dubbel check aub

[rap]

Dear all,

Heb vorige week en dit weekend virussen en trojan horses gehad 'denk ik' en verwijderd. Heb volgende programs hun werk laten doen en zal het hierbij posten zodanig jullie minder ' in mijn geval ' werk zouden hebben. Ik wil gewoon zeker zijn dat alles verwijderd is en dat ik al het nodige heb gedaan.

Eerst Dr Web Cure gedaan en niets gevonden, zowel op mijn c-als d-schijf.
Terwijl het eerste prog zijn werk deed, heeft mijn antivirus g-data 3 trojan horses gevonden. Deze had ik geïsoleerd en verwijderd met g-data.
Vervolgens CW shredder laten lopen , alles perfect in order, geen mistoestanden gevonden. Vervolgens Simply Super Software Trojan Remover uitvoerig scan uitgevoerd en niets gevonden. Heb voor de zekerheid nog hijack nieuwe scan laten uitvoeren, hopelijk vinden jullie er niets mis meer in.

Ziehier de recente hijjack:

Logfile of HijackThis v1.99.1
Scan saved at 21:25:06, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\AntiVirusKit 2006\AVKService.exe
C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\HP_Administrator\Mijn documenten\Nieuwe map\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168370684140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168375315937
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKService.exe
O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Zou nu alles wederom in orde zijn?

Thanks voor het nazicht. Indien jullie dringender zaken hebben, laat dit geen voorrang hebben aub. Andere met ernstiger problemen moeten eerst geholpen worden. Thanks

Grtz

rap

[BendeBoy]

Hallo Rap,

Ik zal je logje eens rap analyseren en vervolgens een fix plaatsen zodra deze is goedgekeurd. Eventjes geduld aub.

Daniël

[BendeBoy]

Hallo Rap,
Volg eventjes deze onderstaande stappen.

Start HijackThis en kies voor 'Do a system scan only' - Als de scan compleet is vink dan de onderstaande regels in HijackThis aan:

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
• R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
• O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Sluit alle openstaande vensters (Internet browsers, windows vensters etc) behalve HijackThis!, druk vervolgens op 'Fix Checked' en sluit HijackThis.

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6.0.

• Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Klik op de "Download"knop aan de rechterkant.
• Vink aan: "Accept License Agreement".
• De pagina zal herladen.
• Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Om nog een kleine controle uit te voeren, doen we een scan met Combofix.

Download Combofix en sla deze op.
Dubbelklik Combofix.exe
Volg de instructies, aanvaard de disclaimer door "y"of "Y"te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Combofix zal de PC als het klaar is laten herstarten, als hij dat niet doet doe dit dan handmatig.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log

(Mocht er geen Combofix logje openen kan je deze vinden in C:\Combofix.txt)

Daniël

[rap]

Bedankt Daniël,

Zal vanavond je opdrachten/taken uitvoeren.

Grtz

rap

[rap]

Good evening BendeBoy alias Daniël,

Ziehier de gevraagde logjes:

eerst combofix:
"HP_Administrator" - 07-01-31 21:33:55 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\HP_Administrator\Mijn documenten\Nieuwe map"
((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))


