Na opnieuw opstarten nog een keer een melding gekregen van Sugate Personal Firewall:
"Wingate Engine (66.227.104.38) is using local port 1182 Do you want to allow this .....etc."
Vervolgens op 'nee' klikken en Application Winmgm Engine has been blocked. Filename is MMTASK.EXE.
??
Na een keer scannen (na verwijdering van BKDR_DELF.CY) zijn er geen virussen meer gevonden
In program files staat geen Wingate Engine folder dus?
De prullenbak is geleegd.
ok start up lijst ziet er nu als volgt uit:
StartupList report, 13-1-03, 0:31:00
StartupList version: 1.50
Started from : C:\DOWNLOADS\ZIP FILES\STARTOPLIST\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\TBPANEL.EXE
C:\WINDOWS\HOTKEY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSI\LIVE UPDATE 2\LMONITOR.EXE
C:\WINDOWS\SYSTEM\MMTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\ACT\ACTLDR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1043\95\MAPISP32.EXE
C:\PROGRAM FILES\ICQ\ICQ.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\DOWNLOADS\ZIP FILES\STARTOPLIST\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programma's\Opstarten]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
Taakcontrole = C:\WINDOWS\taskmon.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Gainward = C:\WINDOWS\TBPanel.exe /A
CHotKey = HOTKEY.exe
SoundMan = soundman.exe
SystemTray = SysTray.Exe
LoadQM = loadqm.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
SmcService = C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
LiveMonitor = C:\PROGRAM FILES\MSI\LIVE UPDATE 2\LMONITOR.EXE
WindowsMGM = C:\WINDOWS\WINMGM32.EXE
MPtask Services = C:\WINDOWS\SYSTEM\mptask.exe
MMtask Service = mmtask.exe
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
MSys32 =
SmcService = C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
VCatch = C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
Eraser = C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
WindowsMGM = C:\WINDOWS\WINMGM32.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
ICQ = C:\PROGRAM FILES\ICQ\ICQ.EXE -trayboot
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll ctpnpscn.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 20:45:10)
[Rename]
NUL=C:\WINDOWS\DOWNLO~1\NAVENG32.DLL
C:\WINDOWS\DOWNLO~1\NAVENG32.DLL=C:\WINDOWS\DOWNLO~1\SETE3.TMP
NUL=C:\WINDOWS\DOWNLO~1\NAVEX32A.DLL
C:\WINDOWS\DOWNLO~1\NAVEX32A.DLL=C:\WINDOWS\DOWNLO~1\SET00E4.TMP
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
SET SOUND=C:\PROGRA~1\CREATIVE\CTSND
SET MIDI=SYNTH:1 MAP:E
SET BLASTER=A220 I5 D1 H5 P330 T6
mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
--------------------------------------------------
C:\CONFIG.SYS listing:
device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)
Country=031,850,C:\WINDOWS\COMMAND\country.sys
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Task Scheduler jobs:
Toepassing Optimalisatie Start.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IFTW.DLL
CODEBASE =
http://tw.msi.com.tw/autobios/client/iftwclix.cab
[HouseCall Besturing]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE =
http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: wps.dll (file MISSING)
Protocol #2: wps.dll (file MISSING)
Protocol #3: wps.dll (file MISSING)
Protocol #4: wps.dll (file MISSING)
Protocol #5: wps.dll (file MISSING)
Protocol #6: wps.dll (file MISSING)
Protocol #13: wps.dll (file MISSING)
--------------------------------------------------
End of report, 8.456 bytes
Report generated in 0,682 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only