C:\Windows\2020search2.dll
----a-w 25,600 2008-05-03 14:40:16 C:\Windows\apphelp32.dll
----a-w 17,408 2008-05-03 14:40:16 C:\Windows\asferror32.dll
----a-w 11,008 2008-05-03 14:40:16 C:\Windows\asycfilt32.dll
----a-w 22,528 2008-05-03 14:40:17 C:\Windows\athprxy32.dll
----a-w 21,504 2008-05-03 14:40:17 C:\Windows\ati2dvaa32.dll
----a-w 25,344 2008-05-03 14:40:17 C:\Windows\ati2dvag32.dll
----a-w 0 2008-04-30 10:02:04 C:\Windows\ativpsrm.bin
----a-w 31,744 2008-05-03 14:40:18 C:\Windows\audiosrv32.dll
----a-w 24,576 2008-05-03 14:40:18 C:\Windows\autodisc32.dll
----a-w 16,640 2008-05-03 14:40:18 C:\Windows\avifile32.dll
----a-w 17,408 2008-05-03 14:40:19 C:\Windows\avisynthex32.dll
----a-w 31,488 2008-05-03 14:40:19 C:\Windows\aviwrap32.dll
----a-w 16,384 2008-05-03 14:40:39 C:\Windows\bjam.dll
----a-w 19,200 2008-05-03 14:40:41 C:\Windows\bokja.exe
--s-a-w 67,584 2008-05-03 20:04:58 C:\Windows\bootstat.dat
----a-w 15,872 2008-05-03 14:40:19 C:\Windows\browserad.dll
----a-w 10,752 2008-05-03 14:40:41 C:\Windows\cdsm32.dll
----a-w 24,832 2008-05-03 14:40:15 C:\Windows\changeurl_30.dll
----a-w 1,916 2008-05-03 15:17:07 C:\Windows\default.htm
----a-w 15,872 2008-05-03 14:40:33 C:\Windows\didduid.ini
----a-w 319,456 2008-05-01 14:18:15 C:\Windows\DIFxAPI.dll
----a-w 319 2008-05-02 12:46:15 C:\Windows\game.ini
----a-w 315,392 2008-04-30 12:16:28 C:\Windows\HideWin.exe
----a-w 87,979 2008-05-03 08:43:41 C:\Windows\lfn.exe
----a-w 22,016 2008-05-03 14:40:29 C:\Windows\licencia.txt
--sh--r 138 2008-05-03 08:43:26 C:\Windows\mainms.vpi
------w 4 2008-05-03 15:14:31 C:\Windows\megavid.cdt
----a-w 147,902,029 2008-05-03 20:04:53 C:\Windows\MEMORY.DMP
----a-w 26,880 2008-05-03 14:40:29 C:\Windows\msa64chk.dll
----a-w 16,896 2008-05-03 14:40:29 C:\Windows\msapasrc.dll
----a-w 17,664 2008-05-03 14:40:40 C:\Windows\mspphe.dll
----a-w 31,488 2008-05-03 14:40:40 C:\Windows\mssvr.exe
--sh--r 33 2008-05-03 15:18:40 C:\Windows\muotr.so
----a-w 180,028 2008-05-03 15:16:46 C:\Windows\ntbtlog.txt
----a-w 32,512 2008-05-03 14:40:21 C:\Windows\ntnut.exe
----a-w 1,834 2008-05-03 15:15:31 C:\Windows\PFRO.log
----a-w 1,196,032 2008-04-02 07:27:26 C:\Windows\RtlUpd.exe
----a-w 10,496 2008-05-03 14:40:33 C:\Windows\saiemod.dll
----a-w 26,624 2008-05-03 14:40:20 C:\Windows\shdocpe.dll
----a-w 27,136 2008-05-03 14:40:21 C:\Windows\shdocpl.dll
----a-w 11,776 2008-05-03 14:40:43 C:\Windows\stcloader.exe
----a-w 10,496 2008-05-03 14:40:41 C:\Windows\swin32.dll
----a-w 9,984 2008-05-03 14:40:29 C:\Windows\telefonos.txt
----a-w 16,384 2008-05-03 14:40:29 C:\Windows\textos.txt
----a-w 19,968 2008-05-03 14:40:42 C:\Windows\voiceip.dll
----a-w 577,985 2008-05-03 19:50:21 C:\Windows\WindowsUpdate.log
----a-w 27,648 2008-05-03 14:40:19 C:\Windows\winsb.dll

