Vraag & Antwoord

Beveiliging & privacy

Hijack log nakijken aub

Anoniem
None
34 antwoorden
  • Probeer dit even

    Download Brute Force Uninstaller.
    Unzip het naar een nieuwe map op je C-schijf die je BFU noemt.

    Start the Brute Force Uninstaller door te dubbelklikken op BFU.exe en plak onderstaande url in de adresbalk:

    http://metallica.geekstogo.com/p2pnetwork.bfu

    Klik op "Ok" en vervolgens op "Execute in Brute Force Uninstaller".

    Wacht (geduldig) tot je de boodschap "complete script execution" te zien krijgt en klik daarna op "Ok".
    Klik op "Exit" om het programma te beeïndigen.

    Download XP_regile.zip: http://www.dougknox.com/xp/fileassoc/xp_regfile.zip
    Unzip het naar je bureaublad.
    Dubbelklik op xp_regfile.reg en laat de wijzigingen aan je register toevoegen.

    Herstart de computer.
    Meld je terug met een update van de problemen.
  • [quote:e46b4a52ee="M@rc"]Probeer dit even

    Download Brute Force Uninstaller.
    Unzip het naar een nieuwe map op je C-schijf die je BFU noemt.

    Start the Brute Force Uninstaller door te dubbelklikken op BFU.exe en plak onderstaande url in de adresbalk:

    http://metallica.geekstogo.com/p2pnetwork.bfu

    Klik op "Ok" en vervolgens op "Execute in Brute Force Uninstaller".

    Wacht (geduldig) tot je de boodschap "complete script execution" te zien krijgt en klik daarna op "Ok".
    Klik op "Exit" om het programma te beeïndigen.

    Download XP_regile.zip: http://www.dougknox.com/xp/fileassoc/xp_regfile.zip
    Unzip het naar je bureaublad.
    Dubbelklik op xp_regfile.reg en laat de wijzigingen aan je register toevoegen.

    Herstart de computer.
    Meld je terug met een update van de problemen.[/quote:e46b4a52ee]

    Dit is het regkey document:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
    "LowRiskFileTypes"=".zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=dword:00000000

    Heb bovenstaande raad van m@rc opgevolgd, maar die foutmelding op mijn hdd van runtime error blijft bestaan :cry:
  • Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:146c7871cf]REGEDIT4

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    [/code:1:146c7871cf]
    Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Herstart de computer en maak een nieuwe Hijackthislog. Post deze.
    Probleem is er nog steeds neem ik aan?
  • Logfile of HijackThis v1.99.1
    Scan saved at 20:57:17, on 2/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Cherry\KeyMan\KeyMan.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\EPoX\USDM\USDM.EXE
    C:\Program Files\LifeView TVR\RecSche.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ISP Monitor\isp.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\Program Files\BMT MouseTracker\MouseTrack.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\lvhidsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Cherry\CDI\CDI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
    O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
    O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe
    O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
  • Logje ziet er goed uit.

    Zijn er nog problemen?

    Doe dit nog even:
    Start HijackThis. Ga naar Config – Misc Tools.
    Plaats een vinkje bij:
    - List also Minor sections (full)
    - List Empty sections (complete)
    Klik op de knop ”Generate Startuplist log”.
    Er wordt een bestand aangemaakt: startuplist.txt.
    Post de inhoud van dit bestand.
  • [quote:6734c72ef3="M@rc"]Logje ziet er goed uit.

    Zijn er nog problemen?

