Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Anders (software)

PC start niet meer normaal op, wel in Safe mode

DiWa
1 antwoord
  • Hallo,

    Ik dacht dat ik goed beschermd was door een continu bijgewerkte antivirus software maar ik heb er nu toch een te pakken.

    Systeem : W2K SP4, business computer. Draait enkel boekhouding en verwante op, Office. Was stabiel.

    Symptoom : pc start niet meer normaal op : W2K splash wordt getoond met voortgangsbalk maar voor die aan het einde komt stopt het en wordt het hele proces herbegonnen (loop). In Safe mode valt nog op te starten.
    Ik heb destijds een copie gemaakt van de hele F partitie (boot) naar een andere schijf (G) en daarvandaan kan ik normaal opstarten. Die is echter niet meer up to date (ondertussen ander scherm geinstall, appl software op F bijgewerkt en niet meer gecopieerd naar G en Outlook instellingen aangepast sedertdien op F). Ik heb voorkeur om voorlopig nog even verder te werken op F tot ik over een paar maand een nieuwe computer aanschaf.

    Heb antiviruscheck laten lopen : 7 gevonden die in quarataine zijn gezet. Oa Partnership.dll.
    Heb ook Skybot laten lopen : geen specifieke problemen.
    En ook www.windowsecurity.com/trojanscan. Ook zonder specifieke problemen.
    Vervolgens een hijackthis.

    Hierbij mijn log file en de startup.
    In de logfile zie ik zelf een paar 'missing files' (misschien is dit gewoon het resultaat nadat de av die files in quarantaine heeft geplaatst).

    Ik zou het erg appreciëren als iemand me kon assisteren bij de volgende te nemen stappen. Welk progr te gebruiken om wat exact te verwijderen.

    Alvast bedankt.

    Dirk

    —————-
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:27, on 16/11/07
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode

    Running processes:
    F:\WINNT\System32\smss.exe
    F:\WINNT\system32\csrss.exe
    F:\WINNT\system32\winlogon.exe
    F:\WINNT\system32\services.exe
    F:\WINNT\system32\lsass.exe
    F:\WINNT\system32\svchost.exe
    F:\WINNT\Explorer.EXE
    F:\WINNT\system32\devldr32.exe
    F:\WINNT\system32
    tvdm.exe
    I:\hijackthis\HijackThis.exe
    F:\WINNT\System32\WBEM\WinMgmt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi
    edir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
    edir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - F:\PROGRA~1\COPERN~2\COPERN~1\COPERN~1.DLL
    F2 - REG:system.ini: UserInit=userinit.exe,F:\WINNT\system32
    tos.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: (no name) - {4BF64127-B636-7EC3-D355-60550AA07B1F} - F:\WINNT\system32\rtnca.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - F:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - F:\WINNT\system32\ramtmb.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - F:\Program Files\Copernic Desktop Search2\DesktopSearchBand2515.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Creative Launcher] F:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    O4 - HKLM\..\Run: [AudioHQ] F:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\NORTON~1
    avapw32.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] F:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
    O4 - HKLM\..\Run: [CopernicPerUserTaskMgr] "F:\WINNT\system32\CopernicPerUserTaskMgr.exe"
    un
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SDiskDaemon] F:\WINNT\sdiskmon.exe
    O4 - HKLM\..\Run: [Acronis True Image Monitor] "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MagicRotation] F:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [startdrv] F:\WINNT\Temp\startdrv.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "F:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [ClockSync] F:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [ATI Scheduler] F:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "F:\Program Files\Copernic Desktop Search2\DesktopSearchService.exe" /tray
    O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    O4 - Startup: Norton System Doctor.lnk = F:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: YPOPs.lnk = F:\Program Files\YPOPs\YPOPs.exe
    O4 - Global Startup: BigFix.lnk = F:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic 2001 Basic\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O16 - DPF: df_hod Classes - https://www.dexia-factoringonline.be/df/df_hod.cab
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3FCF9FE3-C51A-11D4-8D86-00105AC32428} (Factors Images Dutch) - http://www.artesia-factors.be/af/imagenl.cab
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://plugins.10er.nl/girlsclubbe006.exe
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6AE1DE6D-7346-4E3A-9D26-F8D515BDB55A} (Fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179174575524
    O16 - DPF: {7AE0882D-2AE5-4FC7-93B5-E58075680ECB} (OCR.UC) - https://postbox.be/activex/private/OCR.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/be/games4.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DD8D19E2-562F-425F-9490-031BBEF8E0C0} (CERTIPOST_OCR.UC) - https://postbox.be/activex/private/OCR.cab
    O16 - DPF: {E51AFAA0-C519-11D4-8D86-00105AC32428} (Factors Templates) - http://www.artesia-factors.be/af/template.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
    O18 - Filter hijack: text/html - {AC95E125-5567-4829-BC51-1CFA131F4BD0} - (no file)
    O20 - AppInit_DLLs: apitrap.dll F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: partnershipreg - F:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
    O23 - Service: GEARSecurity - GEAR Software - F:\WINNT\System32\GEARSec.exe
    O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Microsoft Inet Service - Unknown owner - F:\WINNT\system32\_svchost.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - F:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1
    opdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: V2i Protector - PowerQuest Corporation - F:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe


    End of file - 12967 bytes

    ——————————
    StartupList report, 16/11/07, 11:49:41
    StartupList version: 1.52.2
    Started from : I:\hijackthis\HijackThis.EXE
    Detected: Windows 2000 SP4 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Showing rarely important sections
    ==================================================

    Running processes:

    F:\WINNT\System32\smss.exe
    F:\WINNT\system32\csrss.exe
    F:\WINNT\system32\winlogon.exe
    F:\WINNT\system32\services.exe
    F:\WINNT\system32\lsass.exe
    F:\WINNT\system32\svchost.exe
    F:\WINNT\Explorer.EXE
    F:\WINNT\system32\devldr32.exe
    F:\WINNT\system32
    tvdm.exe
    I:\hijackthis\HijackThis.exe
    F:\WINNT\System32\WBEM\WinMgmt.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [F:\Documents and Settings\Admin\Start Menu\Programs\Startup]
    CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    Norton System Doctor.lnk = F:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    YPOPs.lnk = F:\Program Files\YPOPs\YPOPs.exe

    Shell folders Common Startup:
    [F:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    BigFix.lnk = F:\Program Files\BigFix\BigFix.exe
    CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = userinit.exe,F:\WINNT\system32
    tos.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Synchronization Manager = mobsync.exe /logon
    EM_EXEC = F:\PROGRA~1\SYSTEM\EM_EXEC.EXE
    Creative Launcher = F:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    AudioHQ = F:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    NAV Agent = F:\PROGRA~1\NORTON~1\NORTON~1
    avapw32.exe
    SymTray - Norton SystemWorks = F:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
    QD FastAndSafe =
    CopernicPerUserTaskMgr = "F:\WINNT\system32\CopernicPerUserTaskMgr.exe"
    un
    AtiPTA = atiptaxx.exe
    SystemTray = SysTray.Exe
    SDiskDaemon = F:\WINNT\sdiskmon.exe
    Acronis True Image Monitor = "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
    Acronis Scheduler2 Service = "F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    TkBellExe = "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    Symantec NetDriver Monitor = F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    SSC_UserPrompt = F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    QuickTime Task = "F:\Program Files\QuickTime\qttask.exe" -atboottime
    Google Desktop Search = "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MagicRotation = F:\Program Files\MagicRotation\MagicPvt.exe
    Adobe Reader Speed Launcher = "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    startdrv = F:\WINNT\Temp\startdrv.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ATI Launchpad = "F:\Program Files\ATI Multimedia\main\launchpd.exe"
    MsnMsgr = "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    H/PC Connection Agent = "F:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    AlturionAU =
    ClockSync = F:\PROGRA~1\CLOCKS~1\Sync.exe /q
    ATI Scheduler = F:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
    swg = F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Copernic Desktop Search 2 = "F:\Program Files\Copernic Desktop Search2\DesktopSearchService.exe" /tray
    updateMgr = "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = F:\WINNT\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = "F:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = "F:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
    StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = F:\WINNT\system32\Rundll32.exe F:\WINNT\system32\mscories.dll,Install