Entries: 50 (47)
Directories: 0 Files: 50
Bytes: 151,385,705 Blocks: 295,687
======C:\Windows\system32=====
---ha-w 3,760 2008-05-03 20:05:03 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
---ha-w 3,760 2008-05-03 20:05:03 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
----a-w 47,104 2008-03-29 03:41:35 C:\Windows\System32\amdpcom32.dll
----a-w 43,520 2008-03-29 04:18:38 C:\Windows\System32\ati2edxx.dll
----a-w 253,952 2008-03-29 04:18:29 C:\Windows\System32\Ati2evxx.dll
----a-w 667,648 2008-03-29 04:17:21 C:\Windows\System32\Ati2evxx.exe
----a-w 372,736 2008-03-29 04:19:21 C:\Windows\System32\ATIDEMGX.dll
----a-w 1,499,136 2008-03-29 04:10:09 C:\Windows\System32\atidxx32.dll
----a-w 9,662,464 2008-03-29 04:12:48 C:\Windows\System32\atioglxx.dll
----a-w 315,392 2008-03-29 04:18:59 C:\Windows\System32\atipdlxx.dll
----a-w 159,744 2008-03-29 04:19:10 C:\Windows\System32\atitmmxx.dll
----a-w 3,074,560 2008-03-29 04:05:15 C:\Windows\System32\atiumdag.dll
----a-w 3,107,788 2008-03-29 03:51:09 C:\Windows\System32\atiumdva.dat
----a-w 4,088,320 2008-03-29 03:51:31 C:\Windows\System32\atiumdva.dll
----a-w 0 2008-05-03 14:44:23 C:\Windows\System32\clkcnt.txt
--sha-w 6,572 2008-05-03 15:08:10 C:\Windows\System32\fNnTwGgh.ini
--sha-w 6,572 2008-05-03 15:05:10 C:\Windows\System32\fNnTwGgh.ini2
----a-w 228,896 2008-04-30 10:02:24 C:\Windows\System32\FNTCACHE.DAT
----a-w 678,408 2008-03-12 20:21:01 C:\Windows\System32\gpprefcl.dll
----a-w 6,242 2008-05-01 14:05:41 C:\Windows\System32\jupdate-1.6.0_05-b13.log
----a-w 34,064 2008-05-01 14:16:03 C:\Windows\System32\lhacm.acm
----a-w 1,044,480 2008-03-21 20:30:00 C:\Windows\System32\libdivx.dll
----a-w 49,052 2008-04-30 09:38:52 C:\Windows\System32\license.rtf
----a-w 45,056 2008-05-03 08:40:40 C:\Windows\System32\lJayVLDV.dll
----a-w 19,836,024 2008-04-05 20:56:22 C:\Windows\System32\mrt.exe
----a-w 249,856 2008-03-29 04:18:49 C:\Windows\System32\Oemdspif.dll
----a-w 43,008 2008-05-03 08:40:39 C:\Windows\System32\oPIAPHBt.dll
----a-w 101,052 2008-05-03 19:59:03 C:\Windows\System32\perfc009.dat
----a-w 126,158 2008-05-03 19:59:03 C:\Windows\System32\perfc013.dat
----a-w 125,472 2008-05-03 19:59:03 C:\Windows\System32\perfc019.dat
----a-w 41,976 2008-05-01 21:05:39 C:\Windows\System32\perfd013.dat
----a-w 586,980 2008-05-03 19:59:03 C:\Windows\System32\perfh009.dat
----a-w 664,926 2008-05-03 19:59:03 C:\Windows\System32\perfh013.dat
----a-w 644,592 2008-05-03 19:59:03 C:\Windows\System32\perfh019.dat
----a-w 336,440 2008-05-01 21:05:39 C:\Windows\System32\perfi013.dat
----a-w 2,239,730 2008-05-03 19:59:03 C:\Windows\System32\PerfStringBackup.INI
----a-w 66,872 2008-05-02 13:03:15 C:\Windows\System32\PnkBstrA.exe
----a-w 107,832 2008-05-03 18:17:52 C:\Windows\System32\PnkBstrB.exe
----a-w 2,172,416 2008-04-16 12:28:08 C:\Windows\System32\RtkAPO.dll
----a-w 31,232 2008-04-03 14:51:16 C:\Windows\System32\RtkCoInst.dll
----a-w 38,400 2008-04-11 15:23:54 C:\Windows\System32\SoundSchemes.exe
----a-w 552 2008-05-03 14:01:51 C:\Windows\System32\spsys.log
----a-w 200,704 2008-03-21 20:30:00 C:\Windows\System32\ssldivx.dll
----a-w 4 2008-05-03 08:43:42 C:\Windows\System32\winfrun32.bin
----a-w 41,296 2008-04-22 22:28:58 C:\Windows\System32\xfcodec.dll

