Vraag & Antwoord

Anders (software)

PC start niet meer normaal op, wel in Safe mode

1 antwoord
  • Hallo, Ik dacht dat ik goed beschermd was door een continu bijgewerkte antivirus software maar ik heb er nu toch een te pakken. Systeem : W2K SP4, business computer. Draait enkel boekhouding en verwante op, Office. Was stabiel. Symptoom : pc start niet meer normaal op : W2K splash wordt getoond met voortgangsbalk maar voor die aan het einde komt stopt het en wordt het hele proces herbegonnen (loop). In Safe mode valt nog op te starten. Ik heb destijds een copie gemaakt van de hele F partitie (boot) naar een andere schijf (G) en daarvandaan kan ik normaal opstarten. Die is echter niet meer up to date (ondertussen ander scherm geinstall, appl software op F bijgewerkt en niet meer gecopieerd naar G en Outlook instellingen aangepast sedertdien op F). Ik heb voorkeur om voorlopig nog even verder te werken op F tot ik over een paar maand een nieuwe computer aanschaf. Heb antiviruscheck laten lopen : 7 gevonden die in quarataine zijn gezet. Oa Partnership.dll. Heb ook Skybot laten lopen : geen specifieke problemen. En ook www.windowsecurity.com/trojanscan. Ook zonder specifieke problemen. Vervolgens een hijackthis. Hierbij mijn log file en de startup. In de logfile zie ik zelf een paar 'missing files' (misschien is dit gewoon het resultaat nadat de av die files in quarantaine heeft geplaatst). Ik zou het erg appreciëren als iemand me kon assisteren bij de volgende te nemen stappen. Welk progr te gebruiken om wat exact te verwijderen. Alvast bedankt. Dirk ---------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49:27, on 16/11/07 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\csrss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\Explorer.EXE F:\WINNT\system32\devldr32.exe F:\WINNT\system32\ntvdm.exe I:\hijackthis\HijackThis.exe F:\WINNT\System32\WBEM\WinMgmt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - F:\PROGRA~1\COPERN~2\COPERN~1\COPERN~1.DLL F2 - REG:system.ini: UserInit=userinit.exe,F:\WINNT\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: (no name) - {4BF64127-B636-7EC3-D355-60550AA07B1F} - F:\WINNT\system32\rtnca.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - F:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - F:\WINNT\system32\ramtmb.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - F:\Program Files\Copernic Desktop Search2\DesktopSearchBand2515.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Creative Launcher] F:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe O4 - HKLM\..\Run: [AudioHQ] F:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] F:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg O4 - HKLM\..\Run: [CopernicPerUserTaskMgr] "F:\WINNT\system32\CopernicPerUserTaskMgr.exe" /run O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SDiskDaemon] F:\WINNT\sdiskmon.exe O4 - HKLM\..\Run: [Acronis True Image Monitor] "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MagicRotation] F:\Program Files\MagicRotation\MagicPvt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startdrv] F:\WINNT\Temp\startdrv.exe O4 - HKCU\..\Run: [ATI Launchpad] "F:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ClockSync] F:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - HKCU\..\Run: [ATI Scheduler] F:\Program Files\ATI Multimedia\MAIN\ATISched.EXE O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Copernic Desktop Search 2] "F:\Program Files\Copernic Desktop Search2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe O4 - Startup: Norton System Doctor.lnk = F:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Startup: YPOPs.lnk = F:\Program Files\YPOPs\YPOPs.exe O4 - Global Startup: BigFix.lnk = F:\Program Files\BigFix\BigFix.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic 2001 Basic\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL O16 - DPF: df_hod Classes - https://www.dexia-factoringonline.be/df/df_hod.cab O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3FCF9FE3-C51A-11D4-8D86-00105AC32428} (Factors Images Dutch) - http://www.artesia-factors.be/af/imagenl.cab O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://plugins.10er.nl/girlsclubbe006.exe O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6AE1DE6D-7346-4E3A-9D26-F8D515BDB55A} (Fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179174575524 O16 - DPF: {7AE0882D-2AE5-4FC7-93B5-E58075680ECB} (OCR.UC) - https://postbox.be/activex/private/OCR.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/be/games4.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {DD8D19E2-562F-425F-9490-031BBEF8E0C0} (CERTIPOST_OCR.UC) - https://postbox.be/activex/private/OCR.cab O16 - DPF: {E51AFAA0-C519-11D4-8D86-00105AC32428} (Factors Templates) - http://www.artesia-factors.be/af/template.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab O18 - Filter hijack: text/html - {AC95E125-5567-4829-BC51-1CFA131F4BD0} - (no file) O20 - AppInit_DLLs: apitrap.dll F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: partnershipreg - F:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINNT\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe O23 - Service: GEARSecurity - GEAR Software - F:\WINNT\System32\GEARSec.exe O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Microsoft Inet Service - Unknown owner - F:\WINNT\system32\_svchost.