2007-01-31 21:29 <DIR> d-------- C:\Program Files\Java
2007-01-31 21:29 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-30 20:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-30 20:27 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-01-30 20:27 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-01-30 20:27 <DIR> d-------- C:\Program Files\Trojan Remover
2007-01-30 20:27 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Simply Super Software
2007-01-29 21:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\DoctorWeb
2007-01-29 20:40 <DIR> d-------- C:\Program Files\MSECache
2007-01-29 20:08 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Vso
2007-01-29 20:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-29 20:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Nieuwe map
2007-01-29 20:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Webroot
2007-01-27 12:40 <DIR> d-------- C:\Program Files\Activision Value
2007-01-27 11:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-26 12:04 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-22 21:54 <DIR> d-------- C:\Program Files\Power Tab Software
2007-01-21 13:42 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-21 11:40 87,608 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\ezpinst.exe
2007-01-21 11:40 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 11:40 47,360 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\pcouffin.sys
2007-01-21 11:40 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-01-20 15:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sega
2007-01-20 15:45 <DIR> d-------- C:\Program Files\Sega
2007-01-18 21:32 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-01-18 19:34 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-01-18 19:34 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006
2007-01-18 19:34 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\TuneUp Software
2007-01-18 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TuneUp Software
2007-01-17 22:35 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-01-17 22:35 <DIR> d-------- C:\Program Files\ISP Monitor
2007-01-17 21:11 <DIR> d-------- C:\Program Files\Registry Mechanic
2007-01-17 20:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-17 20:14 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Lavasoft
2007-01-17 19:57 <DIR> d-------- C:\Program Files\IObit
2007-01-17 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-14 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BOONTY
2007-01-14 02:06 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Ahead
2007-01-14 02:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-14 00:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-14 00:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-14 00:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-13 20:14 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Canon
2007-01-13 17:26 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Shared
2007-01-13 17:26 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Incomplete
2007-01-13 17:23 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.limewire
2007-01-13 16:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-13 16:54 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-13 16:54 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-13 16:53 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-01-13 16:53 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\ScanSoft
2007-01-13 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ScanSoft
2007-01-13 16:52 <DIR> d-------- C:\Program Files\ScanSoft
2007-01-13 16:50 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-01-13 16:50 <DIR> d-------- C:\Program Files\ArcSoft
2007-01-13 16:48 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Application Data\CanonBJ
2007-01-13 16:46 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2007-01-13 16:46 161,792 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-01-13 16:46 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2007-01-13 16:46 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2007-01-13 16:46 1,134,592 --a------ C:\WINDOWS\system32\CNCC160.DLL
2007-01-13 16:46 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-01-13 16:46 <DIR> d--h----- C:\Program Files\CanonBJ
2007-01-13 16:25 <DIR> d-------- C:\Program Files\Canon
2007-01-12 17:51 <DIR> d-------- C:\WINDOWS\Sun
2007-01-11 22:45 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-11 22:45 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-01-11 22:44 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-11 22:42 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-11 22:41 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-11 20:14 <DIR> d-------- C:\Program Files\Gadwin Systems
2007-01-10 20:37 <DIR> d-------- C:\Program Files\RegCleaner
2007-01-09 21:56 128,232 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-09 21:50 <DIR> d-------- C:\e22a50de566dd425fa22c1
2007-01-09 21:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-09 21:48 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-09 21:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-09 21:44 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-09 20:25 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-09 20:25 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-09 20:24 <DIR> d--hs---- C:\DOCUME~1\HP_ADM~1\UserData
2007-01-09 20:19 <DIR> d-------- C:\Program Files\Grisoft
2007-01-09 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-09 19:19 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Help
2007-01-09 19:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Google
2007-01-08 21:52 52,858 --a------ C:\WINDOWS\system32\interceptor.sys
2007-01-08 21:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-01-08 21:52 28,066 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2007-01-08 21:52 27,059 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-01-08 21:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-01-08 21:52 <DIR> d-------- C:\Program Files\CDRecordKit
2007-01-08 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\G DATA
2007-01-08 21:51 <DIR> d-------- C:\Program Files\Common Files\G DATA
2007-01-08 21:51 <DIR> d-------- C:\Program Files\AntiVirusKit 2006
2007-01-06 00:05 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-01-05 22:49 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sun