Entries: 45 (41)
Directories: 0 Files: 45
Bytes: 53,054,748 Blocks: 103,636
======C:\Windows\system32\drivers=====
----a-w 49,152 2008-03-29 03:29:32 C:\Windows\System32\drivers\ati2erec.dll
----a-w 3,544,064 2008-03-29 06:24:16 C:\Windows\System32\drivers\atikmdag.sys
----a-w 40,456 2008-03-13 14:43:42 C:\Windows\System32\drivers\eamon.sys
----a-w 29,704 2008-03-13 14:44:36 C:\Windows\System32\drivers\easdrv.sys
----a-w 71,176 2008-03-13 14:52:12 C:\Windows\System32\drivers\epfw.sys
----a-w 30,728 2008-03-13 14:52:16 C:\Windows\System32\drivers\epfwndis.sys
----a-w 54,280 2008-03-13 14:52:16 C:\Windows\System32\drivers\epfwtdi.sys
---ha-w 0 2008-04-30 10:31:56 C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
---ha-w 0 2008-04-30 10:31:30 C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
---ha-w 0 2008-04-30 10:34:26 C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
----a-w 22,328 2008-05-03 18:17:59 C:\Windows\System32\drivers\PnkBstrK.sys
----a-w 717,296 2008-04-30 12:49:55 C:\Windows\System32\drivers\sptd.sys
----a-w 4,114 2008-05-03 20:04:51 C:\Windows\System32\drivers\stwrte.log

Entries: 13 (10)
Directories: 0 Files: 13
Bytes: 4,563,298 Blocks: 8,919
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 1,810 2008-05-03 17:22:40 C:\avenger.txt
--s-a-r 8,192 2008-04-30 19:32:08 C:\BOOTSECT.BAK
--sha-w 2,146,754,560 2008-05-03 20:04:54 C:\hiberfil.sys
----a-w 221,806 2008-04-30 10:28:00 C:\khalinstall.log
--sha-w 2,460,565,504 2008-05-03 20:04:54 C:\pagefile.sys
----a-w 49,252 2008-05-02 09:47:04 C:\TurokGame.dmp

Entries: 6 (3)
Directories: 0 Files: 6
Bytes: 4,607,601,124 Blocks: 8,999,223
======C:\Users\Dennis\AppData\Roaming======
----a-w 22,328 2008-05-02 12:46:39 C:\Users\Dennis\AppData\Roaming\PnkBstrK.sys

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 22,328 Blocks: 44
======C:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Users\Dennis======
----a-w 5,527 2008-04-30 10:41:42 C:\Users\Dennis\eula.txt
--sha-w 1,572,864 2008-05-03 20:09:27 C:\Users\Dennis\ntuser.dat
---ha-w 262,144 2008-05-03 20:09:26 C:\Users\Dennis\ntuser.dat.LOG1
---ha-w 0 2008-04-30 09:44:46 C:\Users\Dennis\ntuser.dat.LOG2
--sha-w 65,536 2008-05-03 19:50:19 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
--sha-w 524,288 2008-05-03 19:50:19 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
--sha-w 524,288 2008-04-30 09:44:49 C:\Users\Dennis\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
--sh--w 20 2008-04-30 09:44:47 C:\Users\Dennis\ntuser.ini
----a-w 8,925 2008-04-30 10:41:09 C:\Users\Dennis\pbgame.htm
----a-w 0 2008-04-30 10:41:13 C:\Users\Dennis\pbsec.htm
----a-w 0 2008-04-30 10:41:42 C:\Users\Dennis\pbsecsv.htm
----a-w 59 2008-04-30 10:40:26 C:\Users\Dennis\pbuser.htm

