Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My account is hijacked (dutch) Please help [RESOLVED]


  • This topic is locked This topic is locked

#16
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hoi Mieke,

- Na de laatste fix heb ik weer een 'Albert' account aangemaakt.
- Ge-reboot
- Opgestart met Albert account en het zag er prima uit. Iconen verschenen in systeemtray en na een aantal programma gestart/afgesloten te hebben kwamen de shortcuts in mijn linker-start-menu.
- Met RegCleaner gekeken welke programma's er draaide en het zag er weer normaal uit.
- Echter een nieuwe achtergrond (plaatje) werd niet geaccepteerd. Ook stond het profiel (schermlayout ed) op een vreemd profiel. Het W-XP (standaard) profiel werd niet geaccepteerd. Zowel met 'toepassen' als 'OK'.
- Nogmaals ge-reboot.
- Opstarten met 'Albert' duurde vrij lang.
- Alles was weer zoals ik in het begin van deze sessie beschreven heb.
- Geen iconen in systeemtray (behalve tijd en volume) en geen shortcuts in linker start-menu.
- Met RegCleaner gekeken en er draaide weer vreemde processen zoals: Boot, N, etc, ook weer zoals ver hierboven al een keer gemeld.
- Hijackthis gestart en in logfile stonden vlgs. mij weer verwijzingen die ik eerder gefixed had.....



AAAAAHHHHHHHRRRRR.... weer terug bij af !!!!!!!!

Wat nu?

P.S. Andere accounts niet met Hijackthis gechecked, maar ik neem aan dat deze toch schoon blijven.....
  • 0

Advertisements


#17
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hoi Albert,

Sommige dingen zijn me niet helemaal duidelijk hoor..

Ook stond het profiel (schermlayout ed) op een vreemd profiel. Het W-XP (standaard) profiel werd niet geaccepteerd. Zowel met 'toepassen' als 'OK'.


Kan je hier wat meer uitleg bij geven?

Wat bedoel je met een vreemd profiel? Schermlayout? Bedoel je hiermee je bureaublad? Wat is de naam van dit 'vreemd profiel'?
Bedoel je hier bij het rechtsklikken op je bureaublad > eigenschappen > vormgeving > Vensters en knoppen en daar Windows XP Style?

Die Programma's die je op account albert gebruikt... zijn dit snelkoppelingen die je zelf hebt gemaakt? Kan je even zo'n voorbeelden geven? Zoals ik al eerder aangegeven heb, de meeste programma's zal je onder jouw account opnieuw moeten installeren, zodat er een bijhorende map ook in je Documents and settings\albert dan wordt geplaatst... anders zullen die shortcuts idd telkens verdwijnen hoor als je ze vanaf een andere profiel linkt.

Verder snap ik ook niet wat betreft Regcleaner en vreemde processen die draaien. In mijn Regcleaner zie ik helemaal geen optie waar ik de runnende processen kan zien? Blijkbaar gebruik ik een andere RegCleaner dan jij.
Ik gebruik deze:
http://www.worldstar...-cleaner4.3.htm
Is de enige die ik persoonlijk kan vertrouwen, want andere regcleaners hebben mijn systeem corrupt gemaakt.

Kan je me even de exacte namen geven van die vreemde processen die je ziet? Eveneens het posten van een hijackthislog vanaf jouw account (albert); want daarin zie ik ook de processen. Wat voor jou misschien wel vreemd is kan evengoed een legit proces zijn.

Edited by miekiemoes, 18 August 2005 - 09:37 AM.

  • 0

#18
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hoi Mieke,
Je veronderstelling was juist. Ik bedoelde bureaublad->eigenschappen->Thema's

Het Thema wat nu ingesteld is: Aangepast Thema. Dit mag ik niet veranderen in bijv W-XP.

De achtergrond wilde ik instellen bij het tabblad Bureaublad. Hier had ik zelf een plaatje gekozen. Dit werd niet geaccepteerd.

Het lijkt wel of iets in de registry dit blokkeerd ;-(

Als je een programma start bijv. Hijackthis dan wordt er een shortcut in de linkerkant van het StartMenu gemaakt. Hiermee kun je het programma de volgende keer snel starten. DAT menu is bij mijn account helemaal wit/blanco. Er staat ook een lijn: boven de lijn staan shortcuts die permanent in je startmenu blijven, onder de streep staan shortcuts gebaseerd op gebruiker. Het laatst gebruikte programma komt onderaan te staan.