    Doe dit nog even:
    Start HijackThis. Ga naar Config – Misc Tools.
    Plaats een vinkje bij:
    - List also Minor sections (full)
    - List Empty sections (complete)
    Klik op de knop ”Generate Startuplist log”.
    Er wordt een bestand aangemaakt: startuplist.txt.
    Post de inhoud van dit bestand.[/quote:6734c72ef3]

    StartupList report, 2/10/2005, 21:57:46
    StartupList version: 1.52.2
    Started from : C:\Program Files\Hijack\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Cherry\KeyMan\KeyMan.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\EPoX\USDM\USDM.EXE
    C:\Program Files\LifeView TVR\RecSche.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ISP Monitor\isp.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\Program Files\BMT MouseTracker\MouseTrack.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\lvhidsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Cherry\CDI\CDI.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\LifeView TVR\TVR.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\LifeView TVR\video.ex_
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\NarcoticKrieke\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    CherryKeyMan = "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
    SoundMan = SOUNDMAN.EXE
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    EPoXUSDM = "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    RecSche = "C:\Program Files\LifeView TVR\RecSche.exe"
    MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Norton SystemWorks = "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    ISPMonitor = C:\Program Files\ISP Monitor\isp.exe
    DynDNS Updater = "C:\Program Files\DynDNS Updater\DynDNS.exe"
    BMT = C:\Program Files\BMT MouseTracker\MouseTrack.exe
    Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Register-editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer - NarcoticKrieke.job
    Norton SystemWorks One Button Checkup.job
    Symantec Drmc.job
    Symantec NetDetect.job

    ————————————————–

    Enumerating Download Program Files:

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

    [Java Plug-in 1.5.0_04]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5free/asinst.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    [Java Plug-in 1.5.0_04]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [PopCapLoader Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    CODEBASE = http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
    Protocol #18: C:\WINDOWS\system32\mswsock.dll
    Protocol #19: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI-stuurprogramma: system32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
    Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
    Stuurprogramma voor AMD K7-processor: system32\DRIVERS\amdk7.sys (system)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP-clientprotocol: system32\DRIVERS\arp1394.sys (manual start)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    Stuurprogramma voor RAS asyncrone media: system32\DRIVERS\asyncmac.sys (manual start)
    Standaard IDE/ESDI-vasteschijfcontroller: system32\DRIVERS\atapi.sys (system)
    Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
    ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
    ATM ARP-client-protocol: system32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audiostub-stuurprogramma: system32\DRIVERS\audstub.sys (manual start)
    Intelligente achtergrondsoverdrachtservice: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start)
    Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
    Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
    Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
    Cd-rom-stuurprogramma: system32\DRIVERS\cdrom.sys (system)
    Cherry PS/2 Keyboard Driver (CDI): system32\DRIVERS\Ch2kPS2.sys (manual start)
    Cherry PS/2 Mouse Driver (CDI): system32\DRIVERS\Ch2kPS2M.sys (manual start)
    Cherry Device Interface: C:\Program Files\Cherry\CDI\CDI.exe (manual start)
    Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    COM+-systeemtoepassing: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    d347bus: system32\DRIVERS\d347bus.sys (system)
    d347prt: System32\Drivers\d347prt.sys (system)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Stuurprogramma voor schijfstations: system32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Stuurprogramma voor Schijfbeheer: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
    Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+-gebeurtenissysteem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
    Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor diskettestationcontroller: system32\DRIVERS\fdc.sys (manual start)
    VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma: system32\DRIVERS\fetnd5.sys (manual start)
    Stuurprogramma voor diskettestation: system32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\DRIVERS\fltMgr.sys (system)
    Stuurprogramma voor Volumebeheer: system32\DRIVERS\ftdisk.sys (system)
    Spelpoort-enumerator: system32\DRIVERS\gameenum.sys (manual start)
    Algemene pakketclassificeerder: system32\DRIVERS\msgpc.sys (manual start)
    VMware hcmon: \??\C:\WINDOWS\system32\Drivers\hcmon.sys (autostart)
    Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class-stuurprogramma: system32\DRIVERS\hidusb.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: system32\DRIVERS\i8042prt.sys (system)
    Filterstuurprogramma voor het branden van cd's: system32\DRIVERS\imapi.sys (system)
    COM-service voor IMAPI cd-branders: C:\WINDOWS\system32\imapi.exe (manual start)
    IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
    IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
    IPSEC-stuurprogramma: system32\DRIVERS\ipsec.sys (system)
    IR Enumerator-service: system32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus-stuurprogramma: system32\DRIVERS\isapnp.sys (system)
    Stuurprogramma voor verschillende toetsenbordtypen: system32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    LifeView LR138 Capture Driver: system32\DRIVERS\lvcap138.sys (manual start)
    Remote HID Service: C:\WINDOWS\system32\lvhidsvc.exe (autostart)
    LifeView WDM TV Tuner: system32\DRIVERS\lvtuner.sys (manual start)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
    Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Delen van Extern bureaublad met NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Stuurprogramma voor muistypen: system32\DRIVERS\mouclass.sys (system)
    Stuurprogramma voor muis-HID: system32\DRIVERS\mouhid.sys (manual start)
    WebDav-client-redirector: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
    BIOS-stuurprogramma voor Microsoft Systeembeheer: system32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start)
    Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" (autostart)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050928.007\NAVENG.Sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050928.007\NavEx15.Sys (manual start)
    Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start)
    RAS NDIS TAPI-stuurprogramma: system32\DRIVERS\ndistapi.sys (manual start)
    I/O-protocol van NDIS-gebruikermodus: system32\DRIVERS\ndisuio.sys (manual start)
    RAS NDIS WAN-stuurprogramma: system32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS-interface: system32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    1394-stuurprogramma: system32\DRIVERS\nic1394.sys (manual start)
    Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor Netwerkcontrole: system32\DRIVERS\NMnt.sys (manual start)
    Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)
    Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
    Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (autostart)
    NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
    Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
    VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
    OMSCAN: \Sys (autostart)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Creative WebCam NX: system32\DRIVERS\P1110VID.sys (manual start)
    Stuurprogramma voor parallelle poort: system32\DRIVERS\parport.sys (manual start)
    PCI Bus-stuurprogramma: system32\DRIVERS\pci.sys (system)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-services: %SystemRoot%\system32\lsass.exe (autostart)
    WAN-minipoort (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-pakketplanner: system32\DRIVERS\psched.sys (manual start)
    Stuurprogramma voor Directe parallelle verbinding: system32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    Stuurprogramma voor Automatische verbinding voor RAS: system32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    WAN-minipoort (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Verbindingsbeheer voor RAS: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    PPPOE-RAS-stuurprogramma: system32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Stuurprogramma voor Terminal-serverapparaatredirector: system32\DRIVERS\rdpdr.sys (manual start)
    Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Stuurprogramma voor afspeelfilter van digitale cd-audio: system32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (manual start)
    SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (system)
    SAVScan: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe" (manual start)
    ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SDdriver: \??\C:\WINDOWS\system32\Drivers\sddriver.sys (manual start)
    Secdrv: system32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    SIEMENS Serial port driver: system32\DRIVERS\ser2pl.sys (manual start)
    Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
    Stuurprogramma voor seriële poort: system32\DRIVERS\serial.sys (system)
    Serv-U FTP Server: C:\PROGRA~1\Serv-U\ServUDaemon.exe (autostart)
    Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
    SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
    Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
    Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (autostart)
    Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Stuurprogramma voor systeemherstelfilter: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
    System Restore-service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    SRV: system32\DRIVERS\srv.sys (manual start)
    SSDP Discovery-service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    Software Bus-stuurprogramma: system32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E1BE93ED-FFCC-4DF0-99B9-15C27F08276E} (manual start)
    Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
    SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
    SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
    SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys (manual start)
    symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
    SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
    SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
    Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor TCP/IP-protocol: system32\DRIVERS\tcpip.sys (system)
    Stuurprogramma voor terminal-apparaat: system32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update-stuurprogramma: system32\DRIVERS\update.sys (manual start)
    Universele Plug en Play-apparaathost: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
    Stuurprogramma voor USB-scanner: system32\DRIVERS\usbscan.sys (manual start)
    Stuurprogramma voor USB-massaopslag: system32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    ViaIde: system32\DRIVERS\viaide.sys (system)
    viasraid: system32\drivers\viasraid.sys (system)
    VMware Authorization Service: C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (autostart)
    VMware Virtual Ethernet Adapter Driver: system32\DRIVERS\vmnetadapter.sys (manual start)
    VMware Bridge Protocol: system32\DRIVERS\vmnetbridge.sys (autostart)
    VMware DHCP Service: C:\WINDOWS\system32\vmnetdhcp.exe (autostart)
    VMware Network Application Interface: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys (autostart)
    VMware VMparport: \??\C:\WINDOWS\system32\Drivers\VMparport.sys (autostart)
    VMware NAT Service: C:\WINDOWS\system32\vmnat.exe (autostart)
    VMware vmx86: \??\C:\WINDOWS\system32\Drivers\vmx86.sys (autostart)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    RAS IP ARP-stuurprogramma: system32\DRIVERS\wanarp.sys (manual start)
    Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI-prestatieadapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\NARCOT~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\NARCOT~1\Cookies\index.dat


    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 38.858 bytes
    Report generated in 0,156 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
  • Ziet er ook goed uit.
    Het probleem is er nog steeds?
  • [quote:17bf80ec62="M@rc"]Ziet er ook goed uit.
    Het probleem is er nog steeds?[/quote:17bf80ec62]

    Spijtig genoeg wel.
  • Kijk eens in je systeemlogboek of daar een vermelding staat naar de fout die je krijgt.
    Zo ja post de details.
  • [quote:f31f012191="M@rc"]Kijk eens in je systeemlogboek of daar een vermelding staat naar de fout die je krijgt.
    Zo ja post de details.[/quote:f31f012191]
    In mijn systeemlogboek vindt ik niets terug. Heb ondertussen eens een scan laten doen van een tool van seagate zelf:

    Primair IDE-kanaal : ST3160023A
    Model: ST3160023A
    Serial Number: 5JS5V1HQ
    Capacity: 160.04 GB
    Test result: Self-test routine completed without error.
  • Ik vind geen echte oplossing voor je probleem.
    Bepaalde spyware kan dit veroorzaken.
    Best dat je misschien toch eens een scan doet met een geupdate Ad-Aware SE en met Spybot Search & Destroy.
    Een andere oorzaak die vaak genoemd wordt is de google toolbar, maar die zie ik niet in je log. Heb je deze in het verleden gebruikt of is deze toevallig nog geïnstalleerd op de pc?

    Raar is wel dat het slechts bij één harde schijf voorkomt. Zijn de instelling / aansluitingen van je schijf ok? (het master/slave verhaal)
  • [quote:afcf9f529c="M@rc"]Ik vind geen echte oplossing voor je probleem.
    Bepaalde spyware kan dit veroorzaken.
    Best dat je misschien toch eens een scan doet met een geupdate Ad-Aware SE en met Spybot Search & Destroy.
    Een andere oorzaak die vaak genoemd wordt is de google toolbar, maar die zie ik niet in je log. Heb je deze in het verleden gebruikt of is deze toevallig nog geïnstalleerd op de pc?

    Raar is wel dat het slechts bij één harde schijf voorkomt. Zijn de instelling / aansluitingen van je schijf ok? (het master/slave verhaal)[/quote:afcf9f529c]

    Euhm, mss een licht op het einde van de donkere tunnel, wnr ik op mijn seagate browse, krijg ik tot nu toe(ik ga het hout vasthouden) geen foutmelding meer. Wel duurt het ietsje langer om te openen, enkele milliseconden, maar ik geraak er toch in.

    M@rc, moest ge een vrouw zijn, ik geef u een dikke dikke knuffel, merci voor de fantastische hulp. Echt, zonder jou zou dit niet gelukt zijn. (en de andere die geholpen hebben, ook bedankt zulle!! :D
  • :lol:

    Graag gedaan hoor.

    Best dat je toch nog even alle bestaande systeemherstelpunten wist.
  • [quote:076419c9fb="M@rc"]:lol:

    Graag gedaan hoor.

    Best dat je toch nog even alle bestaande systeemherstelpunten wist.[/quote:076419c9fb]Systeem herstel wordt bij de setup van xp direct uitgezet, dus daarmee heb ik geen problemen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.