Entries: 12 (5)
Directories: 0 Files: 12
Bytes: 2,963,651 Blocks: 5,791
======C:\Windows\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\Windows\123messenger.per
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\browserad.dll
C:\Windows\cdsm32.dll
C:\Windows\changeurl_30.dll
C:\Windows\default.htm
C:\Windows\didduid.ini
C:\Windows\lfn.exe
C:\Windows\licencia.txt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\muotr.so
C:\Windows\ntbtlog.txt
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\telefonos.txt
C:\Windows\textos.txt
C:\Windows\voiceip.dll
C:\Windows\winsb.dll
C:\Windows\System32\clkcnt.txt
C:\Windows\System32\fNnTwGgh.ini
C:\Windows\System32\fNnTwGgh.ini2
C:\Windows\System32\lJayVLDV.dll
C:\Windows\System32\oPIAPHBt.dll
C:\Windows\System32\spsys.log
C:\Windows\System32\winfrun32.bin) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Heb hem in veilige modus gerunt, want in normale modus werd bij het deleten van de bestanden steeds access denied.
Logje:

Deleting files
C:\Windows\123messenger.per deleted
C:\Windows\2020search.dll deleted
C:\Windows\2020search2.dll deleted
C:\Windows\apphelp32.dll deleted
C:\Windows\asferror32.dll deleted
C:\Windows\asycfilt32.dll deleted
C:\Windows\athprxy32.dll deleted
C:\Windows\ati2dvaa32.dll deleted
C:\Windows\ati2dvag32.dll deleted
C:\Windows\audiosrv32.dll deleted
C:\Windows\autodisc32.dll deleted
C:\Windows\avifile32.dll deleted
C:\Windows\avisynthex32.dll deleted
C:\Windows\aviwrap32.dll deleted
C:\Windows\bjam.dll deleted
C:\Windows\bokja.exe deleted
C:\Windows\browserad.dll deleted
C:\Windows\cdsm32.dll deleted
C:\Windows\changeurl_30.dll deleted
C:\Windows\default.htm deleted
C:\Windows\didduid.ini deleted
C:\Windows\lfn.exe deleted
C:\Windows\licencia.txt deleted
C:\Windows\msa64chk.dll deleted
C:\Windows\msapasrc.dll deleted
C:\Windows\mspphe.dll deleted
C:\Windows\mssvr.exe deleted
C:\Windows\muotr.so deleted
C:\Windows\ntbtlog.txt deleted
C:\Windows\ntnut.exe deleted
C:\Windows\saiemod.dll deleted
C:\Windows\shdocpe.dll deleted
C:\Windows\shdocpl.dll deleted
C:\Windows\stcloader.exe deleted
C:\Windows\swin32.dll deleted
C:\Windows\telefonos.txt deleted
C:\Windows\textos.txt deleted
C:\Windows\voiceip.dll deleted
C:\Windows\winsb.dll deleted
C:\Windows\System32\clkcnt.txt deleted
C:\Windows\System32\fNnTwGgh.ini deleted
C:\Windows\System32\fNnTwGgh.ini2 deleted
C:\Windows\System32\lJayVLDV.dll not found
C:\Windows\System32\oPIAPHBt.dll deleted
C:\Windows\System32\spsys.log deleted
C:\Windows\System32\winfrun32.bin deleted

Volgens mij is het nu opgelost, ik krijg helemaal geen meldingen meer en mijn computer doet reageert weer normaal. Ook geen problemen meer met mijn usb-toetsenbord. Dat de computer C:\Windows\System32\lJayVLDV.dll niet kon vinden, klopt wel, want hij staat er ook echt niet bij. Lijkt mij probleem opgelost. Bedankt!

Mooi zo

Je zou het volgende nog kunnen proberen, misschien vinden we nog meer restantjes:
Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Start de computer in veilige modus.
• Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Post ook een nieuw logje van Hijackthis

Download Deckard's System Scanner naar je Bureaublad.

