Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis loopt vast

None
14 antwoorden
  • vanmiddag te hulp geroepen bij een trage w98 pc.
    het gebruikelijke opruim- (>100 mb tem ineternetfiles enzo) en detectiewerk, maar pc lijkt alleen maar trager…
    avg vindt niets, stinger evenmin, cwshredder niets, spybot niets om bevreesd over te zijn, maar hijackthis loopt steevast vast. zelfs drie versies gedownload bij 3 verschillende mirrors.
    scannen gaat prima, maar fixen resulteert consequent in een vastloper, en heeft dus geen effect.
    geen idee wat nu te doen, iemand wel een tip?

    zie hier sowieso de scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:15:04, on 14-4-06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.00 (5.00.2314.1000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    A:\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zoek.freeler.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeler.nl/
    O1 - Hosts: 193.67.237.86 www.inter.uunet.nl
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin2.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeler.nl/
    O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.2



  • Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:736aed318e]O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm[/b:736aed318e]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Ga even langs de windows update site. Je gebruikt een steenoude versie van internet explorer.
    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • m@rc bedankt voor de tip! had ik natuutlijk ook zelf kunnen bedenken…..
    inmiddels had ik een aantal updates gedaan.
    probleem met hijackthis in normale modus is verergerd> zodra ik erop klik loopt de muis vrijwel vast en helpt enkel nog ctrl/alt/del.
    dieptescans met nod32 geven enkel 0 threats als resultaat.

    de nieuwe scan volgt hier:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:05:34, on 15-4-06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    D:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zoek.freeler.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeler
    O1 - Hosts: 193.67.237.86 www.inter.uunet.nl
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset
    od32krn.exe"
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin2.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab





  • Start HijackThis. Ga naar Config – Misc Tools.
    Plaats een vinkje bij:
    - List also Minor sections (full)
    - List Empty sections (complete)
    Klik op de knop ”Generate Startuplist log”.
    Er wordt een bestand aangemaakt: startuplist.txt.
    Post de inhoud van dit bestand.

    (probeer dit in gewone modus te doen, lukt het niet dan doe je dit in veilige modus.)
  • Staan er zaken in de ignorelist van hijackthis?
    Zo ja welke dan?
  • m@arc, wederom bedankt.
    hijackthis in normale modus: gaat absoluut niet.
    ignorelist: leeg.

    hier komt de (lange)startup list:

    StartupList report, 15-4-06, 10:48:18
    StartupList version: 1.52.2
    Started from : D:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE
    Detected: Windows 98 Gold (Win9x 4.10.1998)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    D:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    Disknag = C:\DELL\DISKNAG.EXE
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    nod32kui = "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    NOD32kernel = "C:\Program Files\Eset
    od32krn.exe"

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = c:\windows\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [SetupcPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

    [AppletsPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

    [FontsPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

    [{5A8D6EE0-3E18-11D0-821E-444553540000}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

    [PerUser_ICW_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

    [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
    StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

    [PerUser_Msinfo] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

    [PerUser_Msinfo2] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

    [MotownMmsysPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

    [MotownAvivideoPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

    [PerUser_Base] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

    [ShellPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

    [Shell2PerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

    [PerUser_winbase_Links] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

    [PerUser_winapps_Links] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

    [PerUser_LinkBar_URLs] *
    StubPath = c:\windows\COMMAND\sulfnbk.exe /L

    [TapiPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

    [PerUserOldLinks] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

    [MmoptRegisterPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

    [OlsPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

    [PerUser_Paint_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

    [PerUser_Calc_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

    [PerUser_dxxspace_Links] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

    [PerUser_MSBackup_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

    [PerUser_CVT_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf

    [PerUser_Enable_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

    [MotownRecPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

    [PerUser_Vol] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

    [MotownMPlayPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\motown.inf

    [PerUser_MSWordPad_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

    [PerUser_RNA_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

    [PerUser_Wingames_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_Sysmon_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_Sysmeter_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_netwatch_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_CharMap_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_Onlinelnks_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf

    [PerUser_Dialer_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [PerUser_ClipBrd_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

