anoniem Geplaatst: 4 juli 2003 Delen Geplaatst: 4 juli 2003 telkens wanneer ik intenet explorer start komt er een installatie voor de dag nl. virtual woman millennium edition. Het komt steeds weer terug ook bij popups komt ie terug. Wat kan ik hieraan doen?? Quote Link naar reactie
anoniem Geplaatst: 4 juli 2003 Auteur Delen Geplaatst: 4 juli 2003 je kunt de FAQ eens lezen terrorgamer .... Dan lees je daar dat je een search kunt gebruiken, zoeken noemen ze dat ... Dan komen er vast wel meer dan 100 recente topics tevoorschijn die hetzelfde probleem hadden en zelfs de antwoorden erbij .... :o .... Nah weet je wat ik ga je het makkelijk maken .... ik geef je een hint : SPYBOT SEARCH AND DESTROY .... en omdat ik in eem goed humeur ben ( gebeurt zelden ) krijg je van mij nóg een hint .... HIJACK THIS ..... SPYWARE ...... :lol: :lol: sux6 Quote Link naar reactie
anoniem Geplaatst: 4 juli 2003 Auteur Delen Geplaatst: 4 juli 2003 dat had ik al gedaan maar dat hielp niet. Quote Link naar reactie
anoniem Geplaatst: 4 juli 2003 Auteur Delen Geplaatst: 4 juli 2003 Download HijackThis. Uitleg en link vind je hier: http://www.tomcoyote.org/hjt/ Unzip en run het. Klik op Scan > Save log en sla het log op als een .txt bestand. Kopieer en plak de inhoud in je volgende post. Fix nog niets. Er zitten ook dingen die je echt nodig hebt. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 heb je wel van ad aware en spybot de update gebruikt? die kun je vinden bij online ... Anders moet je idd ff de uitkomsten van hijack this ff hiero plakken ... kunnen wij vergelijken wat er wel en niet zou horen .... Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gameadvice.com/forums/forumdisplay.php?s=&forumid=13 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file) O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481 O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://209.58.242.206/downloads/UGO20.exe O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.36.36/tukati.cab O16 - DPF: {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - http://www.searchwww.com/toolbar/toolbar.cab sorry van die links. O ja ik was de vorige keer vergeten te zeggen dat het een windows installer opstart als er een nieuw internet explorer window opent. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 Vink het volgende aan in Hijack This, sluit vervolgens alle browservensters en druk op "fix checked": [b:d80b8c05c2]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchgateway.net/search/%s O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file) O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file) O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://209.58.242.206/downloads/UGO20.exe O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.36.36/tukati.cab O16 - DPF: {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - http://www.searchwww.com/toolbar/toolbar.cab [/b:d80b8c05c2] Vervolgens start je even opnieuw op, en wis: C:\WINDOWS\System\WINSTA~1.EXE -b C:\WINDOWS\TVTMD.exe De map C:\WINDOWS\sbnet De map C:\Program Files\ClockSync De map C:\E2G Tenslotte download je [url=http://www.tomcoyote.org/SPYBOT/]Spybot - Search & Destroy[/url] Eerst klik je links op [b:d80b8c05c2]Online[/b:d80b8c05c2], dan "Search For Updates", en vervolgens [i:d80b8c05c2]alle[/i:d80b8c05c2] updates aanvinken en downloaden ( 'download updates'). Nu Internet Explorer afsluiten. Vervolgens klik je linksonder op "check for problems", laat scannen, en laat SB tenslotte alles verwijderen/herstellen. Het programma maakt automatisch backups aan.. Succes, Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 helpt niet hij word nog steeds geladen als ik internet exploror start. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 Start Hijack This weer, maar klik nu op "Config" > "Miscellaneous Tools", en dan "Generate Startuplist Log" Je krijgt dan een tekstbestand dat een uitgebreid overzicht geeft van alles wat er zich op jouw computer afspeelt. Ga naar Bewerken > Alles selecteren, kopiëer het, en laat de hele inhoud daarvan zien. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 InProcServer32 = C:\WINDOWS\System32\Winrep.dll CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab [GSDACtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab [SecureLogin.SecureControl] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481 [WebResponseAttachments Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab [HeartbeatCtl Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [{D27CDB6E-AE6D-11CF-96B8-444553542500}] CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab [DiskHealth2 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 7.117 bytes Report generated in 0,041 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 sorry was nit alles StartupList report, 5-7-2003, 19:02:45 StartupList version: 1.52 Started from : C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MSNGAM~1\zproxy.exe C:\PROGRA~1\MSNGAM~1\zone.exe C:\PROGRA~1\MSNGAM~1\zclient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" POINTER = point32.exe MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER NeroCheck = C:\WINDOWS\system32\NeroCheck.exe VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg SideWinderTrayV4 = C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell= SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR drivers= Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Mijn computer scannen.