Vraag & Antwoord

Beveiliging & privacy

TR/Agent.aoy.1

4 antwoorden
  • Hoi, Ik heb steeds last van TR/Agent.aoy.1 Dit probleem stelt zich sinds ik aan de hand van een topic op dit forum het 'Vundo-probleem' heb opgelost gekregen. Blijkbaar kent 'het internet' de agent waar ik last van heb niet. Hebben jullie een oplossing voor het probleem? Wat willen jullie hebben aan gegevens? (hieronder staan er al enkele) [b:6423acaac8]Antivir[/b:6423acaac8] geeft aan: C:\WINDOWS\system32\uavvsdlq.exe Is the Trojan horse TR/Agent.aoy.1 [b:6423acaac8]HijackThis-log:[/b:6423acaac8] Logfile of HijackThis v1.99.1 Scan saved at 0:31:53, on 22/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\uavvsdlq.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\CoreFTP\coreftp.exe C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\88UP0MRC\cureit[1].exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RarSFX0\_start.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RarSFX0\cureit.exe C:\koko\ht\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gudie.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145094331406 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bw+0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • Download [url=http://users.telenet.be/marcvn/tools/reglooks.exe]reglooks.exe[/url] Plaats het op je bureaublad. Dubbelklik op reglooks.exe. Doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.
  • REGLOOKS logfile version 0.971 za 23/06/2007 20:38:20,84 running from: "C:\PROGRA~1\MOZILL~2" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify only standard or legit regkeys found --- RUN / LOAD regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *\0\0 --- PENDINGFILERENAMEOPERATIONS regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Pendingfilerenameoperations= \??\C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_467c62bb\UPDENGVDFTEST\0\0\0 --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" --- AUTORUN regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor "AutoRun"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PCMCIA Resource Monitor"="nvp2pmon.exe" "AGRSMMSG"="AGRSMMSG.exe" "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZiAcer.EXE" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "SoundMan"="SOUNDMAN.EXE" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "SSBkgdUpdate"="C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "RegistryMechanic"="" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices regkey does not exist --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "ISPMonitor"="C:\\Program Files\\ISP Monitor\\isp.exe" "SIDEBAR"="\"C:\\Program Files\\Desktop Sidebar\\dsidebar.exe\"" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\"" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe" "MMAgent"="C:\\Program Files\\Mobile Master\\MMAgent.exe" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "FFTI"="C:\\Documents and Settings\\koko\\Application Data\\Mozilla\\Firefox\\Profiles\\3qtnbykf.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\koko\\Application Data\\Mozilla\\Firefox\\Profiles/3qtnbykf.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\"" --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices regkey does not exist --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKU\.DEFAULT\Run regkeys --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-18\Run regkeys --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-19\Run regkeys --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-20\Run regkeys --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{00C6482D-C502-44C8-8409-FCE54AD9C208}" FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItBHO.dll" "{45AD732C-2CE2-4666-B366-B2214AD57A49}" FILE ="C:\\Program Files\\Desktop Sidebar\\sbhelp.dll" "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll" "{7E853D72-626A-48EC-A868-BA8D5E23E045}" regkey not found (ERROR) "{9030D464-4C02-4ABF-8ECC-5164760863C6}" FILE ="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{95188727-288F-4581-A48D-EAB3BD027314}" FILE ="C:\\PROGRA~1\\Zend\\ZENDST~1.0\\bin\\ZENDIE~1.DLL" "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItIEAddin.dll" --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks only standard regkeys found --- SRCEENSAVER regkey --- HKEY_CURRENT_USER\Control Panel\Desktop "SCRNSAVE.EXE"="C:\\WINDOWS\\UD.SCR" --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Program Files\\7-Zip\\7-zip.dll" "EngInSiteRemoteAgent" CLSID ={90F5DB19-D9FC-4260-835F-60EDF278AE4E} FILE ="C:\\PROGRA~1\\LUCKAS~1\\ENGINS~1\\contmenu.dll" "MyPhoneExplorer" CLSID ={2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} FILE ="C:\\Program Files\\MyPhoneExplorer\\DLL\\ShellMgr.