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

    ————————————————–

    Load/Run keys from F:\WINNT\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apitrap.dll F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    ————————————————–

    Shell & screensaver key from F:\WINNT\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=F:\WINNT\system32\COPERN~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    F:\WINNT\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    F:\WINNT\Explorer\Explorer.exe: not present
    F:\WINNT\System\Explorer.exe: not present
    F:\WINNT\System32\Explorer.exe: not present
    F:\WINNT\Command\Explorer.exe: not present
    F:\WINNT\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll - {2E65A557-173C-4DE9-860B-28FC5CACA542}
    (no name) - F:\WINNT\system32\rtnca.dll - {4BF64127-B636-7EC3-D355-60550AA07B1F}
    (no name) - F:\PROGRA~1\Spybot\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    Google Desktop Search Capture - F:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll - {7c1ce531-09e9-4fc5-9803-1c2956615786}
    (no name) - f:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - F:\WINNT\system32\ramtmb.dll (file missing) - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Daily Incremental Backup to M.job
    Incremental Data Backup 29-11.job
    Norton AntiVirus - Scan my computer.job
    Norton Disk Cleanup.job
    Norton Disk Doctor.job
    Norton Speed Disk.job
    Norton SystemWorks One Button Checkup.job

    ————————————————–

    Enumerating Download Program Files:

    [symsupportutil]
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    OSD = F:\WINNT\Downloaded Program Files\OSD34.OSD

    [{0000000A-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB

    [QuickTime Object]
    InProcServer32 = F:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [PCPitstop Utility]
    InProcServer32 = F:\WINNT\DOWNLO~1\PCPITS~1.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = F:\WINNT\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = F:\WINNT\Downloaded Program Files\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

    [Symantec AntiVirus scanner]
    InProcServer32 = F:\WINNT\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [Cult3D ActiveX Player]
    InProcServer32 = F:\WINNT\system32\Cult3D\IECult.dll
    CODEBASE = http://www.cult3d.com/download/cult.cab

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    [Office Update Installation Engine]
    InProcServer32 = F:\WINNT\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

    [Factors Images Dutch]
    InProcServer32 = F:\WINNT\system32\MSJAVA.DLL
    CODEBASE = http://www.artesia-factors.be/af/imagenl.cab

    [{421A63BA-4632-43E0-A942-3B4AB645BE51}]
    CODEBASE = http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab

    [InstallShield Setup Player 2K2]
    CODEBASE = http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe

    [{4E15D681-1D20-11D4-8B72-000021DA1956}]
    CODEBASE = http://plugins.10er.nl/girlsclubbe006.exe

    [MSN Money Charting]
    InProcServer32 = F:\WINNT\Downloaded Program Files\inv13.ocx
    CODEBASE = http://fdl.msn.com/public/investor/v13/invinstl.exe

    [OPUCatalog Class]
    InProcServer32 = F:\WINNT\System32\opuc.dll
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = F:\WINNT\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [Fairtale.Class1]
    CODEBASE = http://www.fairtale.com/dialer/fairtale.cab

    [MUWebControl Class]
    InProcServer32 = F:\WINNT\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179174575524

    [OCR.UC]
    InProcServer32 = F:\WINNT\Downloaded Program Files\OCR.ocx
    CODEBASE = https://postbox.be/activex/private/OCR.cab

    [DASWebDownload Class]
    InProcServer32 = F:\WINNT\DASAct.dll
    CODEBASE = http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab

    [{91433D86-9F27-402C-B5E3-DEBDD122C339}]
    CODEBASE = http://www.netvenda.com/sites/games-intl/be/games4.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37615.9783680556

