Mededeling

Collapse
No announcement yet.

programma's draaien vast

Collapse
X
Collapse
  •  
  • Page of 3
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 3 template Volgende
  • #1

    programma's draaien vast

    Via helpmij.nl *het forum* ben ik hierheen gestuurd.
    Mijn probleem was in eerste instantie niet op te lossen via het hijackthis log, maar omdat er een nieuwere versie was wilde ik het nogmaals proberen.

    mijn topic op helpmij.nl

    Het probleem is dat ik alle anti-spyware en opruimprogramma's in veilige modus moet draaien, anders draaien ze vast of tijdens het scannen of tijdens het verwijderen. Ik had ergens de hoop dat dit anders moet kunnen. Het is dus meer een luxe probleem. Defragmenteren en foutencontrole mochten niet baatten.

    Hier is mijn log.

    Logfile of HijackThis v1.99.0
    Scan saved at 10:48:20, on 24-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\bwgo0000a102.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HJK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\F.J.G. Veldkamp\NewVersion\setup-8876480.exe
    O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F7E7FE39-7298-442F-97CE-B7A5E9AFE12D} (Info Class) - http://www0.spelpunt.nl/idtool.cab
    O18 - Protocol: bw+0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Labels: Geen
    • Citaat
  • #2
    Hi femm,

    Verwijder alle bestanden in C:\Documents And Settings\FJG~1.VEL\Local Settings\Temp

    Over de blauwe map: Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

    Ik zie in de log geen reden dat dit niet moglijk zou kunnen zijn. Maar misschien dat het volgende een antwoord geeft...

    Start HijackThis, klik op "Misc Tools". Kruis "List also minor sections (full)" en "List empty sections (complete)" aan en klik op "Generate StartupList log". Geef "Ja" als antwoord op de vraag. Hierna wordt Kladblok geopend met het bestand startuplist.txt. Selecteer alle tekst, kopieer en plak die in een nieuwe post.
    • Citaat

    Comment

    • #3
      Nou hierbij..

      StartupList report, 24-12-2004, 14:05:00
      StartupList version: 1.52.2
      Started from : C:\Program Files\HJK\HijackThis.EXE
      Detected: Windows XP SP2 (WinNT 5.01.2600)
      Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      * Using default options
      * Including empty and uninteresting sections
      * Showing rarely important sections
      ==================================================

      Running processes:

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
      C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\bwgo0000a102.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HJK\HijackThis.exe

      --------------------------------------------------

      Listing of startup folders:

      Shell folders Startup:
      [C:\Documents and Settings\F.J.G. Veldkamp\Menu Start\Programma's\Opstarten]
      *No files*

      Shell folders AltStartup:
      *Folder not found*

      User shell folders Startup:
      *Folder not found*

      User shell folders AltStartup:
      *Folder not found*

      Shell folders Common Startup:
      [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
      Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

      Shell folders Common AltStartup:
      *Folder not found*

      User shell folders Common Startup:
      *Folder not found*

      User shell folders Alternate Common Startup:
      *Folder not found*

      --------------------------------------------------

      Checking Windows NT UserInit:

      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      UserInit = C:\WINDOWS\system32\userinit.exe,

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
      *Registry key not found*

      [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      *Registry value not found*

      [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run

      zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
      VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
      VOBID = C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
      SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
      PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
      Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      nwiz = nwiz.exe /install
      NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
      IW ControlCenter = C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
      EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

      *No values found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

      *No values found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run

      RssReader = C:\Program Files\RssReader\RssReader.exe
      msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

      *No values found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run

      [OptionalComponents]
      *No values found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
      *No subkeys found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
      *No subkeys found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      *No subkeys found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
      *No subkeys found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
      *Registry key not found*

      --------------------------------------------------

      Autorun entries in Registry subkeys of:
      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
      *Registry key not found*

      --------------------------------------------------

      File association entry for .EXE:
      HKEY_CLASSES_ROOT\exefile\shell\open\command

      (Default) = "%1" %*

      --------------------------------------------------

      File association entry for .COM:
      HKEY_CLASSES_ROOT\comfile\shell\open\command

      (Default) = "%1" %*

      --------------------------------------------------

      File association entry for .BAT:
      HKEY_CLASSES_ROOT\batfile\shell\open\command

      (Default) = "%1" %*

      --------------------------------------------------

      File association entry for .PIF:
      HKEY_CLASSES_ROOT\piffile\shell\open\command

      (Default) = "%1" %*

      --------------------------------------------------

      File association entry for .SCR:
      HKEY_CLASSES_ROOT\scrfile\shell\open\command

      (Default) = "%1" /S

      --------------------------------------------------

      File association entry for .HTA:
      HKEY_CLASSES_ROOT\htafile\shell\open\command

      (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

      --------------------------------------------------

      File association entry for .TXT:
      HKEY_CLASSES_ROOT\txtfile\shell\open\command