    [{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxprs16.inf,PerUserStub

    [MmoptMusicaPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf

    [MmoptJunglePerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf

    [MmoptRobotzPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf

    [MmoptUtopiaPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf

    [PerUser_CDPlayer_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

    [OlsAolPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

    [OlsAttPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

    [OlsCompuservePerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

    [OlsProdigyPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

    [OlsMsnPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

    [Shell3PerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

    [Theme_Windows_PerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf

    [Theme_MoreWindows_PerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf

    [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exeadvpack.dll

    [>IEPerUser] *
    StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    [>chanbar] *
    StubPath = c:\windows\RUNDLL.EXE setupx.dll,InstallHinfSection add2.chanbar.pui 128 c:\windows\options\cabs\oem_set.inf

    [Chlen-us] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser

    [chlnl-nl] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlnl-nl.inf,InstallUser

    [PerUser_DCC_Inis] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf

    [NetservrPerUser] *
    StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\windows\INF
    etservr.inf

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\GOUDEN~1.SCR
    drivers=mmsystem.dll power.drv

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    C:\WINDOWS\WININIT.INI listing:

    *File not found*

    ————————————————–

    C:\WINDOWS\WININIT.BAK listing:
    (Created 14/4/2006, 22:29:30)

    [Rename]
    NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
    C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SET92F6.TMP
    NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
    C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SET9304.TMP
    C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
    C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
    C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
    C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
    C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
    C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
    C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
    C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
    C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
    C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
    C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
    C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTMSFT.DLL
    C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTRANS.DLL
    C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
    C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
    C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
    C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
    C:\WINDOWS\SYSTEM\IMAGEHLP.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\IMAGEHLP.DLL
    C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMA371.TMP
    C:\WINDOWS\SYSTEM\ADVPACK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMA384.TMP
    C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB015.TMP
    C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB021.TMP
    C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB022.TMP
    C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB024.TMP
    C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB025.TMP
    C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB030.TMP
    C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB031.TMP
    C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB033.TMP
    C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB044.TMP
    C:\WINDOWS\SYSTEM\CRYPT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB050.TMP
    C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB055.TMP
    C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB061.TMP
    C:\WINDOWS\SYSTEM\SOFTPUB.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB062.TMP
    C:\WINDOWS\SYSTEM\MSOSS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB064.TMP
    C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB071.TMP
    C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB081.TMP
    C:\WINDOWS\SYSTEM\WINTRUST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0A0.TMP
    C:\WINDOWS\SYSTEM\RSABASE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0A4.TMP
    C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0C1.TMP
    C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0C3.TMP
    C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0D0.TMP
    C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0D1.TMP
    C:\WINDOWS\SYSTEM\CORPOL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0D2.TMP
    C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB0D5.TMP
    C:\WINDOWS\SYSTEM\DSSBASE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB102.TMP
    C:\WINDOWS\SYSTEM\INSENG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB105.TMP
    C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB120.TMP
    C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMB121.TMP
    NUL=C:\WINDOWS\SHELLI~1
    NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SETB242.TMP
    NUL=C:\WINDOWS\SYSTEM\SENS.DLL
    C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SETB252.TMP
    NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
    C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SETB253.TMP
    NUL=C:\WINDOWS\SYSTEM\ES.DLL
    C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SETB255.TMP
    NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
    C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SETB261.TMP
    NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
    C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SETB263.TMP
    NUL=C:\WINDOWS\fonts\COMIC.TTF
    C:\WINDOWS\fonts\COMIC.TTF=C:\WINDOWS\COMIC.tt2
    NUL=C:\WINDOWS\fonts\COMICBD.TTF
    C:\WINDOWS\fonts\COMICBD.TTF=C:\WINDOWS\COMICBD.tt2
    NUL=C:\WINDOWS\fonts\IMPACT.TTF
    C:\WINDOWS\fonts\IMPACT.TTF=C:\WINDOWS\IMPACT.tt2
    c:\windows\SYSTEM\jscript.dll=c:\windows\SYSTEM\jscript.001
    c:\windows\SYSTEM\vbscript.dll=c:\windows\SYSTEM\vbscript.001
    c:\windows\SYSTEM\OLEAUT32.DLL=c:\windows\SYSTEM\OLEAUT32.002
    c:\windows\SYSTEM\STDOLE2.TLB=c:\windows\SYSTEM\STDOLE2.002