• Sluit alle toepassingen en vensters.
• Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
• Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
• Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Done,

RVAXO
---RVAXO.exe Updated: 2008-05-04---first run---
Uninstallers:

Files found:

Folders Found:


--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

main.txt
Deckard's System Scanner v20071014.68
Run by Dennis on 2008-05-04 20:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-05-04 18:09:00 UTC - RP44 - Geïnstalleerd GTAIII
1: 2008-05-04 17:55:27 UTC - RP42 - Installed Logitech GamePanel Software 2.02.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dennis.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:12, on 4-5-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Dennis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dennis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 5105 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080503-195506-100 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080503-195506-108 O2 - BHO: (no name) - {098F8184-486E-4A4E-87B4-9DDE76E821ED} - C:\Windows\system32\hgGwTnNf.dll (file missing)
backup-20080503-195506-138 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080503-195506-145 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080503-195506-152 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080503-195506-153 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080503-195506-211 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080503-195506-344 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080503-195506-583 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080503-195506-630 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080503-195506-650 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080503-195506-713 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080503-195506-743 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080503-195506-745 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080503-195506-825 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080503-195506-893 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080503-195506-922 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080503-195506-933 F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: IDT HDMI
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&27B8FD22&0&0001
Manufacturer: IDT
Name: IDT HDMI
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&27B8FD22&0&0001
Service: STHDA