      (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

      --------------------------------------------------

      Enumerating Active Setup stub paths:
      HKLM\Software\Microsoft\Active Setup\Installed Components
      (* = disabled by HKCU twin)

      [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

      [>{26923b43-4d38-484f-9b9e-de460746276c}] *
      StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

      [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
      StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

      [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
      StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

      [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
      StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

      [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
      StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

      [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
      StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

      [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
      StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

      [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
      StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

      [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
      StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

      [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
      StubPath = regsvr32.exe /s /n /i:U shell32.dll

      [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
      StubPath = %SystemRoot%\system32\ie4uinit.exe

      [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
      StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

      --------------------------------------------------

      Enumerating ICQ Agent Autostart apps:
      HKCU\Software\Mirabilis\ICQ\Agent\Apps

      *Registry key not found*

      --------------------------------------------------

      Load/Run keys from C:\WINDOWS\WIN.INI:

      load=*INI section not found*
      run=*INI section not found*

      Load/Run keys from Registry:

      HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
      HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
      HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
      HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
      HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
      HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
      HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
      HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
      HKCU\..\Windows NT\CurrentVersion\Windows: load=
      HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
      HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
      HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
      HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

      --------------------------------------------------

      Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

      Shell=*INI section not found*
      SCRNSAVE.EXE=*INI section not found*
      drivers=*INI section not found*

      Shell & screensaver key from Registry:

      Shell=Explorer.exe
      SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
      drivers=*Registry value not found*

      Policies Shell key:

      HKCU\..\Policies: Shell=*Registry key not found*
      HKLM\..\Policies: Shell=*Registry value not found*

      --------------------------------------------------

      Checking for EXPLORER.EXE instances:

      C:\WINDOWS\Explorer.exe: PRESENT!

      C:\Explorer.exe: not present
      C:\WINDOWS\Explorer\Explorer.exe: not present
      C:\WINDOWS\System\Explorer.exe: not present
      C:\WINDOWS\System32\Explorer.exe: not present
      C:\WINDOWS\Command\Explorer.exe: not present
      C:\WINDOWS\Fonts\Explorer.exe: not present

      --------------------------------------------------

      Checking for superhidden extensions:

      .lnk: HIDDEN! (arrow overlay: yes)
      .pif: HIDDEN! (arrow overlay: yes)
      .exe: not hidden
      .com: not hidden
      .bat: not hidden
      .hta: not hidden
      .scr: not hidden
      .shs: HIDDEN!
      .shb: HIDDEN!
      .vbs: not hidden
      .vbe: not hidden
      .wsh: not hidden
      .scf: HIDDEN! (arrow overlay: NO!)
      .url: HIDDEN! (arrow overlay: yes)
      .js: not hidden
      .jse: not hidden

      --------------------------------------------------

      Verifying REGEDIT.EXE integrity:

      - Regedit.exe found in C:\WINDOWS
      - .reg open command is normal (regedit.exe %1)
      - Company name OK: 'Microsoft Corporation'
      - Original filename OK: 'REGEDIT.EXE'
      - File description: 'Register-editor'

      Registry check passed

      --------------------------------------------------

      Enumerating Browser Helper Objects:

      (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
      (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
      NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

      --------------------------------------------------

      Enumerating Task Scheduler jobs:

      Norton AntiVirus - Mijn computer scannen - F.J.G. Veldkamp.job
      Norton AntiVirus - Mijn computer scannen.job
      Symantec NetDetect.job

      --------------------------------------------------

      Enumerating Download Program Files:

      [CryptoRSA Control]
      InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
      CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

      [Minesweeper Flags Class]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
      CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

      [Office Update Installation Engine]
      InProcServer32 = C:\WINDOWS\opuc.dll
      CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

      [HouseCall Besturing]
      InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
      CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

      [Java Plug-in 1.5.0]
      InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

      [MessengerStatsClient Class]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
      CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

      [ActiveScan Installer Class]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
      CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

      [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
      CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.3683912037

      [SassCln Object]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
      CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB

      [Zylom Games Player]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
      CODEBASE = http://game14.zylomgames.com/activex/zylomgamesplayer.cab

      [Java Plug-in 1.4.2_03]
      InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

      [Java Plug-in 1.5.0]
      InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

      [Shockwave Flash Object]
      InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
      CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

      [McFreeScan Class]
      InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
      CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab

      [MSN Chat Control 4.5]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MSNChat45.ocx
      CODEBASE = http://chat.msn.com/bin/msnchat45.cab

      [Solitaire Showdown Class]
      InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
      CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

      [Info Class]
      InProcServer32 = C:\WINDOWS\System32\IDTool.dll
      CODEBASE = http://www0.spelpunt.nl/idtool.cab

      --------------------------------------------------

      Enumerating Winsock LSP files:

      NameSpace #1: C:\WINDOWS\System32\mswsock.dll
      NameSpace #2: C:\WINDOWS\System32\winrnr.dll
      NameSpace #3: C:\WINDOWS\System32\mswsock.dll
      Protocol #1: C:\WINDOWS\system32\mswsock.dll
      Protocol #2: C:\WINDOWS\system32\mswsock.dll
      Protocol #3: C:\WINDOWS\system32\mswsock.dll
      Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
      Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
      Protocol #6: C:\WINDOWS\system32\mswsock.dll
      Protocol #7: C:\WINDOWS\system32\mswsock.dll
      Protocol #8: C:\WINDOWS\system32\mswsock.dll
      Protocol #9: C:\WINDOWS\system32\mswsock.dll
      Protocol #10: C:\WINDOWS\system32\mswsock.dll
      Protocol #11: C:\WINDOWS\system32\mswsock.dll
      Protocol #12: C:\WINDOWS\system32\mswsock.dll
      Protocol #13: C:\WINDOWS\system32\mswsock.dll
      Protocol #14: C:\WINDOWS\system32\mswsock.dll
      Protocol #15: C:\WINDOWS\system32\mswsock.dll
      Protocol #16: C:\WINDOWS\system32\mswsock.dll
      Protocol #17: C:\WINDOWS\system32\mswsock.dll

      --------------------------------------------------

      Enumerating Windows NT/2000/XP services

      Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
      aeaudio: system32\drivers\aeaudio.sys (manual start)
      Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
      Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
      Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
      Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
      Stuurprogramma voor AMD K7-processor: System32\DRIVERS\amdk7.sys (system)
      Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
      ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
      ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
      Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
      Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
      ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
      Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
      Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
      Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
      Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
      Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start)
      Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
      Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
      ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
      Aureon 5.1 Fun Audio Driver: system32\drivers\cmaudio.sys (manual start)
      COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
      Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
      Crystal SoundFusion(tm)-stuurprogramma: system32\drivers\cwcspud.sys (manual start)
      Crystal SoundFusion(tm) WDM-stuurprogramma: system32\drivers\cwcwdm.sys (manual start)
      DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
      DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
      Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
      dmboot: System32\drivers\dmboot.sys (disabled)
      dmio: System32\drivers\dmio.sys (disabled)
      dmload: System32\drivers\dmload.sys (disabled)
      Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
      DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
      Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
      Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Event Log: %SystemRoot%\system32\services.exe (autostart)
      COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
      Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
      VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma: System32\DRIVERS\fetnd5.sys (manual start)
      Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
      FltMgr: system32\drivers\fltmgr.sys (system)
      Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
      Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
      Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
      Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
      HTTP: System32\Drivers\HTTP.sys (manual start)
      HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
      Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
      Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
      COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
      Intel(R) 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start)
      IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
      IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
      IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
      IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
      IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
      IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
      PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
      iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
      jatmlano: \??\C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\jatmlano.sys (manual start)
      Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
      Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
      Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start)
      Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Logitech Keyboard Class Filter Driver: System32\DRIVERS\LKbdFlt2.sys (manual start)
      TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
      Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start)
      Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
      Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
      NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
      Unimodem Streaming-filterapparaat: system32\drivers\MODEMCSA.sys (manual start)
      Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
      WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
      MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
      Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
      Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
      Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
      Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
      Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
      BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
      Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
      NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NAVENG.Sys (manual start)
      NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NavEx15.Sys (manual start)
      RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
      I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
      RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
      NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
      NetBT: System32\DRIVERS\netbt.sys (system)
      Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
      Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
      Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
      Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
      Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
      nv: System32\DRIVERS\nv4_mini.sys (manual start)
      NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
      IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
      IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
      Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
      PCI Bus Driver: System32\DRIVERS\pci.sys (system)
      Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
      Plug and Play: %SystemRoot%\system32\services.exe (autostart)
      IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
      WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
      StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
      StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
      StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
      Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
      QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
      Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
      Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
      Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
      Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
      Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
      Rdbss: System32\DRIVERS\rdbss.sys (system)
      RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
      Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
      Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
      Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
      Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
      Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
      QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
      NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
      Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
      SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (system)
      SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
      SAVScan: C:\Program Files\Norton AntiVirus\SAVScan.exe (autostart)
      ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
      Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
      Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Secdrv: System32\DRIVERS\secdrv.sys (autostart)
      Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
      Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
      Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
      StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
      Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      smwdm: system32\drivers\smwdm.sys (manual start)
      Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
      Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
      Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
      System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      SRV: System32\DRIVERS\srv.sys (manual start)
      SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
      Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
      Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
      Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
      MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{07C0193B-1B7B-4E98-B055-0E1B2C364660} (manual start)
      SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
      SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
      SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
      SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
      Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
      Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
      Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
      Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
      Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
      Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
      TTP9 WDM Audio: system32\drivers\ttp9.sys (manual start)
      ttp9sens: system32\drivers\ttp9sens.sys (manual start)
      Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
      Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
      Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
      Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
      Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
      Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
      USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
      Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
      Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
      Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
      Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
      Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
      VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
      ViaIde: System32\DRIVERS\viaide.sys (system)
      VOBID: System32\DRIVERS\vobid.sys (system)
      vsdatant: System32\vsdatant.sys (system)
      TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
      Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
      Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
      Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
      WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
      Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
      Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
      WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
      Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
      Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
      Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