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll" "SnagItMainShellExt" CLSID ={CF74B903-3389-469c-B3B6-0204D204FCBD} FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItShellExt.dll" "tosBtShllExt" CLSID ={6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} FILE ="C:\\WINDOWS\\system32\\TosBtShell.dll" "Washer" CLSID ={6EE51AA0-77A0-11D7-B4E1-000347126E46} FILE ="C:\\PROGRA~1\\COMMON~1\\WEBROO~1\\SHELLW~1.DLL" "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Program Files\\7-Zip\\7-zip.dll" "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "SnagItMainShellExt" CLSID ={CF74B903-3389-469c-B3B6-0204D204FCBD} FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItShellExt.dll" "tosBtShllExt" CLSID ={6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} FILE ="C:\\WINDOWS\\system32\\TosBtShell.dll" "Washer" CLSID ={6EE51AA0-77A0-11D7-B4E1-000347126E46} FILE ="C:\\PROGRA~1\\COMMON~1\\WEBROO~1\\SHELLW~1.DLL" "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "EngInSiteRemoteAgent" CLSID ={90F5DB19-D9FC-4260-835F-60EDF278AE4E} FILE ="C:\\PROGRA~1\\LUCKAS~1\\ENGINS~1\\contmenu.dll" "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll" "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network nm nm.sys --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adobe LM Service "DisplayName"="Adobe LM Service" "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALCXSENS "DisplayName"="Service for WDM 3D Audio Driver" system32\drivers\ALCXSENS.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALCXWDM "DisplayName"="Service for Realtek AC97 Audio (WDM)" system32\drivers\ALCXWDM.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler "DisplayName"="AntiVir PersonalEdition Classic Scheduler" C:\Program Files\AntiVir PersonalEdition Classic\sched.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService "DisplayName"="AntiVir PersonalEdition Classic Guard" C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntdd "DisplayName"="avgntdd" SYSTEM32\DRIVERS\avgntdd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntmgr "DisplayName"="avgntmgr" SYSTEM32\drivers\avgntmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b57w2k "DisplayName"="Broadcom NetXtreme Gigabit Ethernet" System32\DRIVERS\b57xp32.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT "DisplayName"="Poortstuurprogramma voor Bluetooth" System32\Drivers\BTHport.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BthServ "DisplayName"="Bluetooth Support Service" %SystemRoot%\system32\svchost.exe -k bthsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHUSB "DisplayName"="USB-stuurprogramma voor Bluetooth-radio's" System32\Drivers\BTHUSB.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWUSB "DisplayName"="WIDCOMM USB Bluetooth Driver" System32\Drivers\btwusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CCDECODE "DisplayName"="Closed Caption-decoder" system32\DRIVERS\CCDECODE.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DKbFltr "DisplayName"="Dritek HotKey Keyboard Filter Driver" System32\Drivers\DKbFltr.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb "DisplayName"="Microsoft HID Class-stuurprogramma" System32\DRIVERS\hidusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT "DisplayName"="InstallDriver Table Manager" "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iPod Service "DisplayName"="iPod-service" "C:\Program Files\iPod\bin\iPodService.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISPMonitorSrv "DisplayName"="ISP Monitor" C:\Program Files\ISP Monitor\ISPMonitorSrv.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid "DisplayName"="Stuurprogramma voor toetsenbord-HID" System32\DRIVERS\kbdhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidKe "DisplayName"="Logitech SetPoint HID Mouse Filter Driver" system32\DRIVERS\LHidKE.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidUsbK "DisplayName"="Logitech SetPoint USB Receiver device driver" System32\Drivers\LHidUsbK.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMouKE "DisplayName"="Logitech SetPoint Mouse Filter Driver" system32\DRIVERS\LMouKE.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Office Groove Audit Service "DisplayName"="Microsoft Office Groove Audit Service" "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid "DisplayName"="Stuurprogramma voor muis-HID" System32\DRIVERS\mouhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIRCOMM "DisplayName"="Microsoft IR Communications Driver" system32\DRIVERS\MSIRCOMM.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE "DisplayName"="Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma" system32\drivers\MSTEE.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NABTSFEC "DisplayName"="NABTS/FEC VBI Codec" system32\DRIVERS\NABTSFEC.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NBService "DisplayName"="NBService" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm "DisplayName"="Stuurprogramma voor Netwerkcontrole" system32\DRIVERS\NMnt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2 "DisplayName"="NPPTNT2" \??\C:\WINDOWS\system32\npptNT2.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSNDIS5 "DisplayName"="NSNDIS5 NDIS Protocol Driver" \??\C:\WINDOWS\system32\NSNDIS5.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odserv "DisplayName"="Microsoft Office Diagnostics Service" "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PASCO "DisplayName"="PASCO PASPORT USB Driver (PSSensor.sys)" System32\Drivers\PSSensor.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PenClass "DisplayName"="Pen Class" system32\Drivers\PenClass.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTMODEM "DisplayName"="Microsoft Legacy Modem Driver" System32\Drivers\RootMdm.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort %SystemRoot%\system32\drivers\scsiport.