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 20:19:39 0 d-------- C:\RVAXO
2008-05-04 20:17:29 817570 --a------ C:\Windows\system32\RVAXO.bat
2008-05-04 20:17:29 69632 --a------ C:\Windows\system32\remove.exe
2008-05-04 20:09:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-04 12:41:57 0 d-------- C:\Program Files\Real Desktop
2008-05-03 21:39:28 0 d-------- C:\Program Files\Lavalys
2008-05-03 19:19:08 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-03 17:48:45 0 d-------- C:\Temp
2008-05-03 17:29:01 0 d-------- C:\Program Files\Trend Micro
2008-05-03 17:05:48 0 d-------- C:\Program Files\CCleaner
2008-05-03 16:52:05 0 d-------- C:\bintheredunthat
2008-05-03 16:49:02 0 d-------- C:\BFU
2008-05-03 16:47:45 5702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-05-03 16:47:45 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-05-03 13:48:39 0 d-a------ C:\Users\All Users\TEMP
2008-05-03 13:47:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-03 13:47:25 0 d-------- C:\Program Files\Lavasoft
2008-05-03 13:46:53 0 d-------- C:\Program Files\SpywareBlaster
2008-05-03 13:44:41 0 d-------- C:\Users\All Users\Prevx
2008-05-03 13:38:06 0 d-------- C:\Program Files\Hitman Pro
2008-05-03 11:55:27 0 d-------- C:\Users\All Users\avg8
2008-05-03 11:55:27 0 d-------- C:\Program Files\AVG
2008-05-03 11:25:05 0 d-------- C:\Windows\system32\appmgmt
2008-05-03 11:16:15 0 d-------- C:\Users\All Users\ESET
2008-05-03 10:43:10 0 d-------- C:\Program Files\LimeWire Turbo Accelerator
2008-05-02 17:47:00 0 d-------- C:\Windows\.jagex_cache_32
2008-05-02 12:11:58 0 d-------- C:\Program Files\DivX
2008-05-02 11:18:09 0 d-------- C:\Windows\system32\AGEIA
2008-05-02 11:18:07 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-01 23:07:32 664926 --a------ C:\Windows\system32\perfh013.dat
2008-05-01 23:07:32 126158 --a------ C:\Windows\system32\perfc013.dat
2008-05-01 23:06:34 0 d-------- C:\Windows\nl-NL
2008-05-01 23:06:33 0 d-------- C:\Windows\system32\nl
2008-05-01 23:06:33 0 d-------- C:\Windows\system32\0413
2008-05-01 23:06:27 0 d-------- C:\Windows\system32\drivers\nl-NL
2008-05-01 21:48:13 0 d-------- C:\Program Files\IDT
2008-05-01 21:47:57 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-01 21:47:47 0 d-------- C:\Program Files\BitLocker
2008-05-01 21:36:01 0 d-------- C:\Windows\Sun
2008-05-01 21:06:53 0 d-------- C:\Windows\system32\directx
2008-05-01 19:48:54 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-01 19:09:13 0 d-------- C:\Program Files\mIRC
2008-05-01 16:37:44 0 d-------- C:\Users\All Users\Adobe
2008-05-01 16:37:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-01 16:16:01 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-01 16:06:37 0 d-------- C:\Users\Dennis\Incomplete
2008-05-01 16:04:55 0 d-------- C:\Program Files\Java
2008-05-01 16:04:42 0 d-------- C:\Program Files\Common Files\Java
2008-05-01 15:57:47 0 d-------- C:\Program Files\LimeWire
2008-04-30 21:32:22 0 d-------- C:\Windows\Panther
2008-04-30 21:32:07 0 d--hs---- C:\Boot
2008-04-30 21:32:00 171136 -rahs---- C:\grldr
2008-04-30 20:39:58 0 d-------- C:\Program Files\Sierra Online
2008-04-30 16:30:38 0 d-------- C:\Program Files\uTorrent
2008-04-30 15:05:54 0 d-------- C:\Program Files\EA SPORTS
2008-04-30 14:59:57 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-30 14:49:55 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-04-30 14:16:53 0 d-------- C:\Windows\system32\RTCOM
2008-04-30 14:16:37 1196032 --a------ C:\Windows\RtlUpd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Update and remove driver Tool>
2008-04-30 14:16:36 31232 --a------ C:\Windows\system32\RtkCoInst.dll <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Coinstaller>
2008-04-30 14:16:34 2172416 --a------ C:\Windows\system32\RtkAPO.dll <Not Verified; Realtek Semiconductor Corp.; Realtek(r) LFX/GFX DSP component>
2008-04-30 14:16:27 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-30 14:05:32 0 d-------- C:\Windows\PCHEALTH
2008-04-30 14:02:33 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-30 14:02:13 0 d-------- C:\Program Files\Windows Live
2008-04-30 14:01:56 0 d-------- C:\Users\All Users\WLInstaller
2008-04-30 13:45:12 0 d-------- C:\Program Files\SmartFTP Client
2008-04-30 13:44:59 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-30 12:27:56 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-30 12:27:47 0 d-------- C:\Users\All Users\Logitech
2008-04-30 12:27:38 0 d-------- C:\Program Files\Logitech
2008-04-30 12:19:22 0 d--hs---- C:\Windows\ftpcache
2008-04-30 12:19:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 12:13:40 0 d-------- C:\Program Files\Activision
2008-04-30 12:12:31 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-30 12:11:20 0 d-------- C:\Program Files\Ventrilo