Het regcleaner programma wat ik gebruik HEET RegCleaner. Een optie hierin is om te zien welke programma's er draaien (op achtergrond). Ik heb geprobeerd om een screendump te maken maar die kan ik hier niet plakken... ;-(
Het programma is zo'n 800K.

De namen van de vreemde programma's heb ik al eerder gemeld:
Boot, N, Hiberfil, Ntdetect.

Hier een Hijackthis log van mijn nieuwe Albert account:

Logfile of HijackThis v1.99.1
Scan saved at 19:01:30, on 19-8-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\msiexec.exe
C:\Extra\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: PopFilter.lnk = C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postb...l/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102...sCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.fujiprint...geUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 en R3 had ik vorige keer gefixed, maar staan er nu weer in. Wordt zoiets niet aangestuurd door 'allusers'.
  • 0

#19
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hoi,

Rechtsklik eens op je bureaublad > eigenschappen > vormgeving > Vensters en knoppen. Laat me weten wat je daar te zien krijgt.

De achtergrond wilde ik instellen bij het tabblad Bureaublad. Hier had ik zelf een plaatje gekozen. Dit werd niet geaccepteerd.


Krijg je een foutmelding? Zo ja, welke?
Dat plaatje, is dat een plaatje die je zelf gekozen hebt? Staat die in je map 'mijn afbeeldingen' op deze account? Dus Albert nieuw ? Indien niet, verplaats die eens naar daar. Rechtsklik op dat plaatje en kies: 'Als bureaubladachtergrond instellen'.

De namen van de vreemde programma's heb ik al eerder gemeld:
Boot, N, Hiberfil, Ntdetect.


Netjes afblijven, niks verkeerds mee. :)

Als je een programma start bijv. Hijackthis dan wordt er een shortcut in de linkerkant van het StartMenu gemaakt. Hiermee kun je het programma de volgende keer snel starten. DAT menu is bij mijn account helemaal wit/blanco.


Hmmm, blijkbaar wordt er niet naar volgende sleutel geschreven:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Want daar wordt dit onthouden. Tenzij je RegCleaner de onderdelen van deze sleutel verwijderen, heb dit nog cleaners zien doen. Dat kan het wit gedeelte verklaren in je start.
Heb zelfs al gezien dat een regcleaner deze sleutel volledig verwijdert waardoor het corrupt maakt. :tazz:

Wat betreft je log... voer eerst deze fix uit:
Fix_Protocol_zones_ranges

Dubbelklik erop en bij de vraag of je het wilt toevoegen aan het register, klik op ja.

Wat betreft die lijnen in hijackthis, wel, het is heel belangrijk dat je je Internet explorer SLUIT vooraleer je op fix checked klikt, anders gaan die lijnen echt niet weg hoor. :)
  • 0

#20
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Mieke,

Bij vensters en knoppen staat: Windows XP stijl. Dit lijkt me OK. Bij Thema staat iets vreemds: Aangepast thema. Dit kan ik niet wijzigen.....

Als ik het plaatje als achtergrond wil kiezen krijg ik geen foutmelding. Ik kan op 'OK' of 'toepassen' klikken maar er gebeurd niets. De achtergrond blijft blauw.

Kan ik de mogelijk corrupte UserAssist sleutel van een ander account kopieren??

De regfix werkte niet. Ik kreeg een foutmelding dat het niet te importeren was ?????



Telkens als ik mijn account delete ->reboot, nieuw account maken -> reboot, dan krijg ik WEL alle iconen in systeemtray en gebruikte programma-links in het linker startmenu (zie enkele reply's hierboven). Als ik dan de 2e keer wil inloggen is alles weg.
  • 0

#21
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Zo te zien is je register idd corrupt. Je kan zelfs geen sleutels importeren...Blijkbaar wordt er niet geschreven naar je register bij aanpassing.
Nee, zeker niet beginnen prutsen met het kopieren van sleutels!!

Welke exacte melding krijg je juist bij het importeren van die sleutel?