    ————————————————–

    C:\AUTOEXEC.BAT listing:

    SET BLASTER=A220 I5 D3 T4
    LH C:\WINDOWS\AU30DOS.COM
    ECHO OFF
    rem
    rem *** DO NOT EDIT THIS FILE! ***
    rem
    rem This file was created by the System Configuration Utility as
    rem a placeholder for your AUTOEXEC.BAT file. Your actual
    rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
    rem

    ————————————————–

    C:\CONFIG.SYS listing:

    REM [Header]
    REM [CD-ROM Drive]
    REM DEVICE=C:\CDROM\NECATAPI.SYS /D:MSCD001 /PIO
    REM [Miscellaneous]
    REM [Display]
    DEVICE=c:\windows\setver.exe
    device=c:\windows\COMMAND\display.sys con=(ega,,1)
    Country=031,850,c:\windows\COMMAND\country.sys

    ————————————————–

    C:\WINDOWS\WINSTART.BAT listing:

    *File not found*

    ————————————————–

    C:\WINDOWS\DOSSTART.BAT listing:

    LH AU30DOS.COM
    echo off
    REM Notes:
    REM DOSSTART.BAT is run whenenver you choose "Restart the computer
    REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
    REM you to load programs that you might not want loaded in Windows,
    REM (because they have functional equivalents) but that you do
    REM want loaded under MS-DOS. The two primary candidates for
    REM this are MSCDEX and a real mode driver for the mouse you ship
    REM with your system. Commands that you want present in both Windows
    REM and MS-DOS should be placed in the Autoexec.bat in the
    REM \Image directory of your reference server. Please note that for
    REM MSCDEX you will need to load the corresponding real-mode CD
    REM driver in Config.sys. This driver won't be used by Windows 98
    REM but will be available prior to and after Windows 98 exits.
    REM
    REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
    REM before Windows loads and access the CD-ROM. All you have to do
    REM is press F8 and then run DOSSTART to load MSCDEX and your real
    REM mode mouse driver (no need to remember the command line parameters
    REM for these two files.
    REM
    REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
    REM - The string following the /D: statement must explicitly match
    REM the string in CONFIG.SYS following your CD-ROM device driver.
    REM MSCDEX.EXE /D:OEMCD001 /l:d
    REM MOUSE.EXE
    REM DOS MOUSE DRIVER ADDED BY MICROSOFT INTELLIPOINT SETUP
    LH C:\PROGRA~1\MSHARD~1\MOUSE\MOUSE.EXE

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    *No BHO's found*

    ————————————————–

    Enumerating Task Scheduler jobs:

    *No jobs found*

    ————————————————–

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://c:\windows\Java\classes\xmldso4.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [DirectAnimation Java Classes]
    CODEBASE = file://C:\WINDOWS\dajava.cab
    OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    [Internet Explorer Classes for Java]
    CODEBASE = file://c:\windows\SYSTEM\iejava.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

    [Sol2axctl Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SOL2AX.DLL
    CODEBASE = http://download.solitaire.com/download/solitaire.cab

    [{A4639D2F-774E-11D3-A490-00C04F6843FB}]
    CODEBASE = http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [{00000161-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38821.5500462963

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: c:\windows\SYSTEM\rnr20.dll
    Protocol #1: C:\WINDOWS\SYSTEM\imon.dll
    Protocol #2: C:\WINDOWS\SYSTEM\imon.dll
    Protocol #3: C:\WINDOWS\SYSTEM\imon.dll
    Protocol #4: C:\WINDOWS\SYSTEM\imon.dll
    Protocol #5: C:\WINDOWS\SYSTEM\imon.dll
    Protocol #6: c:\windows\SYSTEM\mswsosp.dll
    Protocol #7: c:\windows\SYSTEM\mswsosp.dll
    Protocol #8: c:\windows\SYSTEM\mswsosp.dll
    Protocol #9: c:\windows\SYSTEM\mswsosp.dll
    Protocol #10: c:\windows\SYSTEM\msafd.dll
    Protocol #11: c:\windows\SYSTEM\msafd.dll
    Protocol #12: c:\windows\SYSTEM\msafd.dll
    Protocol #13: c:\windows\SYSTEM\rsvpsp.dll
    Protocol #14: c:\windows\SYSTEM\rsvpsp.dll
    Protocol #15: C:\WINDOWS\SYSTEM\imon.dll

