Mededeling

Collapse
No announcement yet.

traag en advertentie popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • traag en advertentie popups

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:35:23, on 8/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG7\avgwb.dat
    C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB905474-NLD-x86.exe
    d:\531f99c709e50717f71d60ba\update\update.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Barb City.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [SafeGlue] C:\DOCUME~1\Home\APPLIC~1\TRANSI~1\Scrarmy.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204919455031
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204919860562
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 8479 bytes


    ik denk zelf dat de volgende problemen geven:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Barb City.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [SafeGlue] C:\DOCUME~1\Home\APPLIC~1\TRANSI~1\Scrarmy.exe


    verder geeft avg het volgende aan:
    trojan horse generic9.amss,downloader.swizzor en trojan hirse generic6.ryw

    graag advies.bedankt.

  • #2
    en nog een combofix logje;misschien handig

    ComboFix 08-03-07.4 - Home 2008-03-08 18:00:57.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.104 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Home\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
    .

    2008-03-08 16:35 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-03-08 16:35 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-03-08 16:35 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-03-08 16:35 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-03-08 16:35 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-03-08 16:35 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-03-08 16:35 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-03-08 16:35 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-03-08 16:35 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-03-08 16:30 . 2008-03-08 16:39 <DIR> d-------- C:\WINDOWS\system32\nl-nl
    2008-03-08 14:38 . 2008-03-08 14:38 <DIR> d-------- C:\Program Files\HD Tune
    2008-03-08 14:37 . 2008-03-08 14:37 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-03-08 14:34 . 2008-03-08 14:34 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-08 14:29 . 2004-08-04 00:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-08 14:05 . 2008-03-08 14:05 <DIR> d-------- C:\Program Files\RealVNC
    2008-03-08 13:59 . 2008-03-08 16:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2008-03-08 13:59 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-03-08 13:56 . 2008-03-08 13:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-08 13:56 . 2008-03-08 14:32 <DIR> d-------- C:\Documents and Settings\Home\Application Data\AVG7
    2008-03-08 13:55 . 2008-03-08 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-08 13:55 . 2008-03-08 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-07 20:54 . 2008-03-08 16:31 <DIR> d-------- C:\Program Files\SpywareGuard
    2008-03-07 20:53 . 2008-03-07 20:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-07 20:53 . 2008-03-07 20:53 <DIR> d-------- C:\ie-spyad
    2008-03-07 20:53 . 2008-03-07 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-07 20:51 . 2008-03-07 20:52 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-03-07 20:51 . 2008-03-07 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-07 20:51 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-03-07 20:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-03-07 20:51 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-03-07 20:51 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-02-23 20:33 . 2008-02-23 20:33 <DIR> d-------- C:\Program Files\TransIntra

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-07 19:45 --------- d-----w C:\Program Files\Microsoft AntiSpyware
    2008-03-07 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-23 19:33 --------- d-----w C:\Documents and Settings\Home\Application Data\TransIntra
    2008-02-23 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site
    2008-01-13 20:39 --------- d-----w C:\Documents and Settings\Home\Application Data\LimeWire
    2008-01-13 20:23 --------- d-----w C:\Documents and Settings\Home\Application Data\HP
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 16:20 68856]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-12-24 14:03 103712]
    "SafeGlue"="C:\DOCUME~1\Home\APPLIC~1\TRANSI~1\Scrarmy.exe" [2008-02-23 20:33 428544]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl"
    "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 13:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-10-30 13:09 249856]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2005-07-22 10:50 230600]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-04-23 23:12 176128]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-12-24 14:03 103712]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-12-31 20:55 190024]
    "memo site kind that"="C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Barb City.exe" [2008-03-08 18:00 1277952]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 13:55 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 13:56 219136]

    C:\Documents and Settings\Home\Menu Start\Programma's\Opstarten\
    SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 13:55]
    R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 14:29]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
    R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26de2f68-fae7-11d9-abee-00138f06eccd}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-08 17:00:01 C:\WINDOWS\Tasks\AF169BCF91850DA3.job"
    - c:\docume~1\home\applic~1\transi~1\Filmaboutcdrom.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-08 18:03:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-03-08 18:05:02
    .
    2008-03-08 15:59:40 --- E O F ---

    Comment


    • #3
      grappig die smiley in het logje;ben benieuwd hoe die daar gekomen is

      Comment


      • #4
        Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
        R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
        O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Barb City.exe
        O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKCU\..\Run: [SafeGlue] C:\DOCUME~1\Home\APPLIC~1\TRANSI~1\Scrarmy.exe

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Herstart even je computer.

        Download dit bestand: Deljob.exe (mirror)
        Dubbelklik Deljob.exe.
        Een logje(logit.txt) zal openen.
        Post de inhoud van logit.txt in je volgende bericht.
        Post ook een nieuw logje van HijackThis

        Groeten smeenk

        Comment


        • #5
          deljob

          --------------------------------------------------------
          Backups created in C:\deljob

          AF169BCF91850DA3.job
          --------------------------------------------------------
          Files in Windows Tasks folder

          --------------------------------------------------------
          Export App Data folders
          --------------------------------------------------------
          Het volume in station C heeft geen naam.
          Het volumenummer is E85A-D205