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ser2pl "DisplayName"="ATEN USB to Serial port driver" system32\DRIVERS\ser2pl.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serenum "DisplayName"="Serenum Filter Driver" system32\DRIVERS\serenum.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfdrv01 "DisplayName"="StarForce Protection Environment Driver (version 1.x)" System32\drivers\sfdrv01.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfhlp02 "DisplayName"="StarForce Protection Helper Driver (version 2.x)" System32\drivers\sfhlp02.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfvfs02 "DisplayName"="StarForce Protection VFS Driver (version 2.x)" System32\drivers\sfvfs02.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLIP "DisplayName"="BDA Slip De-Framer" system32\DRIVERS\SLIP.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SoC PC-Camera Service "DisplayName"="Microcular" system32\DRIVERS\pfc027.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd System32\Drivers\sptd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StarWindService "DisplayName"="StarWind iSCSI Service" C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\streamip "DisplayName"="BDA IPSink" system32\DRIVERS\StreamIP.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletService "DisplayName"="TabletService" C:\WINDOWS\system32\Tablet.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\toshidpt "DisplayName"="TOSHIBA Bluetooth HID port driver" system32\drivers\Toshidpt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tosporte "DisplayName"="Bluetooth Port Driver from Toshiba" system32\DRIVERS\tosporte.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfbd "DisplayName"="Bluetooth RFBUS from TOSHIBA" System32\Drivers\tosrfbd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfbnp "DisplayName"="Bluetooth RFBNEP from TOSHIBA" System32\Drivers\tosrfbnp.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfcom "DisplayName"="Bluetooth RFCOMM from TOSHIBA" System32\Drivers\tosrfcom.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfhid "DisplayName"="Bluetooth RFHID from TOSHIBA" system32\DRIVERS\Tosrfhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tosrfnds "DisplayName"="Bluetooth Personal Area Network from TOSHIBA" system32\DRIVERS\tosrfnds.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosRfSnd "DisplayName"="Bluetooth Audio Device (WDM) from TOSHIBA" system32\drivers\TosRfSnd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfusb "DisplayName"="Bluetooth USB Controller" System32\Drivers\tosrfusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USB no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci "DisplayName"="Microsoft USB Open Host Controller Miniport Driver" System32\DRIVERS\usbohci.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan "DisplayName"="Stuurprogramma voor USB-scanner" system32\DRIVERS\usbscan.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnjsvc "DisplayName"="Messenger Sharing Folders USN Journal Reader service" "C:\Program Files\MSN Messenger\usnsvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usprserv "DisplayName"="User Privilege Service" %SystemRoot%\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSTCODEC "DisplayName"="World Standard Teletext-codec" system32\DRIVERS\WSTCODEC.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wwSecSvc "DisplayName"="Washer AutoComplete" C:\WINDOWS\system32\wwSecure.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{229B3C6D-D906-4706-AFB6-EF7F180E6C20} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{41AC0174-4C5E-4328-9274-B72CF58202C3} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55B9E1D5-D4AA-436A-9D04-8C40FFFA1CD3} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{579D4E82-7FB9-4A7F-8781-721B7F17BE7B} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B5BBDC89-3118-4DCF-9311-E07E9CA978C1} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService: DnsCache\0\0 netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0\0 rpcss: RpcSs\0\0 imgsvc: StiSvc\0\0 termsvcs: TermService\0\0 HTTPFilter: HTTPFilter\0\0 DcomLaunch: DcomLaunch\0TermService\0\0 WudfServiceGroup: WUDFSvc\0\0 bthsvcs: BthServ\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- STARTUP FOLDERS --- C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\desktop.ini C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\Dragon NaturallySpeaking.lnk.disabled C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0.lnk.disabled C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\OpenOffice.org 2.1.lnk C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\World Community Grid Agent.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BOINC Manager.lnk.disabled C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PASPortal.lnk.disabled C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SnagIt 8.lnk.disabled C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk --- TASK SCHEDULER JOBS --- C:\WINDOWS\tasks\AppleSoftwareUpdate.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED
  • Herstart de computer. Maak een nieuwe hijackthislog en een nieuwe log met reglooks. Post beide logjes.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.