    ————————————————–

    Enumerating Win9x VxD services:

    VNETSUP: vnetsup.vxd
    NDIS: ndis.vxd,ndis2sup.vxd
    JAVASUP: JAVASUP.VXD
    CONFIGMG: *CONFIGMG
    NTKern: *NTKERN
    VWIN32: *VWIN32
    VFBACKUP: *VFBACKUP
    VCOMM: *VCOMM
    IFSMGR: *IFSMGR
    IOS: *IOS
    MTRR: *mtrr
    SPOOLER: *SPOOLER
    UDF: *UDF
    VFAT: *VFAT
    VCACHE: *VCACHE
    VCOND: *VCOND
    VCDFSD: *VCDFSD
    VXDLDR: *VXDLDR
    VDEF: *VDEF
    VPICD: *VPICD
    VTD: *VTD
    REBOOT: *REBOOT
    VDMAD: *VDMAD
    VSD: *VSD
    V86MMGR: *V86MMGR
    PAGESWAP: *PAGESWAP
    DOSMGR: *DOSMGR
    VMPOLL: *VMPOLL
    SHELL: *SHELL
    PARITY: *PARITY
    BIOSXLAT: *BIOSXLAT
    VMCPD: *VMCPD
    VTDAPI: *VTDAPI
    PERF: *PERF
    VRTWD: c:\windows\SYSTEM\vrtwd.386
    VFIXD: c:\windows\SYSTEM\vfixd.vxd
    VNETBIOS: vnetbios.vxd
    TurboVBF: turbovbf.vxd
    NWLink: nwlink.vxd
    NWREDIR: nwredir.vxd
    NSCL: nscl.vxd
    VREDIR: vredir.vxd
    DFS: dfs.vxd
    Hpsjvxd: Hpsjvxd.vxd
    VSERVER: vserver.vxd
    AMON: C:\PROGRA~1\ESET\AMON.VXD

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 30,483 bytes
    Report generated in 0.515 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


  • Download Silent Runners
    Unzip het naar een eigen map.
    Start SilentRunners.vbs
    Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren.
    Wacht tot je een melding krijgt dat het script klaar is.
    Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post de inhoud van dit logje.

    Heb je al eens geprobeerd of hijackthis werkt in als je hijackthis.exe hernoemt naar ht.exe ?
  • hjt hernoemen, of hernoemd vanaf een andere pc gekopieerd, werkt evenmin: bij een dubbelklik erop helpt alleen ctrl-alt-del nog.

    hier volgt het logje van silent runner:
    "Silent Runners.vbs", revision 44, http://www.silentrunners.org/
    Operating System: Windows 98
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ———————————

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ScanRegistry" = "c:\windows\scanregw.exe /autorun" [MS]
    "Disknag" = "C:\DELL\DISKNAG.EXE" ["Dell Computer Corporation"]
    "SystemTray" = "SysTray.Exe" [MS]
    "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
    "nod32kui" = ""C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE" ["Eset "]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
    "NOD32kernel" = ""C:\Program Files\Eset
    od32krn.exe"" ["Eset "]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Exchange"
    -> {HKLM…CLSID} = "Microsoft Outlook"
    \InProcServer32\(Default) = "c:\PROGRA~1\MICROS~3\OFFICE\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM…CLSID} = "Outlook-extensie voor bestandspictogrammen"
    \InProcServer32\(Default) = "c:\PROGRA~1\MICROS~3\OFFICE\OLKFSTUB.DLL" [MS]
    "{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
    -> {HKLM…CLSID} = "Nero Shell Extension Property Sheet"
    \InProcServer32\(Default) = "c:\Program Files\ahead\Nero
    eroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM…CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM…CLSID} = "WinZip"
    \InProcServer32\(Default) = "E:\ARCHIEF\SOFTWARE\WINZIP\wzshlext.dll" [null data]
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
    -> {HKLM…CLSID} = "NOD32 Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Eset
    odshex.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM…CLSID} = "WinZip"
    \InProcServer32\(Default) = "E:\ARCHIEF\SOFTWARE\WINZIP\wzshlext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    NetwareUNCMenu\(Default) = "{B91C21C0-0050-101B-8A87-00AA000C4F5D}"
    -> {HKLM…CLSID} = "Netware UNC Folder Menu"
    \InProcServer32\(Default) = "mpr.dll" [MS]
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM…CLSID} = "WinZip"
    \InProcServer32\(Default) = "E:\ARCHIEF\SOFTWARE\WINZIP\wzshlext.dll" [null data]
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
    -> {HKLM…CLSID} = "NOD32 Context Menu Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Eset
    odshex.dll" [null data]