          Map van C:\Documents and Settings\Home\Application Data

          08/03/2008 18:21 <DIR> .
          08/03/2008 18:21 <DIR> ..
          31/12/2007 20:51 <DIR> Adobe
          12/06/2007 22:15 <DIR> AdobeUM
          08/03/2008 18:31 <DIR> AVG7
          01/02/2007 20:33 <DIR> Google
          13/01/2008 21:23 <DIR> HP
          22/07/2005 19:56 <DIR> IDENTI~1 Identities
          13/01/2008 21:39 <DIR> LimeWire
          23/07/2005 14:08 <DIR> MACROM~1 Macromedia
          08/03/2008 18:21 <DIR> MALWAR~1 Malwarebytes
          23/07/2005 13:44 <DIR> MEDIAP~1 Media Player Classic
          31/12/2007 20:57 <DIR> MICROS~1 Microsoft
          21/10/2005 14:07 <DIR> Mozilla
          22/07/2005 20:36 <DIR> Real
          26/01/2006 19:55 <DIR> Sun
          23/02/2008 20:33 <DIR> TRANSI~1 TransIntra
          0 bestand(en) 0 bytes
          17 map(pen) 6.670.503.936 bytes beschikbaar
          Het volume in station C heeft geen naam.
          Het volumenummer is E85A-D205

          Map van C:\Documents and Settings\All Users\Application Data

          08/03/2008 18:21 <DIR> .
          08/03/2008 18:21 <DIR> ..
          05/01/2007 21:04 <DIR> Adobe
          08/03/2008 14:32 <DIR> avg7
          01/02/2007 20:34 <DIR> Google
          23/02/2008 20:33 <DIR> GRIDBL~1 Grid Blue Memo Site
          08/03/2008 13:55 <DIR> Grisoft
          06/06/2007 19:00 <DIR> HEWLET~1 Hewlett-Packard
          06/06/2007 19:04 <DIR> HP
          06/06/2007 19:05 <DIR> HPSSUP~1 HPSSUPPLY
          08/03/2008 18:21 <DIR> MALWAR~1 Malwarebytes
          31/12/2007 20:59 <DIR> MESSEN~1 Messenger Plus!
          23/07/2005 13:26 <DIR> MICROS~1 Microsoft
          22/07/2005 20:36 <DIR> Real
          07/03/2008 20:55 <DIR> SPYBOT~1 Spybot - Search & Destroy
          07/03/2008 20:51 <DIR> TEMP
          08/03/2008 14:04 <DIR> WINDOW~1 Windows Genuine Advantage
          0 bestand(en) 0 bytes
          17 map(pen) 6.670.503.936 bytes beschikbaar
          --------------------------------------------------------
          All User Accounts
          --------------------------------------------------------
          All Users
          Home
          --------------------------------------------------------

          Comment


          • #6
            Hjt

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 18:44:11, on 8/03/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\RealVNC\VNC4\WinVNC4.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\WINDOWS\system32\WgaTray.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\RunDll32.exe
            C:\WINDOWS\system32\sistray.EXE
            C:\WINDOWS\system32\keyhook.exe
            C:\Program Files\SPAMfighter\SFAgent.exe
            C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
            C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
            C:\Program Files\Netropa\Onscreen Display\OSD.exe
            C:\Program Files\MessengerPlus! 3\MsgPlus.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\SpywareGuard\sgmain.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
            O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
            O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
            O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204919455031
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204919860562
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
            O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

            --
            End of file - 7759 bytes

            Comment


            • #7
              Doe dit nog:

              Open een kladblokbestand.
              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

              @ECHO OFF
              IF EXIST log.txt DEL log.txt
              ECHO Deleting folders>>log.txt
              FOR %%I in (
              "C:\Documents and Settings\Home\Application Data\TransIntra"
              "C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site"
              "C:\Program Files\Macrogaming\SweetIMBarForIE"
              "C:\Program Files\Macrogaming\SweetIM"
              "C:\Program Files\TransIntra"
              C:\deljob) DO (
              IF EXIST %%I (
              RD /S /Q %%I
              IF EXIST %%I (
              ECHO %%I not deleted>>log.txt
              ) ELSE (
              ECHO %%I deleted>>log.txt)
              ) ELSE (
              ECHO %%I not found>>log.txt))
              START NOTEPAD.EXE log.txt

              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: del.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.

              Dubbelklik op del.bat en post de inhoud van de logfile die opent.

              Comment


              • #8
                here it is

                Deleting folders
                "C:\Documents and Settings\Home\Application Data\TransIntra" deleted
                "C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site" deleted
                "C:\Program Files\Macrogaming\SweetIMBarForIE" deleted
                "C:\Program Files\Macrogaming\SweetIM" deleted
                "C:\Program Files\TransIntra" deleted
                C:\deljob deleted

                Comment


                • #9
                  Gaat goed zo

                  Je Java software is verouderd.
                  Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                  • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Post als laatste nog een nieuw logje van Hijackthis

                  Comment


                  • #10
                    hier is m

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 19:10:55, on 8/03/2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
                    C:\WINDOWS\system32\RunDll32.exe
                    C:\WINDOWS\system32\sistray.EXE
                    C:\WINDOWS\system32\keyhook.exe
                    C:\Program Files\SPAMfighter\SFAgent.exe
                    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
                    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
                    C:\Program Files\Netropa\Onscreen Display\OSD.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                    C:\Program Files\SpywareGuard\sgmain.exe
                    C:\WINDOWS\system32\wscntfy.exe
                    C:\Program Files\SpywareGuard\sgbhp.exe
                    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                    C:\WINDOWS\system32\msiexec.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
                    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
                    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
                    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204919455031
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204919860562
                    O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
                    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
                    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
                    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

                    --
                    End of file - 7771 bytes

                    Comment


                    • #11
                      Het ziet er weer prima uit

                      Comment


                      • #12
                        ok.hartelijk bedankt maar weer heel fijn.

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X