Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Anders (internet)

internet probleem

Anoniem
Terror gamer
37 antwoorden
  • telkens wanneer ik intenet explorer start komt er een installatie voor de dag nl. virtual woman millennium edition. Het komt steeds weer terug ook bij popups komt ie terug.

    Wat kan ik hieraan doen??
  • je kunt de FAQ eens lezen terrorgamer ….

    Dan lees je daar dat je een search kunt gebruiken, zoeken noemen ze dat …


    Dan komen er vast wel meer dan 100 recente topics tevoorschijn die hetzelfde probleem hadden en zelfs de antwoorden erbij ….

    :o …. Nah weet je wat ik ga je het makkelijk maken ….

    ik geef je een hint : SPYBOT SEARCH AND DESTROY ….

    en omdat ik in eem goed humeur ben ( gebeurt zelden ) krijg je van mij nóg een hint …. HIJACK THIS ….. SPYWARE ……

    :lol: :lol: sux6
  • dat had ik al gedaan maar dat hielp niet.
  • ad aware
  • Download HijackThis. Uitleg en link vind je hier: http://www.tomcoyote.org/hjt/
    Unzip en run het. Klik op Scan > Save log en sla het log op als een .txt bestand.
    Kopieer en plak de inhoud in je volgende post.
    Fix nog niets. Er zitten ook dingen die je echt nodig hebt.
  • heb je wel van ad aware en spybot de update gebruikt?

    die kun je vinden bij online …


    Anders moet je idd ff de uitkomsten van hijack this ff hiero plakken …

    kunnen wij vergelijken wat er wel en niet zou horen ….
  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gameadvice.com/forums/forumdisplay.php?s=&forumid;=13
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchgateway.net/search/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
    O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download; with &DAP; - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all; with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related; Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://209.58.242.206/downloads/UGO20.exe
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.36.36/tukati.cab
    O16 - DPF: {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - http://www.searchwww.com/toolbar/toolbar.cab

    sorry van die links.

    O ja ik was de vorige keer vergeten te zeggen dat het een windows installer opstart als er een nieuw internet explorer window opent.
  • Vink het volgende aan in Hijack This, sluit vervolgens alle browservensters en druk op "fix checked":

    [b:d80b8c05c2]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchgateway.net/search/%s

    O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL

    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)

    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
    O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://209.58.242.206/downloads/UGO20.exe
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.36.36/tukati.cab
    O16 - DPF: {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - http://www.searchwww.com/toolbar/toolbar.cab [/b:d80b8c05c2]

    Vervolgens start je even opnieuw op, en wis:

    C:\WINDOWS\System\WINSTA~1.EXE -b
    C:\WINDOWS\TVTMD.exe
    De map C:\WINDOWS\sbnet
    De map C:\Program Files\ClockSync
    De map C:\E2G

    Tenslotte download je Spybot - Search & Destroy

    Eerst klik je links op [b:d80b8c05c2]Online[/b:d80b8c05c2], dan "Search For Updates", en vervolgens [i:d80b8c05c2]alle[/i:d80b8c05c2] updates aanvinken en downloaden ( 'download updates').

    Nu Internet Explorer afsluiten.

    Vervolgens klik je linksonder op "check for problems", laat scannen, en laat SB tenslotte alles verwijderen/herstellen.
    Het programma maakt automatisch backups aan..

    Succes,
  • helpt niet hij word nog steeds geladen als ik internet exploror start.
  • Start Hijack This weer, maar klik nu op "Config" > "Miscellaneous Tools", en dan "Generate Startuplist Log"

    Je krijgt dan een tekstbestand dat een uitgebreid overzicht geeft van alles wat er zich op jouw computer afspeelt.

    Ga naar Bewerken > Alles selecteren, kopiëer het, en laat de hele inhoud daarvan zien.
  • InProcServer32 = C:\WINDOWS\System32\Winrep.dll
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

    [GSDACtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [SecureLogin.SecureControl]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx
    CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481

    [WebResponseAttachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{D27CDB6E-AE6D-11CF-96B8-444553542500}]
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
    CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [DiskHealth2 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    End of report, 7.117 bytes
    Report generated in 0,041 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
  • sorry was nit alles

    StartupList report, 5-7-2003, 19:02:45
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNGAM~1\zproxy.exe
    C:\PROGRA~1\MSNGAM~1\zone.exe
    C:\PROGRA~1\MSNGAM~1\zclient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
    IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    POINTER = point32.exe
    MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    SideWinderTrayV4 = C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=
    SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR
    drivers=

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Mijn computer scannen.job
    Symantec NetDetect.job

    ————————————————–

    Enumerating Download Program Files:

    [sys Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://active.macromedia.com/director/cabs/sw.cab

    [Microsoft.WinRep]
    InProcServer32 = C:\WINDOWS\System32\Winrep.dll
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

    [GSDACtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [SecureLogin.SecureControl]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx
    CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481

    [WebResponseAttachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{D27CDB6E-AE6D-11CF-96B8-444553542500}]
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
    CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [DiskHealth2 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    End of report, 7.117 bytes
    Report generated in 0,041 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

  • Tja, daar ben ik even stil van, want er is werkelijk niets te zien wat daarvoor verantwoordelijk zou kunnen zijn, en dat ben ik dus niet gewend… :roll:

    Zou je nog één ding willen proberen:

    Ga weer naar "Config" > "Miscellaneous Tools", maar vink nu bij "Startuplist" éérst de beide hokjes "List also minor sections" en "list empty sections" aan.

    Klik vervolgens op "Generate Startuplist log" en post die nieuwe log nog een keer.
  • StartupList report, 5-7-2003, 19:20:39
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNGAM~1\zproxy.exe
    C:\PROGRA~1\MSNGAM~1\zone.exe
    C:\PROGRA~1\MSNGAM~1\zclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Nick Hendrikse\Bureaublad\hijackthis\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Nick Hendrikse\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
    IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    POINTER = point32.exe
    MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    SideWinderTrayV4 = C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=
    SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR
    drivers=

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Register-editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Mijn computer scannen.job
    Symantec NetDetect.job

    ————————————————–

    Enumerating Download Program Files:

    [{00000161-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://active.macromedia.com/director/cabs/sw.cab

    [Microsoft.WinRep]
    InProcServer32 = C:\WINDOWS\System32\Winrep.dll
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

    [GSDACtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [SecureLogin.SecureControl]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx
    CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

    [Java Plug-in 1.4.1_02]
    InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin
    pjpi141_02.dll
    CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37661.3262731481

    [WebResponseAttachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Java Plug-in 1.4.1_02]
    InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin
    pjpi141_02.dll
    CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{D27CDB6E-AE6D-11CF-96B8-444553542500}]
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
    CODEBASE = http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [DiskHealth2 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
    Protocol #18: C:\WINDOWS\system32\mswsock.dll
    Protocol #19: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
    Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (autostart)
    Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
    Alcatel Speed Touch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
    Stuurprogramma voor AMD K7-processor: System32\DRIVERS\amdk7.sys (system)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    asapiW2k: \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys (autostart)
    Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
    Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
    ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
    Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    MAC-brug: System32\DRIVERS\bridge.sys (manual start)
    MAC-brugminipoort: System32\DRIVERS\bridge.sys (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Symantec Event Manager: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (autostart)
    Symantec Password Validation Service: C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (manual start)
    Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
    Indexing-service: C:\WINDOWS\System32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
    COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
    ENTECH: \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS (manual start)
    Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
    Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
    FreshIO: \??\C:\1\FreshDiagnose\FreshIO.sys (manual start)
    Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
    Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
    Microsoft SideWinder Value Add - Filterstuurprogramma: System32\DRIVERS\GcKernel.sys (manual start)
    Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
    Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Hid-naar-joystickpoort-enabler: System32\DRIVERS\hidgame.sys (manual start)
    Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder: System32\DRIVERS\HIDSwvd.sys (manual start)
    Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
    Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
    Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
    COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
    Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
    Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
    Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system)
    Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    mbmiodrvr: \??\C:\WINDOWS\System32\mbmiodrvr.sys (system)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
    WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
    Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start)
    Norton AntiVirus Auto-Protect: C:\Program Files\Norton AntiVirus
    avapsvc.exe (autostart)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030702.004\NAVENG.Sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030702.004\NavEx15.Sys (manual start)
    RAS NDIS TAPI-stuurprogramma: System32\DRIVERS
    distapi.sys (manual start)
    I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS
    disuio.sys (manual start)
    RAS NDIS WAN-stuurprogramma: System32\DRIVERS
    diswan.sys (manual start)
    NetBIOS-interface: System32\DRIVERS
    etbios.sys (system)
    NetBT: System32\DRIVERS
    etbt.sys (system)
    Network DDE: %SystemRoot%\system32
    etdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32
    etdde.exe (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS
    v4_mini.sys (manual start)
    NVIDIA Driver Helper Service: %SystemRoot%\System32
    vsvc32.exe (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS
    wlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS
    wlnkfwd.sys (manual start)
    Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
    PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
    Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
    Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    RivaTuner: \??\C:\1\RivaTuner\RivaTuner.sys (manual start)
    Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SANDRA: \??\C:\Computer easy 02-2003\SiSoftware Sandra Standard\sandra.sys (manual start)
    SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)
    SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
    ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
    Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)
    Stuurprogramma voor SiS PCI snelle ethernet-adapter: System32\DRIVERS\sisnic.sys (manual start)
    Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
    System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SRV: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{07237E79-EEF8-4CF2-9CCA-C89DE8186152} (manual start)
    Microsoft SideWinder VIA Filterstuurprogramma: System32\DRIVERS\SWUSBFLT.sys (manual start)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
    Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
    Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
    Uploadbeheer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
    Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
    Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Serienummer van draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Automatische updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    End of report, 34.049 bytes
    Report generated in 0,151 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only















  • Ik kan werkelijk even niets bedenken…

    Als je Engels redelijk is, post dan eens op http://www.spywareinfo.com/forums/ in de Browser Hijacking section.

    Niet alles hangen Pieter en ik daar vaak rond, maar er lopen daar nog veel anderen die buitengewoon bedreven zijn in het troubleshooten van dit soort problemen.

    Een verse kijk op de zaak doet vaak wonderen.

    Ik zou bij je eerste bericht gelijk even een nieuw Hijack This log plaatsen.

    Dan weet men meteen waar het precies over gaat.
  • en als je nu eens in spybot bij het immuniseer gedeelte …

    en dan rechts ongeveer half onderin je browser vastzet tegen andere opstartpagina's dan de jouwe?
    das het bovenste van de drie vinkjes dar …

    dan zou in principe je browser niet meer moeten openen met die vermadelijke dinges …

    en bij datzelfde tabje immuniseer kun je ook nog enige vorm van preventieve bescherming tegen spyware aanzetten…

    en zoek eens in regedit naar registerkeys die iets van die popup vermelden …

    wel eerst ff backuppen :wink:
  • "Immuniseren" zal niets uitmaken. Het gaat hier om iets nieuws, en daar heeft SpyBot nog geen detectie voor, noch valt er dus iets te immuniseren.

    Er zou gewoonweg iets in één van beide of beide logs te zien moeten zijn… :roll:
  • Ton,

    Hier was toch ook iets mis mee:
    [SecureLogin.SecureControl]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx
    CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab ?

    Terror gamer,

    Kun je eens op je computer zoeken naar een bestandsnaam die (lijkt op) VrWbet93.exe

    Grtz,

    Pieter
  • daarom laat ik hem ook gelijk ze hosts bestandje vastzetten … dan zou die opstartpagina weg moeten zijn …

    en aangezien hij dan toch op die pagina ( in spybot ) is … 3 kwart van de gebruikers schijnen niet te immuniseren ( of later dat deeltje bij te laten werken ) … zou zonde zijn om dat dan maar open te laten staan …
  • [quote:512c27a36a="FoXiERotjEknoR"]daarom laat ik hem ook gelijk ze hosts bestandje vastzetten … dan zou die opstartpagina weg moeten zijn …

    [/quote:512c27a36a]

    Er is geen enkel mogelijk verband tussen die zaken. Bij het opstarten van Internet Explorer wil er een installatie van virtual woman millennium edition hervatten, en dat heeft helegaar niets te maken met een Hosts file.
    En of het nou wel of niet "vastgezet" wordt maakt ook niets uit.

    Pieter, die http://secure2.comned.com is inderdaad een fouterik, en installeert vermoedelijk een dialer.
    Die moet zowiezo weg; ik had hem over het hoofd gezien… :roll:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.