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2007-01-30 22:57 -------- d--h----- C:\Program Files\installshield installation information
2007-01-30 22:57 -------- d-------- C:\Program Files\google
2007-01-29 20:07 -------- d-------- C:\Program Files\hasbro interactive
2007-01-26 20:35 2018 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\wklnhst.dat
2007-01-21 13:42 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\mozilla
2007-01-21 11:40 7824 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\pcouffin.cat
2007-01-21 11:40 34 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\pcouffin.log
2007-01-21 11:40 1144 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\pcouffin.inf
2007-01-20 15:56 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-14 17:17 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-14 10:58 -------- d-a------ C:\Program Files\Common Files\lightscribe
2007-01-12 22:42 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
2007-01-09 08:33 -------- d-------- C:\Program Files\ahead
2007-01-03 12:44 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-30 13:01 -------- d-------- C:\Program Files\Common Files\swf studio
2006-12-30 11:21 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\macromedia
2006-12-28 15:23 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-12-28 15:23 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-12-28 09:54 -------- d-------- C:\Program Files\2015
2006-12-28 09:53 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-20 16:22 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\real
2006-12-15 15:50 -------- d-------- C:\Program Files\Common Files\supportsoft
2006-12-09 18:05 -------- d-------- C:\Program Files\tomb raider - legend
2006-12-09 18:04 -------- d-------- C:\Program Files\infogrames
2006-11-08 22:50 196 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\g-force prefs (windowsmediaplayer).txt
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 22:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 22:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 22:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 22:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 22:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 22:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 22:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 04:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 04:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 04:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 04:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 04:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 04:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 04:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 04:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 04:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 04:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 15:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 00:35 8271872 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-02 23:53 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-02 23:52 257536 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-02 23:50 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 12:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe"
"Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"ISPMonitor"="C:\\Program Files\\ISP Monitor\\isp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"RTHDCPL"="RTHDCPL.EXE"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46 ,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70 ,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVKTray"="\"C:\\Program Files\\AntiVirusKit 2006\\AVKTray\\AVKTray.exe\""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE ~1\\ISUSPM.exe -startup"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4 f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65 ,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,5 3,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74 ,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
Completion time: 07-01-31 21:35:55

Vervolgens de recente hijjack log van vandaag:

Logfile of HijackThis v1.99.1
Scan saved at 21:46:18, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\AntiVirusKit 2006\AVKService.exe
C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.281\Hi jackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168370684140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168375315937
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKService.exe
O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Ziezo, nu zou je alles hebben.

Thanks voor de moeite en het al het werk. Ik dank je alvast bij voorbaat.

Grtz

rap

[BendeBoy]

Hey Rap,
Ziet er allemaal goed uit

Heb je nog enige problemen ed?

Daniël.

[rap]

Hey Bendeboy,

No problemos, alleen als ik opstart gaat mijn trojanscanner automatisch scannen en hij vind 2 zaken. Zal je vanavond deze doorgeven.

Buiten dat verloopt alles prima. Dus volgens jouw alles oke?
oke dan, thanks for your time and help.

Grtz

rap

[BendeBoy]

Hey Rap,

Kan je resultaten van deze scan doorgeven? Of post eventjes de naam van de infectie die hij vind, bestandsnaam en de bestand locatie.

Daniël

[rap]

Hey BendeBoy,

ziehier de eerste melding:

THE FOLLOWING FILE IS CALLED BY THE WINDOWS REGISTRY AT BOOT TIME:

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\gel90xne.sys
An executable file with this name *has not* been located

The grogram is called from the following Registry Key:
HKLM\SYSTEM\CurrentControlSet\Services\gel90xne

This file connot be found to be scanned (it may be hidden)

Dit is het eerste gedeelte waarbij bij stopt bij de beginfase van het scannen
Het tweede gedeelte heb ik nu niet bij de hand maar krijg je vanavond nog.

Grtz

rap

[rap]

Hey BendeBoy,

Ziehier het tweede gedeelte:

this file is called by an NT/XP Service Registry Key
C:\WINDOWS\system32\61.temp

An executable file with this name *has not* been found(it may not exist)

The program is loaded by the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MEMSWEEP2\"ImagePath"

Hopelijk heb je er wat aan.

Grtz

rap