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - F:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: V2i Protector - PowerQuest Corporation - F:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe -- End of file - 12967 bytes ------------------------------ StartupList report, 16/11/07, 11:49:41 StartupList version: 1.52.2 Started from : I:\hijackthis\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Showing rarely important sections ================================================== Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\csrss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\Explorer.EXE F:\WINNT\system32\devldr32.exe F:\WINNT\system32\ntvdm.exe I:\hijackthis\HijackThis.exe F:\WINNT\System32\WBEM\WinMgmt.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [F:\Documents and Settings\Admin\Start Menu\Programs\Startup] CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe Norton System Doctor.lnk = F:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE YPOPs.lnk = F:\Program Files\YPOPs\YPOPs.exe Shell folders Common Startup: [F:\Documents and Settings\All Users\Start Menu\Programs\Startup] BigFix.lnk = F:\Program Files\BigFix\BigFix.exe CleanSweep Smart Sweep-Internet Sweep.LNK = F:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe,F:\WINNT\system32\ntos.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon EM_EXEC = F:\PROGRA~1\SYSTEM\EM_EXEC.EXE Creative Launcher = F:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe AudioHQ = F:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE NAV Agent = F:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe SymTray - Norton SystemWorks = F:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg QD FastAndSafe = CopernicPerUserTaskMgr = "F:\WINNT\system32\CopernicPerUserTaskMgr.exe" /run AtiPTA = atiptaxx.exe SystemTray = SysTray.Exe SDiskDaemon = F:\WINNT\sdiskmon.exe Acronis True Image Monitor = "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" Acronis Scheduler2 Service = "F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" TkBellExe = "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Symantec NetDriver Monitor = F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer SSC_UserPrompt = F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe QuickTime Task = "F:\Program Files\QuickTime\qttask.exe" -atboottime Google Desktop Search = "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MagicRotation = F:\Program Files\MagicRotation\MagicPvt.exe Adobe Reader Speed Launcher = "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" startdrv = F:\WINNT\Temp\startdrv.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ATI Launchpad = "F:\Program Files\ATI Multimedia\main\launchpd.exe" MsnMsgr = "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background H/PC Connection Agent = "F:\PROGRA~1\MI3AA1~1\wcescomm.exe" AlturionAU = ClockSync = F:\PROGRA~1\CLOCKS~1\Sync.exe /q ATI Scheduler = F:\Program Files\ATI Multimedia\MAIN\ATISched.EXE swg = F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Copernic Desktop Search 2 = "F:\Program Files\Copernic Desktop Search2\DesktopSearchService.exe" /tray updateMgr = "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = F:\WINNT\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = "F:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = "F:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{6A5110B5-E14B-4268-A065-EF89FF33C325}] * StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = F:\WINNT\system32\Rundll32.exe F:\WINNT\system32\mscories.dll,Install [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl -------------------------------------------------- Load/Run keys from F:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apitrap.dll F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from F:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=F:\WINNT\system32\COPERN~1.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: F:\WINNT\Explorer.exe: PRESENT! C:\Explorer.exe: not present F:\WINNT\Explorer\Explorer.exe: not present F:\WINNT\System\Explorer.exe: not present F:\WINNT\System32\Explorer.exe: not present F:\WINNT\Command\Explorer.exe: not present F:\WINNT\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll - {2E65A557-173C-4DE9-860B-28FC5CACA542} (no name) - F:\WINNT\system32\rtnca.dll - {4BF64127-B636-7EC3-D355-60550AA07B1F} (no name) - F:\PROGRA~1\Spybot\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} Google Desktop Search Capture - F:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll - {7c1ce531-09e9-4fc5-9803-1c2956615786} (no name) - f:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (no name) - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - F:\WINNT\system32\ramtmb.dll (file missing) - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} -------------------------------------------------- Enumerating Task Scheduler jobs: Daily Incremental Backup to M.job Incremental Data Backup 29-11.job Norton AntiVirus - Scan my computer.job Norton Disk Cleanup.job Norton Disk Doctor.job Norton Speed Disk.job Norton SystemWorks One Button Checkup.job -------------------------------------------------- Enumerating Download Program Files: [symsupportutil] CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB OSD = F:\WINNT\Downloaded Program Files\OSD34.OSD [{0000000A-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB [QuickTime Object] InProcServer32 = F:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [PCPitstop Utility] InProcServer32 = F:\WINNT\DOWNLO~1\PCPITS~1.DLL CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Shockwave ActiveX Control] InProcServer32 = F:\WINNT\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = F:\WINNT\Downloaded Program Files\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 [Symantec AntiVirus scanner] InProcServer32 = F:\WINNT\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Cult3D ActiveX Player] InProcServer32 = F:\WINNT\system32\Cult3D\IECult.dll CODEBASE = http://www.cult3d.com/download/cult.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Office Update Installation Engine] InProcServer32 = F:\WINNT\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab [Factors Images Dutch] InProcServer32 = F:\WINNT\system32\MSJAVA.DLL CODEBASE = http://www.artesia-factors.be/af/imagenl.cab [{421A63BA-4632-43E0-A942-3B4AB645BE51}] CODEBASE = http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab [InstallShield Setup Player 2K2] CODEBASE = http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe [{4E15D681-1D20-11D4-8B72-000021DA1956}] CODEBASE = http://plugins.10er.nl/girlsclubbe006.exe [MSN Money Charting] InProcServer32 = F:\WINNT\Downloaded Program Files\inv13.ocx CODEBASE = http://fdl.msn.com/public/investor/v13/invinstl.exe [OPUCatalog Class] InProcServer32 = F:\WINNT\System32\opuc.dll CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab [Symantec RuFSI Utility Class] InProcServer32 = F:\WINNT\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Fairtale.Class1] CODEBASE = http://www.fairtale.com/dialer/fairtale.cab [MUWebControl Class] InProcServer32 = F:\WINNT\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179174575524 [OCR.UC] InProcServer32 = F:\WINNT\Downloaded Program Files\OCR.ocx CODEBASE = https://postbox.be/activex/private/OCR.cab [DASWebDownload Class] InProcServer32 = F:\WINNT\DASAct.dll CODEBASE = http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab [{91433D86-9F27-402C-B5E3-DEBDD122C339}] CODEBASE = http://www.netvenda.com/sites/games-intl/be/games4.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37615.9783680556 [Symantec RuFSI Registry Information Class] InProcServer32 = F:\WINNT\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [ActiveDataInfo Class] InProcServer32 = F:\WINNT\Downloaded Program Files\SymAData.dll CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab [{CEBC955E-58AF-11D2-A30A-00A0C903492B}] CODEBASE = http://windowsupdate.microsoft.com/R980/V31Controls/x86/nt5/nl/actsetup.cab [Shockwave Flash Object] InProcServer32 = F:\WINNT\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [CERTIPOST_OCR.UC] InProcServer32 = F:\WINNT\Downloaded Program Files\CONFLICT.1\OCR.ocx CODEBASE = https://postbox.be/activex/private/OCR.cab [Microsoft Office Tools on the Web Control] InProcServer32 = F:\WINNT\Downloaded Program Files\OUTC.DLL CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab [Factors Templates] InProcServer32 = F:\WINNT\system32\MSJAVA.DLL CODEBASE = http://www.artesia-factors.be/af/template.cab [ActiveDataObj Class] InProcServer32 = F:\WINNT\Downloaded Program Files\ActiveData.dll CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab [YBIOCtrl Class] CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services Acronis Scheduler2 Service: "F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (autostart) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart) Alerter: %SystemRoot%\System32\services.exe (autostart) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ATI WDM TV Tuner: System32\DRIVERS\atintuxx.sys (autostart) WDM TVAudio (ATITVSnd): System32\DRIVERS\atitvsnd.sys (autostart) WDM Video Audio Crossbar (ATIXBar): System32\DRIVERS\atixbar.sys (autostart) ATI WDM TV Audio Crossbar: System32\DRIVERS\atinxsxx.sys (autostart) Automatic LiveUpdate Scheduler: "F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) Computer Browser: %SystemRoot%\System32\services.exe (autostart) Software Cinemaster NT4.0 Driver: \SystemRoot\SYSTEM32\DRIVERS\CINEMSUP.SYS (autostart) DHCP Client: %SystemRoot%\System32\services.exe (autostart) Eicon CAPI 2.0-stuurprogramma: System32\DRIVERS\DISDN\capi202k.sys (autostart) Eicon-poortstuurprogramma: System32\DRIVERS\DISDN\diport40.sys (autostart) Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart) DNS Client: %SystemRoot%\System32\services.exe (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart) Server: %SystemRoot%\System32\services.exe (autostart) Workstation: %SystemRoot%\System32\services.exe (autostart) TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart) Messenger: %SystemRoot%\System32\services.exe (autostart) Microsoft Inet Service: F:\WINNT\system32\_svchost.exe -A (autostart) ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (autostart) Norton AntiVirus Auto Protect Service: F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (autostart) Norton Unerase Protection: F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (autostart) Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) PfModNT: \??\F:\WINNT\System32\PfModNT.sys (autostart) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart) PPPoE Service: F:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe (autostart) Protected Storage: %SystemRoot%\system32\services.exe (autostart) Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) R-TT FS Filter: system32\DRIVERS\rttfsfilt.sys (autostart) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) ScriptBlocking Service: F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart) RunAs Service: %SystemRoot%\system32\services.exe (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) SNMP Service: %SystemRoot%\System32\snmp.exe (autostart) Speed Disk service: F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) SymWMI Service: F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart) Acronis TrueImage FS Filter: system32\DRIVERS\tifsfilt.sys (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart) ATI WDM Teletext Decoder: System32\DRIVERS\ATINTTXX.sys (autostart) V2i Protector: F:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: F:\WINNT\system32\NETSHELL.dll WebCheck: F:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 18.841 bytes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.