Vraag & Antwoord

Beveiliging & privacy

TR/Agent.aoy.1

Anoniem
kokohuyb
4 antwoorden
  • Hoi,

    Ik heb steeds last van TR/Agent.aoy.1

    Dit probleem stelt zich sinds ik aan de hand van een topic op dit forum het 'Vundo-probleem' heb opgelost gekregen. Blijkbaar kent 'het internet' de agent waar ik last van heb niet. Hebben jullie een oplossing voor het probleem? Wat willen jullie hebben aan gegevens? (hieronder staan er al enkele)

    [b:6423acaac8]Antivir[/b:6423acaac8] geeft aan:

    C:\WINDOWS\system32\uavvsdlq.exe
    Is the Trojan horse TR/Agent.aoy.1


    [b:6423acaac8]HijackThis-log:[/b:6423acaac8]

    Logfile of HijackThis v1.99.1
    Scan saved at 0:31:53, on 22/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\uavvsdlq.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
    C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
    C:\Program Files\UltraVNC\winvnc.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wacom\TabUserW.exe
    C:\Program Files\CoreFTP\coreftp.exe
    C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\88UP0MRC\cureit[1].exe
    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RarSFX0\_start.exe
    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RarSFX0\cureit.exe
    C:\koko\ht\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gudie.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145094331406
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bw+0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {5F2E307D-8C50-4255-ABB7-FA0620609ACD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
    O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
    Anoniem
    Anoniem
  • Download reglooks.exe
    Plaats het op je bureaublad.
    Dubbelklik op reglooks.exe. Doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.
    Anoniem
    Anoniem
  • REGLOOKS logfile

    version 0.971
    za 23/06/2007 20:38:20,84
    running from: "C:\PROGRA~1\MOZILL~2"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    only standard or legit regkeys found


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    only standard or legit regkeys found


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — PENDINGFILERENAMEOPERATIONS regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    Pendingfilerenameoperations= \??\C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_467c62bb\UPDENGVDFTEST\0\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "PCMCIA Resource Monitor"="nvp2pmon.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZiAcer.EXE"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "SoundMan"="SOUNDMAN.EXE"
    "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "SSBkgdUpdate"="C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "RegistryMechanic"=""


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "ISPMonitor"="C:\\Program Files\\ISP Monitor\\isp.exe"
    "SIDEBAR"="\"C:\\Program Files\\Desktop Sidebar\\dsidebar.exe\""
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
    "Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
    "MMAgent"="C:\\Program Files\\Mobile Master\\MMAgent.exe"


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    "FFTI"="C:\\Documents and Settings\\koko\\Application Data\\Mozilla\\Firefox\\Profiles\\3qtnbykf.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\koko\\Application Data\\Mozilla\\Firefox\\Profiles/3qtnbykf.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\""


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    regkey does not exist


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKU\.DEFAULT\Run regkeys —

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-18\Run regkeys —

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-19\Run regkeys —

    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-20\Run regkeys —

    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{00C6482D-C502-44C8-8409-FCE54AD9C208}" FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItBHO.dll"
    "{45AD732C-2CE2-4666-B366-B2214AD57A49}" FILE ="C:\\Program Files\\Desktop Sidebar\\sbhelp.dll"
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL"
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll"
    "{7E853D72-626A-48EC-A868-BA8D5E23E045}" regkey not found (ERROR)
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}" FILE ="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    "{95188727-288F-4581-A48D-EAB3BD027314}" FILE ="C:\\PROGRA~1\\Zend\\ZENDST~1.0\\bin\\ZENDIE~1.DLL"
    "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItIEAddin.dll"


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    only standard regkeys found


    — SRCEENSAVER regkey —

    HKEY_CURRENT_USER\Control Panel\Desktop
    "SCRNSAVE.EXE"="C:\\WINDOWS\\UD.SCR"


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Program Files\\7-Zip\\7-zip.dll"
    "EngInSiteRemoteAgent" CLSID ={90F5DB19-D9FC-4260-835F-60EDF278AE4E} FILE ="C:\\PROGRA~1\\LUCKAS~1\\ENGINS~1\\contmenu.dll"
    "MyPhoneExplorer" CLSID ={2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} FILE ="C:\\Program Files\\MyPhoneExplorer\\DLL\\ShellMgr.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll"
    "SnagItMainShellExt" CLSID ={CF74B903-3389-469c-B3B6-0204D204FCBD} FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItShellExt.dll"
    "tosBtShllExt" CLSID ={6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} FILE ="C:\\WINDOWS\\system32\\TosBtShell.dll"
    "Washer" CLSID ={6EE51AA0-77A0-11D7-B4E1-000347126E46} FILE ="C:\\PROGRA~1\\COMMON~1\\WEBROO~1\\SHELLW~1.DLL"
    "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Program Files\\7-Zip\\7-zip.dll"
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "SnagItMainShellExt" CLSID ={CF74B903-3389-469c-B3B6-0204D204FCBD} FILE ="C:\\Program Files\\TechSmith\\SnagIt 8\\SnagItShellExt.dll"
    "tosBtShllExt" CLSID ={6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} FILE ="C:\\WINDOWS\\system32\\TosBtShell.dll"
    "Washer" CLSID ={6EE51AA0-77A0-11D7-B4E1-000347126E46} FILE ="C:\\PROGRA~1\\COMMON~1\\WEBROO~1\\SHELLW~1.DLL"
    "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "EngInSiteRemoteAgent" CLSID ={90F5DB19-D9FC-4260-835F-60EDF278AE4E} FILE ="C:\\PROGRA~1\\LUCKAS~1\\ENGINS~1\\contmenu.dll"
    "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll"
    "XXX Groove GFS Context Menu Handler XXX" CLSID ={6C467336-8281-4E60-8204-430CED96822D} FILE ="C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL"


    — ALTERNATESHELL regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    "AlternateShell"="cmd.exe"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    no unknown services found