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = F:\WINNT\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [ActiveDataInfo Class]
    InProcServer32 = F:\WINNT\Downloaded Program Files\SymAData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

    [{CEBC955E-58AF-11D2-A30A-00A0C903492B}]
    CODEBASE = http://windowsupdate.microsoft.com/R980/V31Controls/x86/nt5/nl/actsetup.cab

    [Shockwave Flash Object]
    InProcServer32 = F:\WINNT\system32\Macromed\Flash\Flash9b.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CERTIPOST_OCR.UC]
    InProcServer32 = F:\WINNT\Downloaded Program Files\CONFLICT.1\OCR.ocx
    CODEBASE = https://postbox.be/activex/private/OCR.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = F:\WINNT\Downloaded Program Files\OUTC.DLL
    CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    [Factors Templates]
    InProcServer32 = F:\WINNT\system32\MSJAVA.DLL
    CODEBASE = http://www.artesia-factors.be/af/template.cab

    [ActiveDataObj Class]
    InProcServer32 = F:\WINNT\Downloaded Program Files\ActiveData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    [YBIOCtrl Class]
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab

    ————————————————–

    Enumerating Windows NT/2000/XP services

    Acronis Scheduler2 Service: "F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (autostart)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Alerter: %SystemRoot%\System32\services.exe (autostart)
    Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
    ATI WDM TV Tuner: System32\DRIVERS\atintuxx.sys (autostart)
    WDM TVAudio (ATITVSnd): System32\DRIVERS\atitvsnd.sys (autostart)
    WDM Video Audio Crossbar (ATIXBar): System32\DRIVERS\atixbar.sys (autostart)
    ATI WDM TV Audio Crossbar: System32\DRIVERS\atinxsxx.sys (autostart)
    Automatic LiveUpdate Scheduler: "F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
    Computer Browser: %SystemRoot%\System32\services.exe (autostart)
    Software Cinemaster NT4.0 Driver: \SystemRoot\SYSTEM32\DRIVERS\CINEMSUP.SYS (autostart)
    DHCP Client: %SystemRoot%\System32\services.exe (autostart)
    Eicon CAPI 2.0-stuurprogramma: System32\DRIVERS\DISDN\capi202k.sys (autostart)
    Eicon-poortstuurprogramma: System32\DRIVERS\DISDN\diport40.sys (autostart)
    Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
    DNS Client: %SystemRoot%\System32\services.exe (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart)
    Server: %SystemRoot%\System32\services.exe (autostart)
    Workstation: %SystemRoot%\System32\services.exe (autostart)
    TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
    Messenger: %SystemRoot%\System32\services.exe (autostart)
    Microsoft Inet Service: F:\WINNT\system32\_svchost.exe -A (autostart)
    ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (autostart)
    Norton AntiVirus Auto Protect Service: F:\Program Files\Norton SystemWorks\Norton AntiVirus
    avapsvc.exe (autostart)
    Norton Unerase Protection: F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (autostart)
    Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    PfModNT: \??\F:\WINNT\System32\PfModNT.sys (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
    PPPoE Service: F:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe (autostart)
    Protected Storage: %SystemRoot%\system32\services.exe (autostart)
    Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    R-TT FS Filter: system32\DRIVERS\rttfsfilt.sys (autostart)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    ScriptBlocking Service: F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
    Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
    RunAs Service: %SystemRoot%\system32\services.exe (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    Speed Disk service: F:\PROGRA~1\NORTON~1\SPEEDD~1
    opdb.exe (autostart)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    SymWMI Service: F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
    Acronis TrueImage FS Filter: system32\DRIVERS\tifsfilt.sys (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
    ATI WDM Teletext Decoder: System32\DRIVERS\ATINTTXX.sys (autostart)
    V2i Protector: F:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe (autostart)
    Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)


    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    Network.ConnectionTray: F:\WINNT\system32\NETSHELL.dll
    WebCheck: F:\WINNT\system32\webcheck.dll
    SysTray: stobject.dll

    ————————————————–
    End of report, 18.841 bytes
















Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.