      --------------------------------------------------

      Enumerating Windows NT logon/logoff scripts:
      *No scripts set to run*

      Windows NT checkdisk command:
      BootExecute = autocheck autochk *

      Windows NT 'Wininit.ini':
      PendingFileRenameOperations: *Registry value not found*

      --------------------------------------------------

      Enumerating ShellServiceObjectDelayLoad items:

      PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
      CDBurn: C:\WINDOWS\system32\SHELL32.dll
      WebCheck: *Registry key not found*
      SysTray: C:\WINDOWS\System32\stobject.dll

      --------------------------------------------------
      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

      *Registry key not found*

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

      *Registry key not found*

      --------------------------------------------------

      End of report, 36.970 bytes
      Report generated in 0,125 seconds

      Command line options:
      /verbose - to add additional info on each section
      /complete - to include empty sections and unsuspicious data
      /full - to include several rarely-important sections
      /force9x - to include Win9x-only startups even if running on WinNT
      /forcent - to include WinNT-only startups even if running on Win9x
      /forceall - to include all Win9x and WinNT startups, regardless of platform
      /history - to list version history only


      Er was maar 1 met die naam van temp dus die inhoud heb ik verwijdert. Wat ik me ook nog afvraag is dat ik meerder accounts heb op deze computer administrator, ikzelf etc.. maar daar kan ik alleen tussen kiezen in veilige modus. In normale modus start hij gewoon op op mijn eigen hoofdaccount. dat ik er meer heb kan ik zien bij documents en settings, daar staan meerdere namen etc.. Aangezien ik mijn ouders binnenkort ook een map wil geven vroeg ik me dit af...
      • Citaat

      Comment

      • #4
        Hi femm,

        Klik op "Start" ->"Uitvoeren..." en type "Services.msc" (zonder aanhalingstekens) en klik "Ok".

        Zoek in de lijst een service genaamd "jatmlano". Als je deze vindt, dubbelklik hierop. In het volgende window klik je op de "Stoppen" knop, verander "Opstarttype:" naar Uitgeschakeld. Klik op "Toepassen", "Ok" en sluit alle open windows.

        Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

        Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

        Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

        Alle bestanden in C:\Documents and Settings\F.J.G. Veldkamp\Local Settings\Temp

        Herstart de computer en post een nieuwe log in deze thread.
        • Citaat

        Comment

        • #5
          Oorspronkelijk geplaatst door Bobbi Flekman

          Klik op "Start" ->"Uitvoeren..." en type "Services.msc" (zonder aanhalingstekens) en klik "Ok".

          Zoek in de lijst een service genaamd "jatmlano". Als je deze vindt, dubbelklik hierop. In het volgende window klik je op de "Stoppen" knop, verander "Opstarttype:" naar Uitgeschakeld. Klik op "Toepassen", "Ok" en sluit alle open windows.

          Start je computer in beveiligde modus. [url=http://www.virushelp.nl/veilige_modus.htm]Hoe start ik mijn computer in veilige modus?

          Zorg dat je verborgen bestanden kan zien. [url=http://users.pandora.be/marcvn/spyware/1117602.htm]Hoe toon ik verborgen bestanden?

          Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

          Alle bestanden in C:\Documents and Settings\F.J.G. Veldkamp\Local Settings\Temp

          Herstart de computer en post een nieuwe log in deze thread.
          jatmlano niet kunnen vinden in de services Dus ook niet kunnen uitschakelen.

          Ik ga zo opstarten in veilige modus. Wil je als nieuw log weer so'n uitgebreidde, of de gewone?
          • Citaat

          Comment

          • #6
            aangezien ik niet wist welke je wilde hebben.. beide logs.

            bestanden verwijdert in veilige modus.

            Logfile of HijackThis v1.99.0
            Scan saved at 14:48:04, on 24-12-2004
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Norton AntiVirus\navapsvc.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Norton AntiVirus\SAVScan.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Logitech\iTouch\iTouch.exe
            C:\Program Files\Java\jre1.5.0\bin\jusched.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
            C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\bwgo00009ea1.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\HJK\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
            O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
            O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
            O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
            O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
            O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
            O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\F.J.G. Veldkamp\NewVersion\setup-8876480.exe
            O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
            O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex/zylomgamesplayer.cab
            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab
            O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
            O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
            O16 - DPF: {F7E7FE39-7298-442F-97CE-B7A5E9AFE12D} (Info Class) - http://www0.spelpunt.nl/idtool.cab
            O18 - Protocol: bw+0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw+0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw-0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw-0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw00 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw00s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw10 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw10s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw20 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw20s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw30 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw30s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw40 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw40s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw50 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw50s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw60 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw60s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw70 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw70s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw80 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw80s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw90 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bw90s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwa0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwa0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwb0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwb0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwc0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwc0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwd0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwd0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwe0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwe0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwf0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwf0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
            O18 - Protocol: bwg0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwg0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwh0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwh0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwi0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwi0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwj0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwj0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwk0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwk0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwl0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwl0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwm0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwm0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwn0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwn0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwo0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwo0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwp0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwp0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwq0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwq0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0s - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: offline-8876480 - {9303337B-BF55-4046-87AA-84D786B14ED2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
            O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
            O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
            O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