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    nm
    nm.sys


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adobe LM Service
    "DisplayName"="Adobe LM Service"
    "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALCXSENS
    "DisplayName"="Service for WDM 3D Audio Driver"
    system32\drivers\ALCXSENS.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALCXWDM
    "DisplayName"="Service for Realtek AC97 Audio (WDM)"
    system32\drivers\ALCXWDM.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler
    "DisplayName"="AntiVir PersonalEdition Classic Scheduler"
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService
    "DisplayName"="AntiVir PersonalEdition Classic Guard"
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntdd
    "DisplayName"="avgntdd"
    SYSTEM32\DRIVERS\avgntdd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntmgr
    "DisplayName"="avgntmgr"
    SYSTEM32\drivers\avgntmgr.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b57w2k
    "DisplayName"="Broadcom NetXtreme Gigabit Ethernet"
    System32\DRIVERS\b57xp32.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT
    "DisplayName"="Poortstuurprogramma voor Bluetooth"
    System32\Drivers\BTHport.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BthServ
    "DisplayName"="Bluetooth Support Service"
    %SystemRoot%\system32\svchost.exe -k bthsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHUSB
    "DisplayName"="USB-stuurprogramma voor Bluetooth-radio's"
    System32\Drivers\BTHUSB.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWUSB
    "DisplayName"="WIDCOMM USB Bluetooth Driver"
    System32\Drivers\btwusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CCDECODE
    "DisplayName"="Closed Caption-decoder"
    system32\DRIVERS\CCDECODE.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DKbFltr
    "DisplayName"="Dritek HotKey Keyboard Filter Driver"
    System32\Drivers\DKbFltr.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    "DisplayName"="Microsoft HID Class-stuurprogramma"
    System32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT
    "DisplayName"="InstallDriver Table Manager"
    "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iPod Service
    "DisplayName"="iPod-service"
    "C:\Program Files\iPod\bin\iPodService.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISPMonitorSrv
    "DisplayName"="ISP Monitor"
    C:\Program Files\ISP Monitor\ISPMonitorSrv.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid
    "DisplayName"="Stuurprogramma voor toetsenbord-HID"
    System32\DRIVERS\kbdhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidKe
    "DisplayName"="Logitech SetPoint HID Mouse Filter Driver"
    system32\DRIVERS\LHidKE.Sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidUsbK
    "DisplayName"="Logitech SetPoint USB Receiver device driver"
    System32\Drivers\LHidUsbK.Sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMouKE
    "DisplayName"="Logitech SetPoint Mouse Filter Driver"
    system32\DRIVERS\LMouKE.Sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Office Groove Audit Service
    "DisplayName"="Microsoft Office Groove Audit Service"
    "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Stuurprogramma voor muis-HID"
    System32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIRCOMM
    "DisplayName"="Microsoft IR Communications Driver"
    system32\DRIVERS\MSIRCOMM.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE
    "DisplayName"="Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma"
    system32\drivers\MSTEE.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NABTSFEC
    "DisplayName"="NABTS/FEC VBI Codec"
    system32\DRIVERS\NABTSFEC.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NBService
    "DisplayName"="NBService"
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm
    "DisplayName"="Stuurprogramma voor Netwerkcontrole"
    system32\DRIVERS\NMnt.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2
    "DisplayName"="NPPTNT2"
    \??\C:\WINDOWS\system32\npptNT2.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSNDIS5
    "DisplayName"="NSNDIS5 NDIS Protocol Driver"
    \??\C:\WINDOWS\system32\NSNDIS5.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odserv
    "DisplayName"="Microsoft Office Diagnostics Service"
    "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PASCO
    "DisplayName"="PASCO PASPORT USB Driver (PSSensor.sys)"
    System32\Drivers\PSSensor.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PenClass
    "DisplayName"="Pen Class"
    system32\Drivers\PenClass.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTMODEM
    "DisplayName"="Microsoft Legacy Modem Driver"
    System32\Drivers\RootMdm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort
    %SystemRoot%\system32\drivers\scsiport.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ser2pl
    "DisplayName"="ATEN USB to Serial port driver"
    system32\DRIVERS\ser2pl.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serenum
    "DisplayName"="Serenum Filter Driver"
    system32\DRIVERS\serenum.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfdrv01
    "DisplayName"="StarForce Protection Environment Driver (version 1.x)"
    System32\drivers\sfdrv01.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfhlp02
    "DisplayName"="StarForce Protection Helper Driver (version 2.x)"
    System32\drivers\sfhlp02.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfvfs02
    "DisplayName"="StarForce Protection VFS Driver (version 2.x)"
    System32\drivers\sfvfs02.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLIP
    "DisplayName"="BDA Slip De-Framer"
    system32\DRIVERS\SLIP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SoC PC-Camera Service
    "DisplayName"="Microcular"
    system32\DRIVERS\pfc027.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd
    System32\Drivers\sptd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StarWindService
    "DisplayName"="StarWind iSCSI Service"
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\streamip
    "DisplayName"="BDA IPSink"
    system32\DRIVERS\StreamIP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletService
    "DisplayName"="TabletService"
    C:\WINDOWS\system32\Tablet.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\toshidpt
    "DisplayName"="TOSHIBA Bluetooth HID port driver"
    system32\drivers\Toshidpt.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tosporte
    "DisplayName"="Bluetooth Port Driver from Toshiba"
    system32\DRIVERS\tosporte.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfbd
    "DisplayName"="Bluetooth RFBUS from TOSHIBA"
    System32\Drivers\tosrfbd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfbnp
    "DisplayName"="Bluetooth RFBNEP from TOSHIBA"
    System32\Drivers\tosrfbnp.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfcom
    "DisplayName"="Bluetooth RFCOMM from TOSHIBA"
    System32\Drivers\tosrfcom.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfhid
    "DisplayName"="Bluetooth RFHID from TOSHIBA"
    system32\DRIVERS\Tosrfhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tosrfnds
    "DisplayName"="Bluetooth Personal Area Network from TOSHIBA"
    system32\DRIVERS\tosrfnds.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosRfSnd
    "DisplayName"="Bluetooth Audio Device (WDM) from TOSHIBA"
    system32\drivers\TosRfSnd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tosrfusb
    "DisplayName"="Bluetooth USB Controller"
    System32\Drivers\tosrfusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USB
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci
    "DisplayName"="Microsoft USB Open Host Controller Miniport Driver"
    System32\DRIVERS\usbohci.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    "DisplayName"="Stuurprogramma voor USB-scanner"
    system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnjsvc
    "DisplayName"="Messenger Sharing Folders USN Journal Reader service"
    "C:\Program Files\MSN Messenger\usnsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usprserv
    "DisplayName"="User Privilege Service"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSTCODEC
    "DisplayName"="World Standard Teletext-codec"
    system32\DRIVERS\WSTCODEC.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wwSecSvc
    "DisplayName"="Washer AutoComplete"
    C:\WINDOWS\system32\wwSecure.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{229B3C6D-D906-4706-AFB6-EF7F180E6C20}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{41AC0174-4C5E-4328-9274-B72CF58202C3}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55B9E1D5-D4AA-436A-9D04-8C40FFFA1CD3}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{579D4E82-7FB9-4A7F-8781-721B7F17BE7B}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B5BBDC89-3118-4DCF-9311-E07E9CA978C1}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    HTTPFilter: HTTPFilter\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    WudfServiceGroup: WUDFSvc\0\0
    bthsvcs: BthServ\0\0


    — WOW-CMDLINE regkeys —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
    "cmdline" = %SystemRoot%\system32\ntvdm.exe
    "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


    — STARTUP FOLDERS —

    C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\Dragon NaturallySpeaking.lnk.disabled
    C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0.lnk.disabled
    C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\OpenOffice.org 2.1.lnk
    C:\Documents and Settings\koko\Menu Start\Programma's\Opstarten\World Community Grid Agent.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BOINC Manager.lnk.disabled
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PASPortal.lnk.disabled
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SnagIt 8.lnk.disabled
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk


    — TASK SCHEDULER JOBS —

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1";)
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED
    Anoniem
    Anoniem
  • Herstart de computer.
    Maak een nieuwe hijackthislog en een nieuwe log met reglooks.
    Post beide logjes.
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!