REGLOOKS

REGLOOKS logfile

version 0.920
vr 23-02-2007 22:24:58,09
running from: "C:\Documents and Settings\Henri\Bureaublad"

--- SSODL regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found

--- STS regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found

--- USERINIT regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

--- SHELL regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"

--- SYSTEM regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""

--- APPINIT_DLLS regkey ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""

--- NOTIFY regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"fccbyay" "DllName"="fccbyay.dll"
"vtstt" "DllName"="C:\\WINDOWS\\system32\\vtstt.dll"

--- RUN / LOAD regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""

--- BOOTEXECUTE regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0

--- SHELLEXECUTEHOOKS regkey ---

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{4B87F9EE-F53F-454B-AA40-A1B8AE04145C}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

--- HKLM\Run regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"

--- HKLM\RunOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found

--- HKLM\RunOnceEx regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found

--- HKLM\RunServices regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

--- HKLM\RunServicesOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist

--- HKCU\Run regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

--- HKCU\RunOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found

--- HKCU\RunOnceEx regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist

--- HKCU\RunServices regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist

--- HKCU\RunServicesOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist

--- HKLM\Explorer\Run regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist

--- HKCU\Explorer\Run regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist

--- Image File Execution regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found

--- BROWSER HELPER OBJECTS regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" FILE ="D:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll"
"{4B87F9EE-F53F-454B-AA40-A1B8AE04145C}" FILE ="C:\\WINDOWS\\system32\\fccbyay.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll"
"{7E853D72-626A-48EC-A868-BA8D5E23E045}" regkey not found (ERROR)
"{BDF3E430-B101-42AD-A544-FADC6B084872}" FILE ="D:\\Program Files\\Norton SystemWorks\\Norton AntiVirus\\NavShExt.dll"
"{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C}" FILE ="C:\\WINDOWS\\system32\\pmlmtdua.dll"
"{F76534CD-FA20-4A62-8161-7884E69154A0}" FILE ="C:\\WINDOWS\\system32\\vtstt.dll"

--- TOOLBAR regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" FILE ="D:\\Program Files\\Norton SystemWorks\\Norton AntiVirus\\NavShExt.dll"

--- URLSEARCHHOOKS regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found

--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found

--- SAFEBOOT NETWORK SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
nm
nm.sys

--- SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
"DisplayName"="IPv6-hulpservice"
%SystemRoot%\system32\svchost.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347bus
system32\DRIVERS\a347bus.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi
System32\Drivers\a347scsi.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatic LiveUpdate Scheduler
"DisplayName"="Automatic LiveUpdate Scheduler"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
"DisplayName"="Symantec Event Manager"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccPwdSvc
"DisplayName"="Symantec Password Validation"
"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
"DisplayName"="Symantec Settings Manager"
"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLEDX
"DisplayName"="Team H2O CLEDX service"
system32\DRIVERS\cledx.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmuda
"DisplayName"="C-Media WDM Audio Interface"
system32\drivers\cmuda.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server
"DisplayName"="FileZilla Server FTP server"
d:\Program Files\FileZilla Server\FileZilla Server.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gameenum
"DisplayName"="Spelpoort-enumerator"
System32\DRIVERS\gameenum.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
"DisplayName"="Microsoft HID Class-stuurprogramma"
system32\DRIVERS\hidusb.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate
"DisplayName"="LiveUpdate"
"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
"DisplayName"="Stuurprogramma voor muis-HID"
System32\DRIVERS\mouhid.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ms_mpu401
"DisplayName"="Microsoft MPU-401 MIDI UART-stuurprogramma"
system32\drivers\msmpu401.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\navapsvc
"DisplayName"="Norton AntiVirus Auto-Protect Service"
"D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG
"DisplayName"="NAVENG"
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070221.018\NAVENG.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15
"DisplayName"="NAVEX15"
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070221.018\NavEx15.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETMDUSB
"DisplayName"="Net MD"
System32\Drivers\NETMDUSB.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor
"DisplayName"="Norton AntiVirus Firewall Monitor Service"
"D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20
"DisplayName"="PxHelp20"
System32\Drivers\PxHelp20.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QDFSDRV
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT
"DisplayName"="SAVRT"
\??\D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL
"DisplayName"="SAVRTPEL"
\??\D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan
"DisplayName"="SAVScan"
"D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBService
"DisplayName"="ScriptBlocking Service"
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCDEmu
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort
%SystemRoot%\system32\drivers\scsiport.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDdriver
"DisplayName"="SDdriver"
\??\C:\WINDOWS\system32\Drivers\sddriver.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serenum
"DisplayName"="Serenum Filter-stuurprogramma"
System32\DRIVERS\serenum.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc
"DisplayName"="Symantec Network Drivers Service"
"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
"DisplayName"="SPBBCDrv"
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc
"DisplayName"="Symantec SPBBCSvc"
"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Speed Disk service
"DisplayName"="Speed Disk service"
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPTISRV
"DisplayName"="Sony SPTI Service"
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec Core LC
"DisplayName"="Symantec Core LC"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMDNS
\SystemRoot\System32\Drivers\SYMDNS.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent
\??\C:\Program Files\Symantec\SYMEVENT.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMFW
\SystemRoot\System32\Drivers\SYMFW.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDS
\SystemRoot\System32\Drivers\SYMIDS.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDSCO
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070221.002\symidsco.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symlcbrd
"DisplayName"="symlcbrd"
\??\C:\WINDOWS\system32\drivers\symlcbrd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMNDIS
\SystemRoot\System32\Drivers\SYMNDIS.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV
\SystemRoot\System32\Drivers\SYMREDRV.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
"DisplayName"="SYMTDI"
\SystemRoot\System32\Drivers\SYMTDI.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tunmp
"DisplayName"="Stuurprogramma voor Microsoft Tun Minipoort-adapter"
system32\DRIVERS\tunmp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnjsvc
"DisplayName"="Messenger USN Journal Reader service voor Gedeelde mappen"
"C:\Program Files\MSN Messenger\usnsvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{22722059-5E8B-4685-83AD-002322ACD0AE}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F257687F-F400-47B1-B331-E423F32713DF}
no imagepath value found

--- SECURITYPROVIDERS regkey ---

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

--- SVCHOST regkey ---

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\
0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\
0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0xmlprov\0wscsvc\
0WmdmPmSN\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
HTTPFilter: HTTPFilter\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
WudfServiceGroup: WUDFSvc\0\0

--- STARTUP FOLDERS ---

C:\Documents and Settings\Henri\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini

--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Henri.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: ("regedit.exe" "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

FINISHED