            Het andere log zit in het volgende bericht (bericht werd te lang)
            • Citaat

            Comment

            • #7
              StartupList report, 24-12-2004, 14:48:34
              StartupList version: 1.52.2
              Started from : C:\Program Files\HJK\HijackThis.EXE
              Detected: Windows XP SP2 (WinNT 5.01.2600)
              Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              * Using default options
              * Including empty and uninteresting sections
              * Showing rarely important sections
              ==================================================

              Running processes:

              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\Norton AntiVirus\navapsvc.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Norton AntiVirus\SAVScan.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Logitech\iTouch\iTouch.exe
              C:\Program Files\Java\jre1.5.0\bin\jusched.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
              C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\bwgo00009ea1.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\Program Files\HJK\HijackThis.exe
              C:\Program Files\Messenger\msmsgs.exe

              --------------------------------------------------

              Listing of startup folders:

              Shell folders Startup:
              [C:\Documents and Settings\F.J.G. Veldkamp\Menu Start\Programma's\Opstarten]
              *No files*

              Shell folders AltStartup:
              *Folder not found*

              User shell folders Startup:
              *Folder not found*

              User shell folders AltStartup:
              *Folder not found*

              Shell folders Common Startup:
              [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
              Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
              Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

              Shell folders Common AltStartup:
              *Folder not found*

              User shell folders Common Startup:
              *Folder not found*

              User shell folders Alternate Common Startup:
              *Folder not found*

              --------------------------------------------------

              Checking Windows NT UserInit:

              [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
              UserInit = C:\WINDOWS\system32\userinit.exe,

              [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
              *Registry key not found*

              [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
              *Registry value not found*

              [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\Run

              zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
              VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
              VOBID = C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
              SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe
              QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
              PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
              Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
              nwiz = nwiz.exe /install
              NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
              NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
              IW ControlCenter = C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
              EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
              ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Run

              RssReader = C:\Program Files\RssReader\RssReader.exe
              msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\Run

              [OptionalComponents]
              *No values found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Run
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
              *Registry key not found*

              --------------------------------------------------

              File association entry for .EXE:
              HKEY_CLASSES_ROOT\exefile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .COM:
              HKEY_CLASSES_ROOT\comfile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .BAT:
              HKEY_CLASSES_ROOT\batfile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .PIF:
              HKEY_CLASSES_ROOT\piffile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .SCR:
              HKEY_CLASSES_ROOT\scrfile\shell\open\command

              (Default) = "%1" /S

              --------------------------------------------------

              File association entry for .HTA:
              HKEY_CLASSES_ROOT\htafile\shell\open\command

              (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

              --------------------------------------------------

              File association entry for .TXT:
              HKEY_CLASSES_ROOT\txtfile\shell\open\command

              (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

              --------------------------------------------------

              Enumerating Active Setup stub paths:
              HKLM\Software\Microsoft\Active Setup\Installed Components
              (* = disabled by HKCU twin)

              [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
              StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

              [>{26923b43-4d38-484f-9b9e-de460746276c}] *
              StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

              [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
              StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

              [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
              StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

              [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
              StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

              [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
              StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

              [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

              [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

              [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

              [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
              StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

              [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
              StubPath = regsvr32.exe /s /n /i:U shell32.dll

              [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
              StubPath = %SystemRoot%\system32\ie4uinit.exe

              [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
              StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

              --------------------------------------------------

              Enumerating ICQ Agent Autostart apps:
              HKCU\Software\Mirabilis\ICQ\Agent\Apps

              *Registry key not found*

              --------------------------------------------------

              Load/Run keys from C:\WINDOWS\WIN.INI:

              load=*INI section not found*
              run=*INI section not found*

              Load/Run keys from Registry:

              HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
              HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
              HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
              HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
              HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
              HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
              HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
              HKCU\..\Windows NT\CurrentVersion\Windows: load=
              HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

              --------------------------------------------------

              Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

              Shell=*INI section not found*
              SCRNSAVE.EXE=*INI section not found*
              drivers=*INI section not found*

              Shell & screensaver key from Registry:

              Shell=Explorer.exe
              SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
              drivers=*Registry value not found*

              Policies Shell key:

              HKCU\..\Policies: Shell=*Registry key not found*
              HKLM\..\Policies: Shell=*Registry value not found*

              --------------------------------------------------

              Checking for EXPLORER.EXE instances:

              C:\WINDOWS\Explorer.exe: PRESENT!

              C:\Explorer.exe: not present
              C:\WINDOWS\Explorer\Explorer.exe: not present
              C:\WINDOWS\System\Explorer.exe: not present
              C:\WINDOWS\System32\Explorer.exe: not present
              C:\WINDOWS\Command\Explorer.exe: not present
              C:\WINDOWS\Fonts\Explorer.exe: not present

              --------------------------------------------------

              Checking for superhidden extensions:

              .lnk: HIDDEN! (arrow overlay: yes)
              .pif: HIDDEN! (arrow overlay: yes)
              .exe: not hidden
              .com: not hidden
              .bat: not hidden
              .hta: not hidden
              .scr: not hidden
              .shs: HIDDEN!
              .shb: HIDDEN!
              .vbs: not hidden
              .vbe: not hidden
              .wsh: not hidden
              .scf: HIDDEN! (arrow overlay: NO!)
              .url: HIDDEN! (arrow overlay: yes)
              .js: not hidden
              .jse: not hidden

              --------------------------------------------------

              Verifying REGEDIT.EXE integrity:

              - Regedit.exe found in C:\WINDOWS
              - .reg open command is normal (regedit.exe %1)
              - Company name OK: 'Microsoft Corporation'
              - Original filename OK: 'REGEDIT.EXE'
              - File description: 'Register-editor'

              Registry check passed

              --------------------------------------------------

              Enumerating Browser Helper Objects:

              (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
              (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
              NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

              --------------------------------------------------

              Enumerating Task Scheduler jobs:

              Norton AntiVirus - Mijn computer scannen - F.J.G. Veldkamp.job
              Norton AntiVirus - Mijn computer scannen.job
              Symantec NetDetect.job

              --------------------------------------------------

              Enumerating Download Program Files:

              [CryptoRSA Control]
              InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
              CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

              [Minesweeper Flags Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
              CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

              [Office Update Installation Engine]
              InProcServer32 = C:\WINDOWS\opuc.dll
              CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

              [HouseCall Besturing]
              InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
              CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

              [Java Plug-in 1.5.0]
              InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
              CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

              [MessengerStatsClient Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
              CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

              [ActiveScan Installer Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
              CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

              [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
              CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.3683912037

              [SassCln Object]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
              CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB

              [Zylom Games Player]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
              CODEBASE = http://game14.zylomgames.com/activex/zylomgamesplayer.cab

              [Java Plug-in 1.4.2_03]
              InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
              CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

              [Java Plug-in 1.5.0]
              InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
              CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

              [Shockwave Flash Object]
              InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
              CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

              [McFreeScan Class]
              InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
              CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab

              [MSN Chat Control 4.5]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MSNChat45.ocx
              CODEBASE = http://chat.msn.com/bin/msnchat45.cab

              [Solitaire Showdown Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
              CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

              [Info Class]
              InProcServer32 = C:\WINDOWS\System32\IDTool.dll
              CODEBASE = http://www0.spelpunt.nl/idtool.cab

              --------------------------------------------------

              Enumerating Winsock LSP files:

              NameSpace #1: C:\WINDOWS\System32\mswsock.dll
              NameSpace #2: C:\WINDOWS\System32\winrnr.dll
              NameSpace #3: C:\WINDOWS\System32\mswsock.dll
              Protocol #1: C:\WINDOWS\system32\mswsock.dll
              Protocol #2: C:\WINDOWS\system32\mswsock.dll
              Protocol #3: C:\WINDOWS\system32\mswsock.dll
              Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
              Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
              Protocol #6: C:\WINDOWS\system32\mswsock.dll
              Protocol #7: C:\WINDOWS\system32\mswsock.dll
              Protocol #8: C:\WINDOWS\system32\mswsock.dll
              Protocol #9: C:\WINDOWS\system32\mswsock.dll
              Protocol #10: C:\WINDOWS\system32\mswsock.dll
              Protocol #11: C:\WINDOWS\system32\mswsock.dll
              Protocol #12: C:\WINDOWS\system32\mswsock.dll
              Protocol #13: C:\WINDOWS\system32\mswsock.dll
              Protocol #14: C:\WINDOWS\system32\mswsock.dll
              Protocol #15: C:\WINDOWS\system32\mswsock.dll
              Protocol #16: C:\WINDOWS\system32\mswsock.dll
              Protocol #17: C:\WINDOWS\system32\mswsock.dll

