godfriedverheyen
asked on
Random popups (ZEDO) and explorer.exe crashes at startup
Hello,
I have a customer who always has a crash of explorer.exe when starting up the computer (modName unknown) and he also gets random popups when trying to surf the internet.
This is the HJT log.
StartupList report, 26/01/2008, 13:37:06
StartupList version: 1.52.2
Started from : C:\Documents and Settings\TEMP\Bureaublad\H ijackThisv 1991.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
========================== ========== ========== ====
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
C:\Program Files\Network Associates\VirusScan\Mcshi eld.exe
C:\Program Files\Network Associates\VirusScan\VsTsk Mgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService. exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll 32.exe
C:\WINDOWS\system32\PRISMS TA.EXE
C:\PROGRA~1\COMMON~1\X10\C ommon\x10n ets.exe
C:\Program Files\Support.com\bin\tgcm d.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon. exe
C:\Program Files\Belgacom\bin\sprtcmd .exe
C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe
C:\Program Files\iTunes\iTunesHelper. exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TEMP\Bureaublad\p rocexp.exe
C:\Documents and Settings\TEMP\Bureaublad\H ijackThisv 1991.exe
C:\WINDOWS\system32\mmc.ex e
C:\WINDOWS\system32\mmc.ex e
-------------------------- ---------- ---------- ----
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\TEMP\Menu Start\Programma's\Opstarte n]
Snelkoppeling naar BelgacomADSL.lnk = ?
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarte n]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
-------------------------- ---------- ---------- ----
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\W indows NT\CurrentVersion\Winlogon ]
UserInit = C:\WINDOWS\system32\userin it.exe,
[HKLM\Software\Microsoft\W indows\Cur rentVersio n\Winlogon ]
*Registry key not found*
[HKCU\Software\Microsoft\W indows NT\CurrentVersion\Winlogon ]
*Registry value not found*
[HKCU\Software\Microsoft\W indows\Cur rentVersio n\Winlogon ]
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
CHotkey = mHotkey.exe
ledpointer = CNYHKey.exe
PCMService = "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService. exe"
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvC heck.exe
GSICONEXE = GSICON.EXE
DSLAGENTEXE = dslagent.exe USB
tgcmd = "C:\Program Files\Support.com\bin\tgcm d.exe" /server /startmonitor
AME_CSA = rundll32 csa.cpl,RUN_DLL
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon. exe"
Belgacom = "C:\Program Files\Belgacom\bin\sprtcmd .exe" /P Belgacom
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper. exe"
MSConfig = C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe /auto
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
*No values found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunOnceEx
*No values found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunServic es
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunServic esOnce
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon .exe
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
*No values found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunOnceEx
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunServic es
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunServic esOnce
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Run
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows NT\CurrentVersion\Run
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
[OptionalComponents]
*No values found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
*No subkeys found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunOnceEx
*No subkeys found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunServic es
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunServic esOnce
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Run
*No subkeys found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
*No subkeys found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunOnceEx
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunServic es
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunServic esOnce
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Run
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi ndows NT\CurrentVersion\Run
*Registry key not found*
-------------------------- ---------- ---------- ----
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\ shell\open \command
(Default) = "%1" %*
-------------------------- ---------- ---------- ----
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\ shell\open \command
(Default) = "%1" %*
-------------------------- ---------- ---------- ----
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\ shell\open \command
(Default) = "%1" %*
-------------------------- ---------- ---------- ----
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\ shell\open \command
(Default) = "%1" %*
-------------------------- ---------- ---------- ----
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\ shell\open \command
(Default) = "%1" /S
-------------------------- ---------- ---------- ----
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\ shell\open \command
(Default) = C:\WINDOWS\system32\mshta. exe "%1" %*
-------------------------- ---------- ---------- ----
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\ shell\open \command
(Default) = %SystemRoot%\system32\NOTE PAD.EXE %1
-------------------------- ---------- ---------- ----
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Ac tive Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827 -78cefb8f4 988}] *
StubPath = C:\WINDOWS\system32\ieudin it.exe
[>{22d6f312-b0f6-11d0-94ab -0080c74c7 e95}]
StubPath = C:\WINDOWS\inf\unregmp2.ex e /ShowWMP
[>{26923b43-4d38-484f-9b9e -de4607462 76c}] *
StubPath = C:\WINDOWS\system32\ie4uin it.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953 -00A0C9034 7FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061 -f3f88e8be 88a}] *
StubPath = %systemroot%\system32\shmg rate.exe OCInstallUserConfigOE
[{028E2D30-93C4-EAEB-0801- 0400050207 04}] *
StubPath = C:\WINDOWS\system32\drwats on.exe
[{2C7339CF-2B09-4501-B3F3- F3508C9228 ED}] *
StubPath = %SystemRoot%\system32\regs vr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\them eui.dll