    Active Desktop and Wallpaper:
    —————————–

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "c:\windows\Clouds.bmp"


    WIN.INI & SYSTEM.INI launch points:
    ———————————–

    SYSTEM.INI
    [boot]
    "SCRNSAVE.EXE=C:\WINDOWS\GOUDEN~1.SCR" (Gouden Gids.scr) ["MacSourcery"]


    Winsock2 Service Provider DLLs:
    ——————————-

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "c:\windows\SYSTEM\rnr20.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\WINDOWS\SYSTEM\imon.dll [null data], 01 - 05, 15
    c:\windows\SYSTEM\mswsosp.dll [MS], 06 - 09
    c:\windows\SYSTEM\msafd.dll [MS], 10 - 12
    c:\windows\SYSTEM\rsvpsp.dll [MS], 13 - 14


    HOSTS file
    ———-

    C:\WINDOWS\HOSTS

    maps: 2 domain names to IP addresses,
    1 of the IP addresses is *not* localhost!


    Print Monitors:
    —————

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    PDF Port\Driver = "C:\WINDOWS\SYSTEM\pdfports.dll" [null data]
    PostScript Language Monitor\Driver = "C:\WINDOWS\SYSTEM\PSMON.DLL" [MS]


    ———-
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ———- (total run time: 56 seconds, including 18 seconds for message boxes)




  • Krijg je een foutmelding wanneer je hijackthis start?
  • neen dus, de muis slaat zo goed als vast, en via ctrl-alt-del hijack beeindigen si het enige om verder weer wat op het apparaat te kunnen doen.
    s&d wordt niet geblokkeerd, maar is wel heelerg lang (ca 30 minuten) bezig.
    adaware wordt niet geblokkeerd maar vindt slechts wat cookies.
    nod32 en avg worden niet merkbaar geblokkeerd maar rapporteren geen fondsen.
    eigenaar had eaccelerator/stop-sign geinstalleerd en ik heb de sterke indruk dat de ellende begon toen ik dat prog via de eigen uninstall teniet deed.
    er zijn op het net wel aanwijzingen voor wraaktendensen na stop-sign maar ik krijg dit niet helder.
  • Probeer eerst dit eens: http://www.safer-networking.org/files/delcwssk.zip
  • dag m@rc,
    die had ik ook al geprobeerd, en dat leidt tot het resultaat dat niets gevonden wordt waar het progje naar moet zoeken.
    wat blijft is het merkwaardige fenomeen dat hijackthis en jv16 in normale modus ± voor vastlopers zorgen, en spybot en cwshredder uiterst traag en op een ´instabiele manier´ worden afgewerkt, evenals trouwens nod32.
    andere progs lopen zonder ook maar enige hapering!
    nod32, avast, avg, trendmicro, stinger vinden niets.
    herinstallatie over de bestaande heen heeft evenmin resultaat.
    op internet vind ik slechts heel vage aanduidingen over het niet werken van virus- en spywarescanners.
    kortom: ben het spoor bijster, en ga de eigenaar een geheel nieuwe installatie aanbieden + een lesje ´hoe klik ik minder enthousiast´.
    m@rc: zeer bedankt voor je tijd en moeite!
  • Probeer dit eens:
    Download DelDomains.inf.
    Rechtsklik en kies voor installeren.

    Daarna probeer je hijackthis opnieuw. (eventueel na reboot)
  • m@rc bedankt wederom, maar ik heb de c: al geformatteerd en voorzien van een nieuwe windows-installatie!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.