2008-04-30 12:09:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:09:24 0 d-------- C:\Windows\system32\Macromed
2008-04-30 12:03:43 0 d-------- C:\Users\All Users\ATI
2008-04-30 12:02:04 0 --a------ C:\Windows\ativpsrm.bin
2008-04-30 11:56:03 0 d--hs---- C:\Windows\Installer
2008-04-30 11:56:03 0 d-------- C:\Program Files\ATI
2008-04-30 11:55:29 0 d-------- C:\Program Files\ATI Technologies
2008-04-30 11:54:34 0 d-------- C:\ATI
2008-04-30 11:53:37 0 d-------- C:\Users\All Users\Xfire
2008-04-30 11:53:37 0 d-------- C:\Program Files\Xfire
2008-04-30 11:46:23 0 dr------- C:\Users\Dennis\Searches
2008-04-30 11:46:13 0 dr------- C:\Users\Dennis\Contacts
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Templates
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Start Menu
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\SendTo
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Recent
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\PrintHood
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\NetHood
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\My Documents
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Local Settings
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Cookies
2008-04-30 11:44:47 0 d--hs---- C:\Users\Dennis\Application Data
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Videos
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Pictures
2008-04-30 11:44:46 1572864 --ahs---- C:\Users\Dennis\ntuser.dat
2008-04-30 11:44:46 0 d-------- C:\Users\Dennis\Music
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Links
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Favorites
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Downloads
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Documents
2008-04-30 11:44:46 0 dr------- C:\Users\Dennis\Desktop
2008-04-30 11:44:46 0 d--h----- C:\Users\Dennis\AppData
2008-04-30 11:40:58 0 d-------- C:\Windows\Debug
2008-04-30 11:37:22 0 d-------- C:\Windows\SoftwareDistribution
2008-04-30 11:35:14 0 d-------- C:\Windows\CSC
2008-04-30 11:33:14 0 d-------- C:\Windows\Prefetch
2008-04-30 11:33:07 0 d--hs---- C:\System Volume Information
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-04 20:30:54 0 d-------- C:\Users\Dennis\AppData\Roaming\Xfire
2008-05-04 20:25:45 4498 --a------ C:\Windows\system32\perfh019.dat
2008-05-04 20:25:45 125472 --a------ C:\Windows\system32\perfc019.dat
2008-05-04 20:14:57 0 d-------- C:\Users\Dennis\AppData\Roaming\uTorrent
2008-05-04 16:59:19 0 d-------- C:\Users\Dennis\AppData\Roaming\mIRC
2008-05-03 23:33:48 0 d-------- C:\Users\Dennis\AppData\Roaming\NoNameScript
2008-05-03 13:51:27 0 d-------- C:\Users\Dennis\AppData\Roaming\Lavasoft
2008-05-03 12:06:14 0 d-------- C:\Users\Dennis\AppData\Roaming\Logitech
2008-05-03 11:18:08 0 d-------- C:\Users\Dennis\AppData\Roaming\ESET
2008-05-03 11:07:05 0 d-------- C:\Users\Dennis\AppData\Roaming\LimeWire
2008-05-02 11:27:34 0 d-------- C:\Users\Dennis\AppData\Roaming\Touchstone
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Sidebar
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Mail
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Journal
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Collaboration
2008-05-01 23:06:36 0 d-------- C:\Program Files\Windows Calendar
2008-05-01 23:06:36 0 d-------- C:\Program Files\Movie Maker
2008-05-01 23:06:35 0 d-------- C:\Program Files\Windows Defender
2008-05-01 21:46:18 0 d-------- C:\Program Files\Microsoft Games
2008-05-01 16:39:13 0 d-------- C:\Users\Dennis\AppData\Roaming\Adobe
2008-05-01 16:37:37 0 d-------- C:\Program Files\Common Files
2008-05-01 16:16:07 0 d-------- C:\Users\Dennis\AppData\Roaming\teamspeak2
2008-04-30 14:49:54 0 d-------- C:\Users\Dennis\AppData\Roaming\DAEMON Tools
2008-04-30 14:24:12 0 d-------- C:\Users\Dennis\AppData\Roaming\WinRAR
2008-04-30 13:45:40 0 d-------- C:\Users\Dennis\AppData\Roaming\SmartFTP
2008-04-30 12:27:35 0 d-------- C:\Users\Dennis\AppData\Roaming\InstallShield
2008-04-30 12:23:38 0 d-------- C:\Users\Dennis\AppData\Roaming\Ventrilo
2008-04-30 12:09:56 0 d-------- C:\Users\Dennis\AppData\Roaming\Macromedia
2008-04-30 12:03:43 0 d-------- C:\Users\Dennis\AppData\Roaming\ATI
2008-04-30 11:46:15 0 d-------- C:\Users\Dennis\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21-01-2008 04:21]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21-01-2008 12:17]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 02:17 C:\Windows\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [13-03-2008 16:48]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [13-12-2007 17:43]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [13-12-2007 17:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21-01-2008 04:21]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21-01-2008 04:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21-01-2008 04:23]