Telkens als ik mijn account delete ->reboot, nieuw account maken -> reboot, dan krijg ik WEL alle iconen in systeemtray en gebruikte programma-links in het linker startmenu (zie enkele reply's hierboven). Als ik dan de 2e keer wil inloggen is alles weg.


Gebruik je die regcleaner tussendoor? Niet doen...

Kan je eens een startuplog van hijackthis plaatsen? Open hijackthis > config > misc tools > generate startuplistlog. Vink de 2 hokjes ernaast ook aan en klik op Generate startuplistlog.
  • 0

#22
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hoi Mieke,

De exacte foutmelding als ik dubbelklik op het .reg file is:
Kan fix...reg niet importeren: Er is een fout opgetreden bij een poging om toegang tot het register te krijgen.

Ik gebruik geen regcleaner tussendoor !!!


Hier volgt een startuplog van hijackthis:

StartupList report, 19-8-2005, 23:49:45
StartupList version: 1.52.2
Started from : C:\Extra\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Extra\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
*Folder not found*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
PopFilter.lnk = C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
WinPatrol = C:\Program Files\WinPatrol\winpatrol.exe
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{76E58462-3EEE-11D6-BF88-609353C10000}TBC489]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Register-editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Mijn computer scannen - Albert.job
One button wekelijks.job
Symantec Drmc.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[CryptoRSA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
CODEBASE = https://www.p3.postb...l/sesam/CAX.cab

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...ry/msgrchkr.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...ector/swdir.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...MineSweeper.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...nst_current.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab

[FileSharingCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll
CODEBASE = http://appdirectory....sharingctrl.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MSSecurityAdvisorCD Class]
InProcServer32 = C:\windows\System32\mssecucd.dll
CODEBASE = file://F:\Content\include\msSecUcd.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...StatsClient.cab

[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
CODEBASE = http://www.installen...gine/isetup.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://195.18.69.102...sCamControl.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupd...7920.5361921296

[Aurigma Image Uploader 3.0 Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx
CODEBASE = http://www.fujiprint...geUploader3.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/...ro.cab34246.cab

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Virtools WebPlayer Class]
InProcServer32 = C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx
CODEBASE = http://a532.g.akamai...0/Installer.exe

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[PBGNX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PBGNX.ocx
CODEBASE = https://gto.postbank.nl/GTO/PBGNX.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[IMDownloader Class]
CODEBASE = http://www2.incredim...er/imloader.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...ireShowdown.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: xfire_lsp_10650.dll (file MISSING)
Protocol #2: xfire_lsp_10650.dll (file MISSING)
Protocol #3: xfire_lsp_10650.dll (file MISSING)
Protocol #4: xfire_lsp_10650.dll (file MISSING)
Protocol #5: xfire_lsp_10650.dll (file MISSING)
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\rsvpsp.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: xfire_lsp_10650.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883-eenheidsapparaat: System32\DRIVERS\61883.sys (manual start)
Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (manual start)
Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start)
ASAPIW2K: system32\drivers\ASAPIW2k.sys (manual start)
ASPI32: System32\drivers\aspi32.sys (autostart)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
AVC-apparaat: System32\DRIVERS\avc.sys (manual start)
Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TRUST 120 SPACEC@M: System32\DRIVERS\cccp106.sys (manual start)
Closed Caption-decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart)
Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
Indexing-service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: System32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
Diskeeper: C:\Program Files\Diskeeper\DkService.exe (autostart)
Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Stuurprogramma voor Schijfbeheer: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (disabled)
Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
gAGP440p: \??\C:\DOCUME~1\Jeroen\LOCALS~1\Temp\gAGP440p.sys (manual start)
Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: system32\drivers\GEARAspiWDM.sys (manual start)
GEARSecurity: system32\gearsec.exe (manual start)
Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\Imapi.exe (manual start)
IPv6-stuurprogramma voor firewall: System32\DRIVERS\Ip6Fw.sys (manual start)
IPv6 Internet Connection Firewall: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Pinnacle Marvin Bus: System32\DRIVERS\MarvinBus.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect-service: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NavEx15.Sys (manual start)
Microsoft TV/Video-verbinding: System32\DRIVERS\NdisIP.sys (manual start)
RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-stuurprogramma: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
Norton AntiVirus Firewall Monitor Service: C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (autostart)
Norton Unerase Protection: C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
Pcatip: System32\DRIVERS\PcAtip.sys (manual start)
PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
PCLEPCI: \??\C:\WINDOWS\System32\drivers\pclepci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
PCTEL Speaker Phone: %SystemRoot%\system32\pctspk.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-services: %SystemRoot%\System32\lsass.exe (manual start)
WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
PCTEL Serial Device Driver for PCI: System32\DRIVERS\ptserlp.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Stuurprogramma voor Terminal-serverapparaatredirector: System32\DRIVERS\rdpdr.sys (manual start)
Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDdriver: \??\C:\WINDOWS\System32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (autostart)
Sony USB-filterstuurrapparaat (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (autostart)
Speed Disk service: C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SRV: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{8B62DBF5-3773-4466-BEEB-C1FAD05756C6} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SYMDNS: \??\C:\WINDOWS\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \??\C:\WINDOWS\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \??\C:\WINDOWS\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050809.020\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (manual start)
Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
Uploadbeheer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VCDSecS: C:\Program Files\Virtual CD v4\System\vcdsecs.exe (autostart)
Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
VIA AC'97 Enhanced Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
XP Vmodem: System32\DRIVERS\vmodem.sys (system)
XP Vpctcom: System32\DRIVERS\vpctcom.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
XP Vvoice: System32\DRIVERS\vvoice.sys (system)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
WevCamDV WDM Virtual Audio Device: system32\drivers\wcdvaud.sys (manual start)
Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start)
Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning: \SystemRoot\System32\drivers\ws2ifsl.sys (manual start)
World Standard Teletext-codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische updates: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41.118 bytes
Report generated in 0,313 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Het zegt mij niet zoveel, maar ik lees wel verschillende keren dat er geen registerkey is ....... :tazz: Is zoiets nog te fixen?
  • 0