[{44BBA840-CC51-11CF-AAFA- 00AA00B601 5C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA- 00AA00B601 5B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti on C:\WINDOWS\INF\msnetmtg.in f,NetMtg.I nstall.Per User.NT
[{5945c046-1e7d-11d1-bc44- 00c04fd912 be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti on C:\WINDOWS\INF\msmsgs.inf, BLC.QuietI nstall.Per User
[{6BF52A52-394A-11d3-B153- 00C04F79FA A6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti on C:\WINDOWS\INF\wmp.inf,Per UserStub
[{7790769C-0471-11d2-AF11- 00C04FA35D 02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85- 00AA005B43 40}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85- 00AA005B43 83}] *
StubPath = C:\WINDOWS\system32\ie4uin it.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1- 5476DBF708 20}] *
StubPath = C:\WINDOWS\System32\Rundll 32.exe C:\WINDOWS\System32\mscori es.dll,Ins tall
[{8b15971b-5355-4c82-8c07- 7e181ea076 08}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti on C:\WINDOWS\INF\fxsocm.inf, Fax.Instal l.PerUser
-------------------------- ---------- ---------- ----
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\IC Q\Agent\Ap ps
*Registry key not found*
-------------------------- ---------- ---------- ----
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon : load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon : run=*Registry value not found*
HKLM\..\Windows\CurrentVer sion\WinLo gon: load=*Registry key not found*
HKLM\..\Windows\CurrentVer sion\WinLo gon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon : load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon : run=*Registry value not found*
HKCU\..\Windows\CurrentVer sion\WinLo gon: load=*Registry key not found*
HKCU\..\Windows\CurrentVer sion\WinLo gon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
-------------------------- ---------- ---------- ----
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
-------------------------- ---------- ---------- ----
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explor er.exe: not present
C:\WINDOWS\System\Explorer .exe: not present
C:\WINDOWS\System32\Explor er.exe: not present
C:\WINDOWS\Command\Explore r.exe: not present
C:\WINDOWS\Fonts\Explorer. exe: not present
-------------------------- ---------- ---------- ----
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
-------------------------- ---------- ---------- ----
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Register-editor'
Registry check passed
-------------------------- ---------- ---------- ----
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~2\SDHel per.dll - {53707962-6F74-2D53-2644-2 06D7942484 F}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5 164760863C 6}
-------------------------- ---------- ---------- ----
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
PCHealth-planner voor uploadbibliotheek.job
XoftSpy.job
-------------------------- ---------- ---------- ----
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\cla sses\dajav a.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\cla sses\xmlds o.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb. dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156192899546
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[{9F1C11AA-197B-4942-BA54- 47A8489BB4 7F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin \npjpi160_ 03.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macrom ed\Flash\F lash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
-------------------------- ---------- ---------- ----
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsoc k.dll
NameSpace #2: C:\WINDOWS\System32\winrnr .dll
NameSpace #3: C:\WINDOWS\System32\mswsoc k.dll
Protocol #1: C:\WINDOWS\system32\mswsoc k.dll
Protocol #2: C:\WINDOWS\system32\mswsoc k.dll
Protocol #3: C:\WINDOWS\system32\mswsoc k.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp .dll
Protocol #5: C:\WINDOWS\system32\rsvpsp .dll
Protocol #6: C:\WINDOWS\system32\mswsoc k.dll
Protocol #7: C:\WINDOWS\system32\mswsoc k.dll
Protocol #8: C:\WINDOWS\system32\mswsoc k.dll
Protocol #9: C:\WINDOWS\system32\mswsoc k.dll
Protocol #10: C:\WINDOWS\system32\mswsoc k.dll
Protocol #11: C:\WINDOWS\system32\mswsoc k.dll
Protocol #12: C:\WINDOWS\system32\mswsoc k.dll
Protocol #13: C:\WINDOWS\system32\mswsoc k.dll
Protocol #14: C:\WINDOWS\system32\mswsoc k.dll
Protocol #15: C:\WINDOWS\system32\mswsoc k.dll
Protocol #16: C:\WINDOWS\system32\mswsoc k.dll
Protocol #17: C:\WINDOWS\system32\mswsoc k.dll
Protocol #18: C:\WINDOWS\system32\mswsoc k.dll
Protocol #19: C:\WINDOWS\system32\mswsoc k.dll
Protocol #20: C:\WINDOWS\system32\mswsoc k.dll
Protocol #21: C:\WINDOWS\system32\mswsoc k.dll
Protocol #22: C:\WINDOWS\system32\mswsoc k.dll
Protocol #23: C:\WINDOWS\system32\mswsoc k.dll
Protocol #24: C:\WINDOWS\system32\mswsoc k.dll
-------------------------- ---------- ---------- ----
Enumerating Windows NT/2000/XP services
Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
actser: system32\drivers\actser.sy s (manual start)
Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drive rs\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sy s (system)
Alerter: %SystemRoot%\System32\svch ost.exe -k LocalService (autostart)
Application Layer Gateway-service: %SystemRoot%\System32\alg. exe (manual start)
AmeAtmPc: System32\DRIVERS\AmeAtmPc. sys (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe" (autostart)
Application Management: %SystemRoot%\system32\svch ost.exe -k netsvcs (manual start)
1394 ARP-clientprotocol: System32\DRIVERS\arp1394.s ys (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K. sys (manual start)
Aspi32: System32\drivers\aspi32.sy s (autostart)
ASP.NET-statusservice: %SystemRoot%\Microsoft.NET \Framework \v1.1.4322 \aspnet_st ate.exe (manual start)
Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac. sys (manual start)
Standaard IDE/ESDI-vasteschijfcontro ller: System32\DRIVERS\atapi.sys (system)
ati2mtag: System32\DRIVERS\ati2mtag. sys (manual start)
ATM ARP-client-protocol: System32\DRIVERS\atmarpc.s ys (manual start)
ATM geëmuleerde LAN: System32\DRIVERS\atmlane.s ys (manual start)
ATM LAN-emulatie: System32\DRIVERS\atmlane.s ys (manual start)
ATM Call Manager: System32\DRIVERS\atmuni.sy s (autostart)
Windows Audio: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Audiostub-stuurprogramma: System32\DRIVERS\audstub.s ys (manual start)