C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [4/23/2008 12:28:56 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/30/2008 12:28:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bf8abc0-16b5-11dd-b964-0019662eb6e3}]
AutoRun\command- G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b694db0-1698-11dd-bd99-806e6f6e6963}]
AutoRun\command- E:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-05-04 20:33:50 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2046.58 MiB / 1385.11 MiB
Pagefile Memory (total/avail): 4342.46 MiB / 3570.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.43 MiB

C: is Fixed (NTFS) - 74.5 GiB total, 36.56 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 268.94 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDT725032VLAT80 ATA Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD800BB-75CAA0 ATA Device - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ESET Personal firewall v3.0.650.0 (ESET, spol. s r. o.)
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Dennis\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENNIS-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Dennis
LOCALAPPDATA=C:\Users\Dennis\AppData\Local
LOGONSERVER=\\DENNIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Dennis\AppData\Local\Temp
TMP=C:\Users\Dennis\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=Dennis-PC
USERNAME=Dennis
USERPROFILE=C:\Users\Dennis
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Dennis


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding --> MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA*SPORTS™ NBA*LIVE*08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
ESET Smart Security --> MsiExec.exe /I{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}
EVEREST Ultimate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FreeStyle Street Basketball(TM) --> C:\Program Files\InstallShield Installation Information\{E192E363-0D29-4D22-B034-F2E457CC0660}\setup.exe -runfromtemp -l0x0009 -removeonly
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x13
HijackThis 2.0.2 --> "C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8CQLVVA\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech GamePanel Software 2.02 --> MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0013 -removeonly
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
NoNameScript --> C:\Users\Dennis\AppData\Roaming\NoNameScript\nnuninstall.exe
Real Desktop 1.15 --> "C:\Program Files\Real Desktop\unins000.exe"
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Turok --> C:\Program Files\InstallShield Installation Information\{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}\setup.exe -runfromtemp -l0x0009Turok -removeonly
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Mail --> MsiExec.exe /I{DB8DEC88-4D53-4A3A-964A-D22509D27455}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1845 / Error
Event Submitted/Written: 05/04/2008 08:23:08 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type1844 / Error
Event Submitted/Written: 05/04/2008 08:23:07 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type1843 / Error
Event Submitted/Written: 05/04/2008 08:23:00 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versi on="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",versio n="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type1841 / Error
Event Submitted/Written: 05/04/2008 08:20:58 PM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type1837 / Success
Event Submitted/Written: 05/04/2008 08:19:27 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11601 / Warning
Event Submitted/Written: 05/04/2008 08:33:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

For more information please see the following:
%Dennis-PC275

Scan ID: {39B80684-3234-4A56-A3E5-9CD88B2434AC}

User: Dennis-PC\Dennis

Name: %Dennis-PC271

ID: %Dennis-PC272

Severity ID: %Dennis-PC273

Category ID: %Dennis-PC274

Path Found: %Dennis-PC276

Alert Type: %Dennis-PC278

Detection Type: 1.1.1600.02

Event Record #/Type11600 / Warning
Event Submitted/Written: 05/04/2008 08:33:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

For more information please see the following:
%Dennis-PC275

Scan ID: {37C5FE72-4F0F-4C83-9033-C8A23A2F75CF}

User: Dennis-PC\Dennis

Name: %Dennis-PC271

ID: %Dennis-PC272

Severity ID: %Dennis-PC273

Category ID: %Dennis-PC274

Path Found: %Dennis-PC276

Alert Type: %Dennis-PC278

Detection Type: 1.1.1600.02

Event Record #/Type11599 / Warning
Event Submitted/Written: 05/04/2008 08:33:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

For more information please see the following:
%Dennis-PC275

Scan ID: {39536044-2AAC-45D3-B187-47FB1A10826F}

User: Dennis-PC\Dennis

Name: %Dennis-PC271

ID: %Dennis-PC272

Severity ID: %Dennis-PC273

Category ID: %Dennis-PC274

Path Found: %Dennis-PC276

Alert Type: %Dennis-PC278

Detection Type: 1.1.1600.02

Event Record #/Type11598 / Warning
Event Submitted/Written: 05/04/2008 08:33:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

For more information please see the following:
%Dennis-PC275

Scan ID: {35CB28C6-F0E1-40F0-8C4A-051DCEC50824}

User: Dennis-PC\Dennis

Name: %Dennis-PC271

ID: %Dennis-PC272

Severity ID: %Dennis-PC273

Category ID: %Dennis-PC274

Path Found: %Dennis-PC276

Alert Type: %Dennis-PC278

Detection Type: 1.1.1600.02

Event Record #/Type11597 / Warning
Event Submitted/Written: 05/04/2008 08:33:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dennis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dennis-PC27 can't undo changes that you allow.

For more information please see the following:
%Dennis-PC275

Scan ID: {FDDFB83C-730E-46E7-8B13-42C39257ABA1}

User: Dennis-PC\Dennis

Name: %Dennis-PC271

ID: %Dennis-PC272

Severity ID: %Dennis-PC273

Category ID: %Dennis-PC274

Path Found: %Dennis-PC276

Alert Type: %Dennis-PC278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-05-04 20:33:50 ------------

Zou je deze stap eens in veilige modus willen proberen:

Start - Uitvoeren en geef bij het invulvenster de volgende regel in:
sc delete MsSecurity1.209.4
Druk op OK.

Herstart naar normale modus en post een nieuw logje van Hijackthis

Ook gedaan ,
Logje van hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:25:24, on 5-5-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 5555 bytes

Logje ziet er goed uit

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Dan denk ik dat het wel weer OK is