              --------------------------------------------------

              Enumerating Windows NT/2000/XP services

              Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
              aeaudio: system32\drivers\aeaudio.sys (manual start)
              Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
              Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
              Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
              Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
              Stuurprogramma voor AMD K7-processor: System32\DRIVERS\amdk7.sys (system)
              Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
              ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
              ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
              Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
              Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
              ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
              Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
              Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
              Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
              Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
              Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start)
              Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
              Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
              ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
              Aureon 5.1 Fun Audio Driver: system32\drivers\cmaudio.sys (manual start)
              COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
              Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              Crystal SoundFusion(tm)-stuurprogramma: system32\drivers\cwcspud.sys (manual start)
              Crystal SoundFusion(tm) WDM-stuurprogramma: system32\drivers\cwcwdm.sys (manual start)
              DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
              DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
              Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
              dmboot: System32\drivers\dmboot.sys (disabled)
              dmio: System32\drivers\dmio.sys (disabled)
              dmload: System32\drivers\dmload.sys (disabled)
              Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
              DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
              Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
              Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Event Log: %SystemRoot%\system32\services.exe (autostart)
              COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
              Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
              VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma: System32\DRIVERS\fetnd5.sys (manual start)
              Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
              FltMgr: system32\drivers\fltmgr.sys (system)
              Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
              Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
              Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
              Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
              HTTP: System32\Drivers\HTTP.sys (manual start)
              HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
              Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
              Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
              COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
              Intel(R) 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start)
              IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
              IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
              IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
              IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
              IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
              IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
              PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
              iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
              jatmlano: \??\C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\jatmlano.sys (manual start)
              Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
              Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
              Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start)
              Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Logitech Keyboard Class Filter Driver: System32\DRIVERS\LKbdFlt2.sys (manual start)
              TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
              Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start)
              Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
              Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
              NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
              Unimodem Streaming-filterapparaat: system32\drivers\MODEMCSA.sys (manual start)
              Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
              WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
              MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
              Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
              Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
              Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
              Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
              Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
              BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
              Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
              NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NAVENG.Sys (manual start)
              NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041222.016\NavEx15.Sys (manual start)
              RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
              I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
              RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
              NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
              NetBT: System32\DRIVERS\netbt.sys (system)
              Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
              Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
              Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
              Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
              Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
              nv: System32\DRIVERS\nv4_mini.sys (manual start)
              NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
              IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
              IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
              Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
              PCI Bus Driver: System32\DRIVERS\pci.sys (system)
              Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
              Plug and Play: %SystemRoot%\system32\services.exe (autostart)
              IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
              WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
              StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
              StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
              StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
              Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
              QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
              Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
              Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
              Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
              Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
              Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
              Rdbss: System32\DRIVERS\rdbss.sys (system)
              RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
              Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
              Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
              Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
              Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
              Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
              QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
              NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
              Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
              SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (system)
              SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
              SAVScan: C:\Program Files\Norton AntiVirus\SAVScan.exe (autostart)
              ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
              Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
              Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Secdrv: System32\DRIVERS\secdrv.sys (autostart)
              Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
              Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
              StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
              Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              smwdm: system32\drivers\smwdm.sys (manual start)
              Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
              Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
              Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
              System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              SRV: System32\DRIVERS\srv.sys (manual start)
              SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
              Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
              Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
              Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
              MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{07C0193B-1B7B-4E98-B055-0E1B2C364660} (manual start)
              SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
              SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
              SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
              SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
              Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
              Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
              Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
              Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
              Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
              Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              TTP9 WDM Audio: system32\drivers\ttp9.sys (manual start)
              ttp9sens: system32\drivers\ttp9sens.sys (manual start)
              Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
              Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
              Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
              Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
              Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
              Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
              USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
              Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
              Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
              Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
              Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
              Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
              VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
              ViaIde: System32\DRIVERS\viaide.sys (system)
              VOBID: System32\DRIVERS\vobid.sys (system)
              vsdatant: System32\vsdatant.sys (system)
              TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
              Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
              Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
              Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
              WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
              Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
              Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
              Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
              Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


              --------------------------------------------------

              Enumerating Windows NT logon/logoff scripts:
              *No scripts set to run*

              Windows NT checkdisk command:
              BootExecute = autocheck autochk *

              Windows NT 'Wininit.ini':
              PendingFileRenameOperations: *Registry value not found*

              --------------------------------------------------

              Enumerating ShellServiceObjectDelayLoad items:

              PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
              CDBurn: C:\WINDOWS\system32\SHELL32.dll
              WebCheck: *Registry key not found*
              SysTray: C:\WINDOWS\System32\stobject.dll

              --------------------------------------------------
              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

              *Registry key not found*

              --------------------------------------------------

              End of report, 36.987 bytes
              Report generated in 0,062 seconds

              Command line options:
              /verbose - to add additional info on each section
              /complete - to include empty sections and unsuspicious data
              /full - to include several rarely-important sections
              /force9x - to include Win9x-only startups even if running on WinNT
              /forcent - to include WinNT-only startups even if running on Win9x
              /forceall - to include all Win9x and WinNT startups, regardless of platform
              /history - to list version history only
              • Citaat