Intelligente achtergrondsoverdrachtserv ice: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.s ys (manual start)
CA License Client: C:\Program Files\CA\SharedComponents\ CA_LIC\lic 98rmt.exe (manual start)
CA License Server: C:\Program Files\CA\SharedComponents\ CA_LIC\lic 98rmtd.exe (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE. sys (manual start)
Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
Indexing-service: %SystemRoot%\system32\cisv c.exe (manual start)
ClipBook: %SystemRoot%\system32\clip srv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+-systeemtoepassing: C:\WINDOWS\System32\dllhos t.exe /Processid:{02D4B3F1-FD88- 11D1-960D- 00805FC792 35} (manual start)
Services voor cryptografie: %SystemRoot%\system32\svch ost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svch ost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmad min.exe /com (manual start)
dmboot: System32\drivers\dmboot.sy s (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sy s (disabled)
Logical Disk Manager: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sy s (manual start)
DNS Client: %SystemRoot%\System32\svch ost.exe -k NetworkService (autostart)
Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.s ys (manual start)
EntDrv51: \??\C:\WINDOWS\system32\dr ivers\EntD rv51.sys (manual start)
Service voor het rapporteren van fouten: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\serv ices.exe (autostart)
COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchos t.exe -k netsvcs (manual start)
Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxss vc.exe (autostart)
Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.s ys (manual start)
FltMgr: system32\drivers\fltmgr.sy s (system)
Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sy s (system)
Eicon Networks USB ADSL Loader: System32\DRIVERS\gafwload. sys (autostart)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiW DM.sys (manual start)
Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe" (manual start)
Help en ondersteuning: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sy s (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412. sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12. sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12. sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svch ost.exe -k HTTPFilter (manual start)
Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt. sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe" (manual start)
imagedrvv: System32\drivers\imagedrvv .sys (system)
Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi. exe (manual start)
Intel GV3-processorstuurprogramm a: System32\DRIVERS\intelppm. sys (system)
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sy s (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv. sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sy s (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod-service: "C:\Program Files\iPod\bin\iPodService .exe" (manual start)
IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
IR Enumerator-service: System32\DRIVERS\irenum.sy s (manual start)
PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sy s (system)
Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass. sys (system)
Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sy s (system)
Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sy s (manual start)
Server: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svch ost.exe -k LocalService (autostart)
Event Log Watch: C:\Program Files\CA\SharedComponents\ CA_LIC\Log WatNT.exe (disabled)
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService .exe /ServiceStart (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshi eld.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTsk Mgr.exe" (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svch ost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrv c.exe (manual start)
Stuurprogramma voor muistypen: System32\DRIVERS\mouclass. sys (system)
Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sy s (manual start)
WebDav-client-redirector: System32\DRIVERS\mrxdav.sy s (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sy s (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc. exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexe c.exe /V (manual start)
Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.s ys (manual start)
Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK. sys (manual start)
Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios. sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401. sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC. sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x. sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x. sys (system)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sy s (manual start)
RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi. sys (manual start)
I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.s ys (manual start)
RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.s ys (manual start)
NetBIOS-interface: System32\DRIVERS\netbios.s ys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netd de.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netd de.exe (disabled)
Net Logon: %SystemRoot%\System32\lsas s.exe (manual start)
Network Connections: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
1394-stuurprogramma: System32\DRIVERS\nic1394.s ys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
Stuurprogramma voor Netwerkcontrole: system32\DRIVERS\NMnt.sys (manual start)
NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsas s.exe (manual start)
Verwisselbare opslag: %SystemRoot%\system32\svch ost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt. sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd. sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394. sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.s ys (manual start)
PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sy s (system)
VSO Software pcouffin: System32\Drivers\pcouffin. sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune. sys (manual start)
Plug and Play: %SystemRoot%\system32\serv ices.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm 12.exe (autostart)
IPSEC-services: %SystemRoot%\System32\lsas s.exe (autostart)
WAN-minipoort (PPTP): System32\DRIVERS\raspptp.s ys (manual start)
PRISM 802.11g Driver: System32\DRIVERS\PRISMA00. sys (manual start)
Stuurprogramma voor processor: System32\DRIVERS\processr. sys (system)
Protected Storage: %SystemRoot%\system32\lsas s.exe (autostart)
Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.s ys (manual start)
Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sy s (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.s ys (manual start)
Verbindingsbeheer voor RAS: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe. sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sy s (manual start)
RAW WAN-stuurprogramma: System32\DRIVERS\rawwan.sy s (autostart)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sy s (system)
Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmg r.exe (manual start)
Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.s ys (system)
Routing and Remote Access: %SystemRoot%\System32\svch ost.exe -k netsvcs (disabled)
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rp capd.exe" -d -f "%ProgramFiles%\WinPcap\rp capd.ini" (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\loca tor.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svch ost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp .exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsas s.exe (autostart)
SBP-2 Transport/Protocol-busstuu rprogramma : System32\DRIVERS\sbp2port. sys (system)
Smart Card: %SystemRoot%\System32\SCar dSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sy s (manual start)
Secondary Logon: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svch ost.exe -k netsvcs (autostart)
SIEMENS Serial port driver: System32\DRIVERS\ser2pl.sy s (manual start)
Serenum Filter Driver: System32\DRIVERS\serenum.s ys (manual start)
Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sy s (system)
Diskettestation voor HD-diskettes: System32\DRIVERS\sfloppy.s ys (manual start)
Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel-audiosplitsing: system32\drivers\splitter. sys (manual start)
Print Spooler: %SystemRoot%\system32\spoo lsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (manual start)
Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
System Restore-service: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
SRV: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery-service: %SystemRoot%\System32\svch ost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svch ost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP. sys (manual start)
Software Bus-stuurprogramma: System32\DRIVERS\swenum.sy s (manual start)
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sy s (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhos t.exe /Processid:{E9D6446F-05E1- 4D22-A68B- ECA4693B31 C9} (manual start)
Microsoft Kernel-systeemaudioapparaa t: system32\drivers\sysaudio. sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlo gsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sy s (system)
Terminal Services: %SystemRoot%\System32\svch ost -k DComLaunch (manual start)
Thema's: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svch ost.exe -k netsvcs (autostart)
Microcode Update-stuurprogramma: System32\DRIVERS\update.sy s (manual start)
Universele Plug en Play-apparaathost: %SystemRoot%\System32\svch ost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups. exe (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl.s ys (manual start)
Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.s ys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.s ys (manual start)
Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sy s (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint. sys (manual start)
Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.s ys (manual start)
Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.S YS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.s ys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchos t.exe -k usnsvc (manual start)
Grafische VGA-adapter.: \SystemRoot\System32\drive rs\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssv c.exe (manual start)
Windows Time: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sy s (manual start)
Eicon Networks USB ADSL WAN Modem: System32\DRIVERS\gwausb.sy s (manual start)
Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sy s (manual start)
WebClient: %SystemRoot%\System32\svch ost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svch ost.exe -k netsvcs (autostart)
Serienummerservice voor draagbare media: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
WMI-prestatieadapter: C:\WINDOWS\System32\wbem\w miapsrv.ex e (manual start)
Security Center: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC. SYS (manual start)
Automatische updates: %systemroot%\system32\svch ost.exe -k netsvcs (autostart)
Wireless Zero Configuration-service: %SystemRoot%\System32\svch ost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\C ommon\x10n ets.exe (manual start)
%DESCRIPTION%: System32\Drivers\x10uif.sy s (manual start)
Network Provisioning Service: %SystemRoot%\System32\svch ost.exe -k netsvcs (manual start)
-------------------------- ---------- ---------- ----
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperation s: C:\DOCUME~1\TEMP\LOCALS~1\ Temp\_iu14 D2N.tmp||| L
-------------------------- ---------- ---------- ----
Enumerating ShellServiceObjectDelayLoa d items:
PostBootReminder: C:\WINDOWS\system32\SHELL3 2.dll
CDBurn: C:\WINDOWS\system32\SHELL3 2.dll
WebCheck: C:\WINDOWS\system32\webche ck.dll
SysTray: C:\WINDOWS\System32\stobje ct.dll
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer\R un
*Registry key not found*
-------------------------- ---------- ---------- ----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \policies\ Explorer\R un
*Registry key not found*
-------------------------- ---------- ---------- ----
End of report, 38.151 bytes
Report generated in 0,438 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
I can't find any particular DLL's in the winlogon.exe or the services.exe files
A few particularities:
-When trying to change a service in services.msc, the computer refuses that. (No rights, though I'm administrator
-When checking with Process Explorer - threads for iexplore.exe - I see that the IEFrame.dll file gets CPU attention once a popup is called -> but I thought IEframe is a windows-system-file.
Where should I look to solve this problem without reformatting the PC?
Thanks in advance
I have a customer who always has a crash of explorer.exe when starting up the computer (modName unknown) and he also gets random popups when trying to surf the internet.
This is the HJT log.
StartupList report, 26/01/2008, 13:37:06
StartupList version: 1.52.2
Started from : C:\Documents and Settings\TEMP\Bureaublad\H
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==========================
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\Mcshi
C:\Program Files\Network Associates\VirusScan\VsTsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll
C:\WINDOWS\system32\PRISMS
C:\PROGRA~1\COMMON~1\X10\C
C:\Program Files\Support.com\bin\tgcm
C:\WINDOWS\system32\rundll
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.
C:\Program Files\Belgacom\bin\sprtcmd
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\iTunes\iTunesHelper.
C:\WINDOWS\system32\ctfmon
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TEMP\Bureaublad\p
C:\Documents and Settings\TEMP\Bureaublad\H
C:\WINDOWS\system32\mmc.ex
C:\WINDOWS\system32\mmc.ex
--------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\TEMP\Menu Start\Programma's\Opstarte
Snelkoppeling naar BelgacomADSL.lnk = ?
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarte
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\W
UserInit = C:\WINDOWS\system32\userin
[HKLM\Software\Microsoft\W
*Registry key not found*
[HKCU\Software\Microsoft\W
*Registry value not found*
[HKCU\Software\Microsoft\W
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
CHotkey = mHotkey.exe
ledpointer = CNYHKey.exe
PCMService = "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvC
GSICONEXE = GSICON.EXE
DSLAGENTEXE = dslagent.exe USB
tgcmd = "C:\Program Files\Support.com\bin\tgcm
AME_CSA = rundll32 csa.cpl,RUN_DLL
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTA
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.
Belgacom = "C:\Program Files\Belgacom\bin\sprtcmd
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.
MSConfig = C:\WINDOWS\PCHealth\HelpCt
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*No values found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*No values found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ctfmon.exe = C:\WINDOWS\system32\ctfmon
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*No values found*
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
[OptionalComponents]
*No values found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
*No subkeys found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
*No subkeys found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*No subkeys found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*No subkeys found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\
(Default) = "%1" %*
--------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\
(Default) = "%1" %*
--------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\
(Default) = "%1" %*
--------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\
(Default) = "%1" %*
--------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\
(Default) = "%1" /S
--------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\
(Default) = C:\WINDOWS\system32\mshta.
--------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\
(Default) = %SystemRoot%\system32\NOTE
--------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Ac
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827
StubPath = C:\WINDOWS\system32\ieudin
[>{22d6f312-b0f6-11d0-94ab
StubPath = C:\WINDOWS\inf\unregmp2.ex
[>{26923b43-4d38-484f-9b9e
StubPath = C:\WINDOWS\system32\ie4uin
[>{60B49E34-C7CC-11D0-8953
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061
StubPath = %systemroot%\system32\shmg
[{028E2D30-93C4-EAEB-0801-
StubPath = C:\WINDOWS\system32\drwats
[{2C7339CF-2B09-4501-B3F3-
StubPath = %SystemRoot%\system32\regs
[{44BBA840-CC51-11CF-AAFA-
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
[{5945c046-1e7d-11d1-bc44-
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
[{6BF52A52-394A-11d3-B153-
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
[{7790769C-0471-11d2-AF11-
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-
StubPath = C:\WINDOWS\system32\ie4uin
[{89B4C1CD-B018-4511-B0A1-
StubPath = C:\WINDOWS\System32\Rundll
[{8b15971b-5355-4c82-8c07-
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
--------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\IC
*Registry key not found*
--------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon
HKLM\..\Windows NT\CurrentVersion\WinLogon
HKLM\..\Windows\CurrentVer
HKLM\..\Windows\CurrentVer
HKCU\..\Windows NT\CurrentVersion\WinLogon
HKCU\..\Windows NT\CurrentVersion\WinLogon
HKCU\..\Windows\CurrentVer
HKCU\..\Windows\CurrentVer
HKCU\..\Windows NT\CurrentVersion\Windows:
HKCU\..\Windows NT\CurrentVersion\Windows:
HKLM\..\Windows NT\CurrentVersion\Windows:
HKLM\..\Windows NT\CurrentVersion\Windows:
HKLM\..\Windows NT\CurrentVersion\Windows:
--------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explor
C:\WINDOWS\System\Explorer
C:\WINDOWS\System32\Explor
C:\WINDOWS\Command\Explore
C:\WINDOWS\Fonts\Explorer.
--------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Register-editor'
Registry check passed
--------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~2\SDHel
(no name) - C:\Program Files\Java\jre1.6.0_03\bin
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5
--------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
PCHealth-planner voor uploadbibliotheek.job
XoftSpy.job
--------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\cla
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\cla
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156192899546
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[{9F1C11AA-197B-4942-BA54-
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macrom
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
--------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsoc
NameSpace #2: C:\WINDOWS\System32\winrnr
NameSpace #3: C:\WINDOWS\System32\mswsoc
Protocol #1: C:\WINDOWS\system32\mswsoc
Protocol #2: C:\WINDOWS\system32\mswsoc
Protocol #3: C:\WINDOWS\system32\mswsoc
Protocol #4: C:\WINDOWS\system32\rsvpsp
Protocol #5: C:\WINDOWS\system32\rsvpsp
Protocol #6: C:\WINDOWS\system32\mswsoc
Protocol #7: C:\WINDOWS\system32\mswsoc
Protocol #8: C:\WINDOWS\system32\mswsoc
Protocol #9: C:\WINDOWS\system32\mswsoc
Protocol #10: C:\WINDOWS\system32\mswsoc
Protocol #11: C:\WINDOWS\system32\mswsoc
Protocol #12: C:\WINDOWS\system32\mswsoc
Protocol #13: C:\WINDOWS\system32\mswsoc
Protocol #14: C:\WINDOWS\system32\mswsoc
Protocol #15: C:\WINDOWS\system32\mswsoc
Protocol #16: C:\WINDOWS\system32\mswsoc
Protocol #17: C:\WINDOWS\system32\mswsoc
Protocol #18: C:\WINDOWS\system32\mswsoc
Protocol #19: C:\WINDOWS\system32\mswsoc
Protocol #20: C:\WINDOWS\system32\mswsoc
Protocol #21: C:\WINDOWS\system32\mswsoc
Protocol #22: C:\WINDOWS\system32\mswsoc
Protocol #23: C:\WINDOWS\system32\mswsoc
Protocol #24: C:\WINDOWS\system32\mswsoc
--------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
actser: system32\drivers\actser.sy
Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drive
Intel AGP Bus Filter: System32\DRIVERS\agp440.sy
Alerter: %SystemRoot%\System32\svch
Application Layer Gateway-service: %SystemRoot%\System32\alg.
AmeAtmPc: System32\DRIVERS\AmeAtmPc.
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
Application Management: %SystemRoot%\system32\svch
1394 ARP-clientprotocol: System32\DRIVERS\arp1394.s
ASAPIW2K: System32\Drivers\ASAPIW2K.
Aspi32: System32\drivers\aspi32.sy
ASP.NET-statusservice: %SystemRoot%\Microsoft.NET
Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.
Standaard IDE/ESDI-vasteschijfcontro
ati2mtag: System32\DRIVERS\ati2mtag.
ATM ARP-client-protocol: System32\DRIVERS\atmarpc.s
ATM geëmuleerde LAN: System32\DRIVERS\atmlane.s
ATM LAN-emulatie: System32\DRIVERS\atmlane.s
ATM Call Manager: System32\DRIVERS\atmuni.sy
Windows Audio: %SystemRoot%\System32\svch
Audiostub-stuurprogramma: System32\DRIVERS\audstub.s
Intelligente achtergrondsoverdrachtserv
Computer Browser: %SystemRoot%\System32\svch
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.s
CA License Client: C:\Program Files\CA\SharedComponents\
CA License Server: C:\Program Files\CA\SharedComponents\
Closed Caption Decoder: System32\DRIVERS\CCDECODE.
Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys
Indexing-service: %SystemRoot%\system32\cisv
ClipBook: %SystemRoot%\system32\clip
C-Media WDM Audio Interface: system32\drivers\cmuda.sys
COM+-systeemtoepassing: C:\WINDOWS\System32\dllhos
Services voor cryptografie: %SystemRoot%\system32\svch
DCOM Server Process Launcher: %SystemRoot%\system32\svch
DHCP Client: %SystemRoot%\System32\svch
Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmad
dmboot: System32\drivers\dmboot.sy
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sy
Logical Disk Manager: %SystemRoot%\System32\svch
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sy
DNS Client: %SystemRoot%\System32\svch
Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.s
EntDrv51: \??\C:\WINDOWS\system32\dr
Service voor het rapporteren van fouten: %SystemRoot%\System32\svch
Event Log: %SystemRoot%\system32\serv
COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchos
Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svch
Fax: %systemroot%\system32\fxss
Stuurprogramma voor diskettestationcontroller:
VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.s
FltMgr: system32\drivers\fltmgr.sy
Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sy
Eicon Networks USB ADSL Loader: System32\DRIVERS\gafwload.
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiW
Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys
Google Updater Service: "C:\Program Files\Google\Common\Google
Help en ondersteuning: %SystemRoot%\System32\svch
HID Input Service: %SystemRoot%\System32\svch
Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sy
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svch
Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver
imagedrvv: System32\drivers\imagedrvv
Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys
COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.
Intel GV3-processorstuurprogramm
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sy
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sy
IP Network Address Translator: System32\DRIVERS\ipnat.sys
iPod-service: "C:\Program Files\iPod\bin\iPodService
IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys
IR Enumerator-service: System32\DRIVERS\irenum.sy
PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sy
Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.
Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sy
Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sy
Server: %SystemRoot%\System32\svch
Workstation: %SystemRoot%\System32\svch
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svch
Event Log Watch: C:\Program Files\CA\SharedComponents\
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshi
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTsk
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svch
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrv
Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.
Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sy
WebDav-client-redirector: System32\DRIVERS\mrxdav.sy
MRXSMB: System32\DRIVERS\mrxsmb.sy
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.
Windows Installer: C:\WINDOWS\System32\msiexe
Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.s
Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.
Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys
BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys
Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.
NaiAvFilter1: system32\drivers\naiavf5x.
NaiAvTdi1: system32\drivers\mvstdi5x.
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sy
RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.
I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.s
RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.s
NetBIOS-interface: System32\DRIVERS\netbios.s
NetBios over Tcpip: System32\DRIVERS\netbt.sys
Network DDE: %SystemRoot%\system32\netd
Network DDE DSDM: %SystemRoot%\system32\netd
Net Logon: %SystemRoot%\System32\lsas
Network Connections: %SystemRoot%\System32\svch
1394-stuurprogramma: System32\DRIVERS\nic1394.s
Network Location Awareness (NLA): %SystemRoot%\System32\svch
Stuurprogramma voor Netwerkcontrole: system32\DRIVERS\NMnt.sys (manual start)
NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsas
Verwisselbare opslag: %SystemRoot%\system32\svch
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.s
PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sy
VSO Software pcouffin: System32\Drivers\pcouffin.
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.
Plug and Play: %SystemRoot%\system32\serv
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm
IPSEC-services: %SystemRoot%\System32\lsas
WAN-minipoort (PPTP): System32\DRIVERS\raspptp.s
PRISM 802.11g Driver: System32\DRIVERS\PRISMA00.
Stuurprogramma voor processor: System32\DRIVERS\processr.
Protected Storage: %SystemRoot%\system32\lsas
Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.s
Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sy
Remote Access Auto Connection Manager: %SystemRoot%\System32\svch
WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.s
Verbindingsbeheer voor RAS: %SystemRoot%\System32\svch
PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.
Direct Parallel: System32\DRIVERS\raspti.sy
RAW WAN-stuurprogramma: System32\DRIVERS\rawwan.sy
Rdbss: System32\DRIVERS\rdbss.sys
RDPCDD: System32\DRIVERS\RDPCDD.sy
Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmg
Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.s
Routing and Remote Access: %SystemRoot%\System32\svch
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rp
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\loca
Remote Procedure Call (RPC): %SystemRoot%\system32\svch
QoS RSVP: %SystemRoot%\System32\rsvp
Security Accounts Manager: %SystemRoot%\system32\lsas
SBP-2 Transport/Protocol-busstuu
Smart Card: %SystemRoot%\System32\SCar
Task Scheduler: %SystemRoot%\System32\svch
Secdrv: System32\DRIVERS\secdrv.sy
Secondary Logon: %SystemRoot%\System32\svch
System Event Notification: %SystemRoot%\system32\svch
SIEMENS Serial port driver: System32\DRIVERS\ser2pl.sy
Serenum Filter Driver: System32\DRIVERS\serenum.s
Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sy
Diskettestation voor HD-diskettes: System32\DRIVERS\sfloppy.s
Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svch
Shell Hardware Detection: %SystemRoot%\System32\svch
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel-audiosplitsing: system32\drivers\splitter.
Print Spooler: %SystemRoot%\system32\spoo
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (manual start)
Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
System Restore-service: %SystemRoot%\System32\svch
SRV: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery-service: %SystemRoot%\System32\svch
Windows Image Acquisition (WIA): %SystemRoot%\System32\svch
BDA IPSink: System32\DRIVERS\StreamIP.
Software Bus-stuurprogramma: System32\DRIVERS\swenum.sy
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sy
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhos
Microsoft Kernel-systeemaudioapparaa
Performance Logs and Alerts: %SystemRoot%\system32\smlo
Telephony: %SystemRoot%\System32\svch
Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys
Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sy
Terminal Services: %SystemRoot%\System32\svch
Thema's: %SystemRoot%\System32\svch
Distributed Link Tracking Client: %SystemRoot%\system32\svch
Microcode Update-stuurprogramma: System32\DRIVERS\update.sy
Universele Plug en Play-apparaathost: %SystemRoot%\System32\svch
Uninterruptible Power Supply: %SystemRoot%\System32\ups.
Apple Mobile USB Driver: System32\Drivers\usbaapl.s
Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.s
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.s
Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sy
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.
Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.s
Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.S
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.s
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchos
Grafische VGA-adapter.: \SystemRoot\System32\drive
Volume Shadow Copy: %SystemRoot%\System32\vssv
Windows Time: %SystemRoot%\System32\svch
RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sy
Eicon Networks USB ADSL WAN Modem: System32\DRIVERS\gwausb.sy
Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sy
WebClient: %SystemRoot%\System32\svch
Windows Management Instrumentation: %systemroot%\system32\svch
Serienummerservice voor draagbare media: %SystemRoot%\System32\svch
WMI-prestatieadapter: C:\WINDOWS\System32\wbem\w
Security Center: %SystemRoot%\System32\svch
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.
Automatische updates: %systemroot%\system32\svch
Wireless Zero Configuration-service: %SystemRoot%\System32\svch
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\C
%DESCRIPTION%: System32\Drivers\x10uif.sy
Network Provisioning Service: %SystemRoot%\System32\svch
--------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperation
--------------------------
Enumerating ShellServiceObjectDelayLoa
PostBootReminder: C:\WINDOWS\system32\SHELL3
CDBurn: C:\WINDOWS\system32\SHELL3
WebCheck: C:\WINDOWS\system32\webche
SysTray: C:\WINDOWS\System32\stobje
--------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
*Registry key not found*
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
*Registry key not found*
--------------------------
End of report, 38.151 bytes
Report generated in 0,438 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
I can't find any particular DLL's in the winlogon.exe or the services.exe files
A few particularities:
-When trying to change a service in services.msc, the computer refuses that. (No rights, though I'm administrator
-When checking with Process Explorer - threads for iexplore.exe - I see that the IEFrame.dll file gets CPU attention once a popup is called -> but I thought IEframe is a windows-system-file.
Where should I look to solve this problem without reformatting the PC?
Thanks in advance
Also, maybe:
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
AME_CSA = rundll32 csa.cpl,RUN_DLL
should be removed.
HKLM\Software\Microsoft\Wi
AME_CSA = rundll32 csa.cpl,RUN_DLL
should be removed.
ASKER
the csa.cpl is an ADSL-thingy that is custom in Belgium, so I doubt it that would be responsible for the popups
Have you searched for rootkits with RootkitRevealer (http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx), GMER (http://www.gmer.net/index.php), and IceSword (http://antirootkit.com/software/IceSword.htm)?
ASKER
sdfix in safe mode resolved it
thanks anyway
thanks anyway
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then do a full scan, and see what it finds. Then you can even do an Online Virusscan for Viruses if you use Safe mode w/ networking.
Here is some of my favorites....
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
http://www.superantispyware.com/
One of the best on the market (and it is free, although you can upgrade and get Real Time Protection)
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Good tool to handle some specialized infections. Please run if advised, and give us the logfile.
Housecall Online Free Virus Scanner
http:\\housecall.trendmicro.com
Great to do an online Scan in Safe Mode w/ networking
And a regular HJT log might be easier to read.....