#23
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hoi,

Waar er staat *registry key not found* wil gewoon zeggen dat die sleutel niet aanwezig is. Bij mij is er daar ook niks aanwezig, dus netjes afblijven. :tazz:

Kan je eens het volgende doen?

ga naar volgende site: http://virusscan.jotti.org/
Bovenaan zie je: File to upload and scan. Blader van daaruit naar:

C:\WINDOWS\System32\SVKP.sys

en kies voor submit en laat het scannen. Plaats het resultaat ervan ook in je volgend bericht.

Voor de rest zie ik niets verdachts hoor. Iets blokkeert de toegang tot je register blijkbaar. Even kijken of je dit bij andere registerimports ook krijgt..

Open kladblok en kopieer en plak volgende vetgedrukte erin:
(vergeet REGEDIT4 niet te kopieren en plakken!)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\DUMMY]

[-HKEY_LOCAL_MACHINE\SOFTWARE\DUMMY]


Sla dit op als fix.reg kies voor opslaan als *alle bestanden en plaats het op je bureaublad.
Zo moet die regfix er nadien uitzien: Posted Image
Dubbelklik erop.
Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.
Laat me weten of je hier ook een foutmelding krijgt.

Ook wil ik dat je het volgende even uitvoert:

Download winpfind

Dubbelklik winpfind.exe
Klik start Scan.
Laat het scannen ( kan soms een tijdje duren )

Plaats de inhoud van winpfind.txt die aanwezig is in je winpfind-map in je volgende post.
  • 0

#24
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hoi Mieke,
Ik heb het SVKP file laten scannen (onder het Angelique account).
Hier het resultaat.



File: SVKP.sys
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 f05028b163b92c302a74409d683ac9b0
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Rootkit.M
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/Afxroot.E-tr
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Virtool.SVKProtector


Iets is er in iedergeval gevonden... :tazz:

Het fix.reg file aangemaakt en dit werd wel door het register opgenomen (account Albert). Geen foutmelding.