              Comment

              • #8
                Hi femm,

                Download ServiceFilter van Rand1038. Pak dit uit naar een map als c:\ServiceFilter. Dubbelklik op ServiceFilter.vbs. Dit maakt een bestand aan genaamd Post_This.txt. Kopieer en plak de inhoud van dit bestand in een volgende post.

                bestanden verwijdert in veilige modus.
                en
                C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\bwgo00009ea1.exe
                Als dat het geval is waarom zie ik het dan nog steeds in je log!
                Het bewijs dat jatmlano wel degelijk in de Services voor moet komen.
                jatmlano: \??\C:\DOCUME~1\FJG~1.VEL\LOCALS~1\Temp\jatmlano.sys (manual start)
                • Citaat

                Comment

                • #9
                  ik snap het ook niet, ik heb het wel 6 keer opnieuw bekeken en het staat er niet tussen. dat andere zal ik nu even doen..

                  zal ook nog een paar keer in services kijken..
                  • Citaat

                  Comment

                  • #10
                    Ik kan servicefilter niet draaien zonder mijn norton uit te zettne (vind het dus wat eng) had het gedownload en uitgepakt in map etc.. wil het dan via dubbelklik openen en dan geeft norton een bericht met hoog risico. Moet ik dit negeren of niet?

                    en het jatmlano zit er echt niet tussen in services. heb nog een paar keer gekeken. Ook niet als gedeelte van een andere naam.
                    Last edited by femm; 25-12-04, 10:23.
                    • Citaat

                    Comment

                    • #11
                      Hi femm,

                      Ik kan servicefilter niet draaien zonder mijn norton uit te zettne (vind het dus wat eng) had het gedownload en uitgepakt in map etc.. wil het dan via dubbelklik openen en dan geeft norton een bericht met hoog risico. Moet ik dit negeren of niet?
                      Dit kan je inderdaad negeren. Norton zegt dat omdat het een VBScript is. Tegenwoordig kunnen een heleboel rare dingen gedaan worden met een VBScript. En daarom reageert Norton.
                      • Citaat

                      Comment

                      • #12
                        Bij deze..

                        The script did not recognize the services listed below.
                        This does not mean that they are a problem.

                        To copy the entire contents of this document for posting:
                        At the top of this window click "Edit" then "Select All"
                        Next click "Edit" again then "Copy"
                        Now right click in the forum post box then click "Paste"

                        ########################################

                        ServiceFilter 1.1
                        by rand1038

                        Microsoft Windows XP Home Edition
                        Version: 5.1.2600 Service Pack 2
                        dec 25, 2004 11:34:04


                        ===> Begin Service Listing <===

                        Unknown Service #1
                        Service Name: SAVScan
                        Display Name: SAVScan
                        Start Mode: Auto
                        Start Name: LocalSystem
                        Description: Handles Norton AntiVirus Auto-Protect Archive ...
                        Service Type: Own Process
                        Path: c:\program files\norton antivirus\savscan.exe
                        State: Running
                        Process ID: 1972
                        Started: Waar
                        Exit Code: 0
                        Accept Pause: Onwaar
                        Accept Stop: Waar

                        Unknown Service #2
                        Service Name: SwPrv
                        Display Name: MS Software Shadow Copy Provider
                        Start Mode: Manual
                        Start Name: LocalSystem
                        Description: Beheert schaduwkopieën op basis van software, die door de Volume Shadow Copy-service zijn gemaakt. ...
                        Service Type: Own Process
                        Path: c:\windows\system32\dllhost.exe /processid:{07c0193b-1b7b-4e98-b055-0e1b2c364660}
                        State: Stopped
                        Process ID: 0
                        Started: Onwaar
                        Exit Code: 1077
                        Accept Pause: Onwaar
                        Accept Stop: Onwaar

                        ---> End Service Listing <---

                        There are 88 Win32 services on this machine.
                        2 were unrecognized.

                        Script Execution Time: 11,71875 seconds.
                        • Citaat

                        Comment

                        • #13
                          Hi femm,

                          Dat gaf niet het gewenste resultaat...

                          Start Kladblok, kopieer en plak de tekst in het vak in een nieuw tekstbestand. Sla dit op als export.bat op je Bureaublad.

                          Code:
                          regedit /e services.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
rename services.reg services.txt
                          Zoek services.txt op je Bureaublad en post dit als een bijlage.
                          • Citaat

                          Comment

                          • #14
                            ow help.. dat wordt lastig. Ik hoop dat het lukt..(ben niet heel handig)
                            • Citaat

                            Comment

                            • #15
                              ik kon services.txt niet vinden op het bureaublad, dus ik heb het via zoeken gedaan en toen vond ik dit. Bedoel je dit?
                              (ik heb het later wel opgeslagen op het bureaublad.
                              Last edited by femm; 26-12-04, 11:37.
                              • Citaat

                              Comment

                              Vorige 1 2 3 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X