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [sys Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://active.macromedia.com/director/cabs/sw.cab [Microsoft.WinRep] InProcServer32 = C:\WINDOWS\System32\Winrep.dll CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab [GSDACtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab [SecureLogin.SecureControl] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481 [WebResponseAttachments Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab [HeartbeatCtl Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [{D27CDB6E-AE6D-11CF-96B8-444553542500}] CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab [DiskHealth2 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 7.117 bytes Report generated in 0,041 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 Tja, daar ben ik even stil van, want er is werkelijk niets te zien wat daarvoor verantwoordelijk zou kunnen zijn, en dat ben ik dus niet gewend... :roll: Zou je nog één ding willen proberen: Ga weer naar "Config" > "Miscellaneous Tools", maar vink nu bij "Startuplist" éérst de beide hokjes "List also minor sections" en "list empty sections" aan. Klik vervolgens op "Generate Startuplist log" en post die nieuwe log nog een keer. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 StartupList report, 5-7-2003, 19:20:39 StartupList version: 1.52 Started from : C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MSNGAM~1\zproxy.exe C:\PROGRA~1\MSNGAM~1\zone.exe C:\PROGRA~1\MSNGAM~1\zclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Nick Hendrikse\Menu Start\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" POINTER = point32.exe MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER NeroCheck = C:\WINDOWS\system32\NeroCheck.exe VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg SideWinderTrayV4 = C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{306D6C21-C1B6-4629-986C-E59E1875B8AF}] StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell= SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR drivers= Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Mijn computer scannen.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [{00000161-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab [sys Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://active.macromedia.com/director/cabs/sw.cab [Microsoft.WinRep] InProcServer32 = C:\WINDOWS\System32\Winrep.dll CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab [GSDACtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab [SecureLogin.SecureControl] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab [Java Plug-in 1.4.1_02] InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481 [WebResponseAttachments Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab [HeartbeatCtl Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab [Java Plug-in 1.4.1_02] InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [{D27CDB6E-AE6D-11CF-96B8-444553542500}] CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab [DiskHealth2 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (autostart) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start) Alcatel Speed Touch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) Stuurprogramma voor AMD K7-processor: System32\DRIVERS\amdk7.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) asapiW2k: \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys (autostart) Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system) ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) MAC-brug: System32\DRIVERS\bridge.sys (manual start) MAC-brugminipoort: System32\DRIVERS\bridge.sys (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Symantec Event Manager: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (autostart) Symantec Password Validation Service: C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (manual start) Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system) Indexing-service: C:\WINDOWS\System32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) ENTECH: \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS (manual start) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start) Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start) FreshIO: \??\C:\1\FreshDiagnose\FreshIO.sys (manual start) Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system) Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start) Microsoft SideWinder Value Add - Filterstuurprogramma: System32\DRIVERS\GcKernel.sys (manual start) Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Hid-naar-joystickpoort-enabler: System32\DRIVERS\hidgame.sys (manual start) Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder: System32\DRIVERS\HIDSwvd.sys (manual start) Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system) Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start) Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system) IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system) Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system) Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) mbmiodrvr: \??\C:\WINDOWS\System32\mbmiodrvr.sys (system) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system) WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start) Norton AntiVirus Auto-Protect: C:\Program Files\Norton AntiVirus\navapsvc.exe (autostart) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030702.004\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030702.004\NavEx15.Sys (manual start) RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (manual start) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start) PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart) WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start) Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start) Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start) Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) RivaTuner: \??\C:\1\RivaTuner\RivaTuner.sys (manual start) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SANDRA: \??\C:\Computer easy 02-2003\SiSoftware Sandra Standard\sandra.sys (manual start) SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start) SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart) ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system) Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system) Stuurprogramma voor SiS PCI snelle ethernet-adapter: System32\DRIVERS\sisnic.sys (manual start) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRV: System32\DRIVERS\srv.sys (manual start) SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{07237E79-EEF8-4CF2-9CCA-C89DE8186152} (manual start) Microsoft SideWinder VIA Filterstuurprogramma: System32\DRIVERS\SWUSBFLT.sys (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start) Uploadbeheer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start) Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serienummer van draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Automatische updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 34.049 bytes Report generated in 0,151 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 Ik kan werkelijk even niets bedenken... Als je Engels redelijk is, post dan eens op http://www.spywareinfo.com/forums/ in de Browser Hijacking section. Niet alles hangen Pieter en ik daar vaak rond, maar er lopen daar nog veel anderen die buitengewoon bedreven zijn in het troubleshooten van dit soort problemen. Een verse kijk op de zaak doet vaak wonderen. Ik zou bij je eerste bericht gelijk even een nieuw Hijack This log plaatsen. Dan weet men meteen waar het precies over gaat. Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 en als je nu eens in spybot bij het immuniseer gedeelte ... en dan rechts ongeveer half onderin je browser vastzet tegen andere opstartpagina's dan de jouwe? das het bovenste van de drie vinkjes dar ... dan zou in principe je browser niet meer moeten openen met die vermadelijke dinges ... en bij datzelfde tabje immuniseer kun je ook nog enige vorm van preventieve bescherming tegen spyware aanzetten... en zoek eens in regedit naar registerkeys die iets van die popup vermelden ... wel eerst ff backuppen :wink: Quote Link naar reactie
anoniem Geplaatst: 5 juli 2003 Auteur Delen Geplaatst: 5 juli 2003 "Immuniseren" zal niets uitmaken. Het gaat hier om iets nieuws, en daar heeft SpyBot nog geen detectie voor, noch valt er dus iets te immuniseren. Er zou gewoonweg iets in één van beide of beide logs te zien moeten zijn... :roll: Quote Link naar reactie
anoniem Geplaatst: 6 juli 2003 Auteur Delen Geplaatst: 6 juli 2003 Ton, Hier was toch ook iets mis mee: [SecureLogin.SecureControl] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab ? Terror gamer, Kun je eens op je computer zoeken naar een bestandsnaam die (lijkt op) VrWbet93.exe Grtz, Pieter Quote Link naar reactie
anoniem Geplaatst: 6 juli 2003 Auteur Delen Geplaatst: 6 juli 2003 daarom laat ik hem ook gelijk ze hosts bestandje vastzetten ... dan zou die opstartpagina weg moeten zijn ... en aangezien hij dan toch op die pagina ( in spybot ) is ... 3 kwart van de gebruikers schijnen niet te immuniseren ( of later dat deeltje bij te laten werken ) ... zou zonde zijn om dat dan maar open te laten staan ... Quote Link naar reactie
anoniem Geplaatst: 6 juli 2003 Auteur Delen Geplaatst: 6 juli 2003 [quote:512c27a36a="FoXiERotjEknoR"]daarom laat ik hem ook gelijk ze hosts bestandje vastzetten ... dan zou die opstartpagina weg moeten zijn ... [/quote:512c27a36a] Er is geen enkel mogelijk verband tussen die zaken. Bij het opstarten van Internet Explorer wil er een installatie van virtual woman millennium edition hervatten, en dat heeft helegaar niets te maken met een Hosts file. En of het nou wel of niet "vastgezet" wordt maakt ook niets uit. Pieter, die http://secure2.comned.com is inderdaad een fouterik, en installeert vermoedelijk een dialer. Die moet zowiezo weg; ik had hem over het hoofd gezien... :roll: Quote Link naar reactie
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen