StartupList report, 12-1-2003, 17:03:51
StartupList version: 1.50
Started from : C:\Documents and Settings\hans\Local Settings\Temp\Tijdelijke map 2 voor startuplist.zip\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\TrojanShield\AntiTroj.exe
D:\TrojanShield\st.exe
C:\WINDOWS\system32\crypserv.exe
C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
D:\TrojanShield\Port.exe
D:\TrojanShield\Port.exe
C:\Documents and Settings\hans\Local Settings\Temp\Tijdelijke map 2 voor startuplist.zip\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
TrojanShield.lnk = D:\TrojanShield\Init.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WINDVDPatch = CTHELPER.EXE
UpdReg = C:\WINDOWS\UpdReg.EXE
Jet Detection = C:\Creative\SBLive\PROGRAM\ADGJDet.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
WinampAgent = "C:\Winamp\Winampa.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
TrojanShield Protector = D:\TrojanShield\Port.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Pop-Up-Blocker =
TransparentIcons =
BlockAds =
Tweak-XP =
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
*INI section not found*
*INI section not found*
*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\plusaqar.scr
*Registry value not found*
Policies Shell key:
HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
BabeIE - (no file) - {00000000-0000-0000-0000-000000000000}
NAV Helper - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE =
http://office.microsoft.com/productupdates/content/opuc.cab
[Microsoft Office Template Downloader]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msotd.dll
CODEBASE =
http://office.microsoft.com/dutch/TemplateGallery/msotd.cab
[{9656B666-992F-4D74-8588-8CA69E97D90C}]
CODEBASE =
http://www.commonname.com/en/oneclick/uninstbb.cab
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37583.4455208333
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\SWFLASH.OCx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[StarInstall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\STARIN~1.OCX
CODEBASE =
http://www.service-url.de/install/StarInstall.ocx
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE =
http://fdl.msn.com/public/chat/msnchat45.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan51.ocx
CODEBASE =
http://www.housecall.nl/housecall/xscan4.cab
--------------------------------------------------
End of report, 8.436 bytes
Report generated in 0,280 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only