Met Angelique account winpfind.exe gedraaid.
Hieronder het .txt file

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 25-10-2003 20:23:10 430080 C:\Program Files\FSRaid.exe
UPX! 20-7-2005 21:07:00 4855410 C:\Program Files\NvCpl.dl_
PTech 12-5-2005 0:34:00 138666 C:\Program Files\NVCPSK.HL_

Checking %WinDir% folder...
UPX! 22-8-2004 18:04:56 69120 C:\WINDOWS\daemon.dll

Checking %System% folder...
UPX! 1-9-2004 16:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
aspack 18-3-2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 7-9-2001 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 5-9-2003 15:49:00 290304 C:\WINDOWS\SYSTEM32\patin.cpl
Umonitor 9-9-2002 23:08:02 650752 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 23-7-2001 7:29:32 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
winsync 7-9-2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 19-8-2005 20:56:10 2048 C:\WINDOWS\bootstat.dat
H 12-8-2005 16:29:28 54156 C:\WINDOWS\QTFont.qfn
H 12-8-2005 20:56:58 0 C:\WINDOWS\LastGood\INF\oem7.inf
H 12-8-2005 20:56:58 0 C:\WINDOWS\LastGood\INF\oem7.PNF
H 12-8-2005 17:30:50 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.inf
H 12-8-2005 17:30:50 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.PNF
H 12-8-2005 17:30:52 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.inf
H 12-8-2005 17:30:52 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.PNF
H 12-8-2005 16:52:30 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
H 12-8-2005 16:52:30 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
H 12-8-2005 17:29:04 0 C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
H 12-8-2005 17:29:04 0 C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
H 19-8-2005 20:57:36 31762 C:\WINDOWS\system32\vsconfig.xml
H 13-8-2005 22:50:04 4212 C:\WINDOWS\system32\zllictbl.dat
S 29-7-2005 13:31:06 20391 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT
H 19-8-2005 22:41:44 1024 C:\WINDOWS\system32\config\default.LOG
H 20-8-2005 0:45:28 1024 C:\WINDOWS\system32\config\SAM.LOG
H 19-8-2005 20:57:04 1024 C:\WINDOWS\system32\config\SECURITY.LOG
H 20-8-2005 0:45:42 1024 C:\WINDOWS\system32\config\software.LOG
H 20-8-2005 0:45:42 1024 C:\WINDOWS\system32\config\system.LOG
H 19-8-2005 21:16:18 1024 C:\WINDOWS\system32\config\userdiff.LOG
H 18-8-2005 19:49:32 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
H 18-8-2005 17:12:50 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8TYF4HQ7\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPE3S567\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CX6RCP23\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K9IRSHI3\desktop.ini
SH 13-8-2005 23:05:40 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0108374d-e708-4380-955a-960a16bc872c
SH 13-8-2005 23:05:40 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
H 19-8-2005 20:56:16 6 C:\WINDOWS\Tasks\SA.DAT
SH 9-8-2005 23:20:44 113 C:\WINDOWS\Temp\Geschiedenis\History.IE5\desktop.ini
SH 9-8-2005 22:10:08 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Q3VVOI6\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IXAX0FEN\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IZ0ZMJ0V\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PPF5XGMU\desktop.ini

Checking for CPL files...
Microsoft Corporation 7-9-2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29-5-2003 12:52:36 584192 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 131584 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 7-9-2001 14:00:00 151552 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 23-12-2003 16:40:52 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 9-9-2002 23:08:54 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 9-9-2002 23:08:54 124928 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 9-9-2002 23:08:54 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 28-9-2004 21:26:02 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7-9-2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 22-2-2003 4:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 7-9-2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7-9-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 7-9-2001 14:00:00 259584 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 20-7-2005 21:07:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 7-9-2001 14:00:00 37888 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 7-9-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
VSO Software 5-9-2003 15:49:00 290304 C:\WINDOWS\SYSTEM32\patin.cpl
Microsoft Corporation 7-9-2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8-1-2002 12:40:50 288768 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 9-9-2002 23:08:54 272384 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7-9-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 7-9-2001 14:00:00 90624 C:\WINDOWS\SYSTEM32\timedate.cpl
5-11-2003 1:00:00 6151 C:\WINDOWS\SYSTEM32\txp3.cpl
Microsoft Corporation 7-9-2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 29-5-2003 12:52:36 584192 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 131584 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 7-9-2001 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 293888 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 9-9-2002 23:08:54 124928 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 6-9-2001 21:27:30 48640 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 9-9-2002 23:08:54 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 7-9-2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 7-9-2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 7-9-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 7-9-2001 14:00:00 259584 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 7-9-2001 14:00:00 37888 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 7-9-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 7-9-2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 9-9-2002 23:08:54 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 9-9-2002 23:08:54 272384 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 7-9-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 7-9-2001 14:00:00 90624 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
28-10-2003 18:58:34 836 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PopFilter.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
AtHome033 = IEAK@Home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{B63FCD5A-2396-11D1-B762-00A0C90646A4} = C:\Program Files\CorelDraw8\programs\CMFFnd80.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Quick Par
{D120D80B-BD26-4A74-8E43-2C2AF0966139} = C:\Program Files\QuickParShlExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FineReader
{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FolderToCorelMediaFolder
{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} = C:\Program Files\CorelDraw8\programs\CMFFld80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Mediabalk = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{E510519F-D1A6-496F-957A-CA9355EE7BC5} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
WinPatrol C:\Program Files\WinPatrol\winpatrol.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn =
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs NVDESK32.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 20-8-2005 0:53:28
  • 0

#25
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hoi Albert, het is eigenlijk de bedoeling dat je die winpfind op de account uitvoert waar je problemen hebt, want deze logs verschillen telkens hoor.
Op de account van Angelique zijn er geen problemen.

Log dus terug in op je albert account en we zullen die protocols die ik je eerder heb doen downloaden manueel maken.

Dus open je kladblok en kopieer en plak het volgende erin:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001


Sla dit op als protocolfix.reg en dubbelklik erop om het te laten toevoegen aan het register.

Kan je nu even een log plaatsen van winpfind van je albertaccount?

Wat ik me al een hele tijd heb zitten afvragen, al eens je norton uitgeschakeld en je firewall ( norton en zonealarm --- slechte combinatie trouwens ) en gekeken of je dan bepaalde zaken kan wijzigen? Dus achtergrond.. of je die foutmelding nog krijgt.

Wat ik ook heel vreemd vind is het feit dat wat betreft het aanmaken van een nieuw account, dat je dus alles weer moet instellen. Ook in je Internet Explorer, want het is een nieuwe account.
Blijkbaar is dit helemaal niet bij jou? Want in je hijackthislog zie ik nog precies dezelfde 'fouten' die eerder aanwezig waren wat betreft je IE.

Of heb je bestanden zitten verplaatsen van ene account naar de andere? Zeker niet doen, want in het register is dit zo niet ingesteld.
  • 0

Advertisements


#26
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Mieke,

Ik heb op het Albert account geprobeerd om het manueel gemaakte protocolfix.reg te draaien, maar dan krijg ik dezelfde foutmelding als eerst. Nogmaals de fix.reg geprobeerd en deze mag wel......




Hier volgt een winpfind log van het Albert account

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 25-10-2003 20:23:10 430080 C:\Program Files\FSRaid.exe
UPX! 20-7-2005 21:07:00 4855410 C:\Program Files\NvCpl.dl_
PTech 12-5-2005 0:34:00 138666 C:\Program Files\NVCPSK.HL_

Checking %WinDir% folder...
UPX! 22-8-2004 18:04:56 69120 C:\WINDOWS\daemon.dll

Checking %System% folder...
UPX! 1-9-2004 16:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
aspack 18-3-2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 7-9-2001 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 5-9-2003 15:49:00 290304 C:\WINDOWS\SYSTEM32\patin.cpl
Umonitor 9-9-2002 23:08:02 650752 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 23-7-2001 7:29:32 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
winsync 7-9-2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 21-8-2005 21:53:40 2048 C:\WINDOWS\bootstat.dat
H 12-8-2005 16:29:28 54156 C:\WINDOWS\QTFont.qfn
H 12-8-2005 20:56:58 0 C:\WINDOWS\LastGood\INF\oem7.inf
H 12-8-2005 20:56:58 0 C:\WINDOWS\LastGood\INF\oem7.PNF
H 12-8-2005 17:30:50 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.inf
H 12-8-2005 17:30:50 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.PNF
H 12-8-2005 17:30:52 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.inf
H 12-8-2005 17:30:52 0 C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.PNF
H 12-8-2005 16:52:30 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
H 12-8-2005 16:52:30 0 C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
H 12-8-2005 17:29:04 0 C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
H 12-8-2005 17:29:04 0 C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
H 21-8-2005 21:55:00 31762 C:\WINDOWS\system32\vsconfig.xml
H 13-8-2005 22:50:04 4212 C:\WINDOWS\system32\zllictbl.dat
S 29-7-2005 13:31:06 20391 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT
H 21-8-2005 21:55:26 1024 C:\WINDOWS\system32\config\default.LOG
H 21-8-2005 22:26:52 1024 C:\WINDOWS\system32\config\SAM.LOG
H 21-8-2005 21:54:48 1024 C:\WINDOWS\system32\config\SECURITY.LOG
H 21-8-2005 22:35:24 1024 C:\WINDOWS\system32\config\software.LOG
H 21-8-2005 22:27:28 1024 C:\WINDOWS\system32\config\system.LOG
H 19-8-2005 21:16:18 1024 C:\WINDOWS\system32\config\userdiff.LOG
H 18-8-2005 19:49:32 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
H 18-8-2005 17:12:50 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8TYF4HQ7\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPE3S567\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CX6RCP23\desktop.ini
SH 6-8-2005 17:04:34 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K9IRSHI3\desktop.ini
SH 13-8-2005 23:05:40 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0108374d-e708-4380-955a-960a16bc872c
SH 13-8-2005 23:05:40 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
H 21-8-2005 21:53:46 6 C:\WINDOWS\Tasks\SA.DAT
SH 9-8-2005 23:20:44 113 C:\WINDOWS\Temp\Geschiedenis\History.IE5\desktop.ini
SH 9-8-2005 22:10:08 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Q3VVOI6\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IXAX0FEN\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IZ0ZMJ0V\desktop.ini
SH 15-8-2005 21:21:32 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PPF5XGMU\desktop.ini

Checking for CPL files...
Microsoft Corporation 7-9-2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29-5-2003 12:52:36 584192 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 131584 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 7-9-2001 14:00:00 151552 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 23-12-2003 16:40:52 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 9-9-2002 23:08:54 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 9-9-2002 23:08:54 124928 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 9-9-2002 23:08:54 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 28-9-2004 21:26:02 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7-9-2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 22-2-2003 4:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 7-9-2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7-9-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 7-9-2001 14:00:00 259584 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 20-7-2005 21:07:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 7-9-2001 14:00:00 37888 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 7-9-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
VSO Software 5-9-2003 15:49:00 290304 C:\WINDOWS\SYSTEM32\patin.cpl
Microsoft Corporation 7-9-2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8-1-2002 12:40:50 288768 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 9-9-2002 23:08:54 272384 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7-9-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 7-9-2001 14:00:00 90624 C:\WINDOWS\SYSTEM32\timedate.cpl
5-11-2003 1:00:00 6151 C:\WINDOWS\SYSTEM32\txp3.cpl
Microsoft Corporation 7-9-2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 29-5-2003 12:52:36 584192 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 131584 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 7-9-2001 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 293888 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 9-9-2002 23:08:54 124928 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 6-9-2001 21:27:30 48640 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 9-9-2002 23:08:54 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 7-9-2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 7-9-2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 7-9-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 7-9-2001 14:00:00 259584 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 7-9-2001 14:00:00 37888 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 7-9-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 7-9-2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 9-9-2002 23:08:54 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 9-9-2002 23:08:54 272384 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 7-9-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 7-9-2001 14:00:00 90624 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
28-10-2003 18:58:34 836 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PopFilter.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
AtHome033 = IEAK@Home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{B63FCD5A-2396-11D1-B762-00A0C90646A4} = C:\Program Files\CorelDraw8\programs\CMFFnd80.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Quick Par
{D120D80B-BD26-4A74-8E43-2C2AF0966139} = C:\Program Files\QuickParShlExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FineReader
{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FolderToCorelMediaFolder
{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} = C:\Program Files\CorelDraw8\programs\CMFFld80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
WinPatrol C:\Program Files\WinPatrol\winpatrol.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn =
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs NVDESK32.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21-8-2005 22:37:28




Ik heb zonealarm pas na het probleem geinstalleerd.
Op het Albert account draait vlgs mij geen Norton software (systemtray is leeg).

Ik heb een SP2 CD liggen. Is het beter dat ik SP2 installeer?? IK had begrepen dat dit niet goed met Norton software overweg kan.... Vandaar dat ik ZoneAlarm geinstalleerd heb.


Ik heb geen bestanden van het ene naar een ander account verplaatst.


P.S. Mail naar je Pandora adres kreeg ik terug.... :tazz: bestaat dit niet meer?

Edited by Albert van Sambeek, 21 August 2005 - 02:53 PM.

  • 0

#27
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hmmm; vreemd dat je zegt dat je niks van Norton of symantec te zien krijgt in je systemtray terwijl het wel effectief aanwezig was in je vorige log in de actieve processen..

Kan je nog eens een hijackthislogje posten van je Albertaccount?

Trouwens, Zonealarm is een firewall en geen antivirus hoor, tenzij je de zonealarm hebt met de ingebouwde antivirus. Persoonlijk vind ik die ingebouwde antivirus in zonealarm niet veel waard, maar zoals ik zeg... is persoonlijk.

Edit... normaal moet mijn pandora account nog geldig zijn. Vervang misschien pandora.be door telenet.be :tazz:

Edited by miekiemoes, 21 August 2005 - 03:31 PM.

  • 0

#28
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hoi Mieke,

Bij alle andere account is de systemtray vol. Dit gebeurde ook toen ik mijn account had verwijderd en opnieuw aanmaakte. Als je dan de 2e keer inlogd (na reboot) is alles leeg etc....


Ik zal je een mail sturen met een screendump van RegCleaner. Hierin zie ik dat programma's actief zijn (zul je ook wel in mijn log zien), maar ze zijn niet zichtbaar in de tray.

Hier mijn Logfile (Albert) van vandaag...



Logfile of HijackThis v1.99.1
Scan saved at 18:38:18, on 22-8-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Extra\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: PopFilter.lnk = C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postb...l/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102...sCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.fujiprint...geUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#29
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Albert, je register is hier echt corrupt hoor op jouw account... blijkbaar kan je niks toevoegen/verwijderen aan het register, want je log is nog steeds identiek hetzelfde.

Bij alle andere account is de systemtray vol. Dit gebeurde ook toen ik mijn account had verwijderd en opnieuw aanmaakte. Als je dan de 2e keer inlogd (na reboot) is alles leeg etc....


Ik zal je een mail sturen met een screendump van RegCleaner. Hierin zie ik dat programma's actief zijn (zul je ook wel in mijn log zien), maar ze zijn niet zichtbaar in de tray.


Eventjes voor alle duidelijkheid.... niet alles wat actief is in je processen is te zien in je tray hoor. Normaler wijze zou je enkel Zonealarm, Norton en trojanhunter te zien moeten krijgen in je taakbalk. Dus daar hoef je je niet ongerust in maken.

Ik veronderstel dat je dus administrator op deze account bent?

Ga naar start > uitvoeren en typ: regedit.exe

JE BENT DUS NOG STEEDS OP ACCOUNT ALBERT

Je registereditor zal openen.
In de linkerkant van het scherm zal je 5 hoofdmappen zien staan:

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG

Rechtsklik op iedere map en kies voor 'machtigingen'
Bij namen van groepen/gebruikers moet je Administrators selecteren.
(Uitzondering.. bij HKEY_CLASSES_ROOT zal er 'iedereen' staan)
Zorg ervoor dat bij Toestaan 'Volledig beheer' en 'Lezen' staan aangevinkt.
Er mag niks aangevinkt zijn in de 'Weigeren' kolom.

Edited by miekiemoes, 22 August 2005 - 11:57 AM.

  • 0

#30
Albert van Sambeek

Albert van Sambeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hey Mieke,
Vlgs mij heb je het gevonden. Bij 'Current_User' stonden geen vinkjes bij de machigingen.....

Ik heb al een achtergrond gekozen en het werd geaccepteerd.

Alleen... wat als ik nu een nieuw account aanmaak??? Welke instellingen worden dan gezet???

Ook zal ik een paar keer rebooten om te kijken wat er gebeurd.....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP