Archief - HJT logje

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

brc

Legacy Member
Kan je dit even checken, er staan toch een paar rare dingen tussen vind ik en het systeem zelf is aan de (erg) trage kant ook)

thx

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:51:57, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\TELENE~1\ANTI-S~1\fsaw.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martine\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06NXLRD_2547171] "C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104758575765
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9790 bytes

Jurgenv1

Legacy Member
Kijk eens bij de sticky's onder forumregels, download daar de nieuwste versie van hijackthis en post daarvan een logje hier.

brc

Legacy Member
ok blijkbaar is dat dus niet de laatste

hier een nieuwe log

heb al gescand met panda online scan en kreeg daar +900 spyware en een 3-tal virussen-rootkits als resultaat (panda kan deze niet verwijderen => free scan)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:49, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\PROGRA~1\TELENE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06NXLRD_2547171] "C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104758575765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9580 bytes

Jurgenv1

Legacy Member
* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
  • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  • Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
  • Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  • Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  • Klik daarna de groene pijl rechts om de scan te starten.
  • Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  • Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd:
    check.gif
  • Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
    move.gif

    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  • Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
  • Sluit daarna Dr.Web Cureit.
  • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  • Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

brc

Legacy Member
DrWeb logje
A0071651.#cr C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071652.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Funweb Verplaatst.
A0071653.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071654.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071655.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071656.#CR C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071657.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071658.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071660.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071661.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071662.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071663.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0071664.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP434 Adware.Msearch Verplaatst.
A0072022.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP436 Adware.Msearch Verplaatst.
A0072023.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP436 Adware.Websearch Verplaatst.
A0072024.#XE C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP436 Adware.Msearch Verplaatst.
A0072025.#LL C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP436 Adware.Msearch Verplaatst.
A0072028.#ll C:\System Volume Information\_restore{C14B16D9-A307-48B0-B1DF-BEA5629DB5BD}\RP436 Adware.Websearch Verplaatst.

Jurgenv1

Legacy Member
Kan ik een nieuw hijackthis logje zien? Hoe werkt alles verder?

brc

Legacy Member
toch nog aan de (erg) trage kant, heb wel de indruk dat het al verbeterd is.

heb je soms ervaring met dat "telenet security pack" ? is dat betrouwbaar ? want ik vind wel dat dat toch redelijk veel resources opslokt...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:02, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\PROGRA~1\TELENE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06NXLRD_2547171] "C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104758575765
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7839 bytes

Jurgenv1

Legacy Member
heb je soms ervaring met dat "telenet security pack" ? is dat betrouwbaar ? want ik vind wel dat dat toch redelijk veel resources opslokt...
.
Je beantwoord je eigen vraag...

brc

Legacy Member
ok maar is dan ook mijn pc niet, is dat telenet pack betrouwbaar of ben je beter met gewoon een goeie viruscanner en verantwoord internetgebruik ?

en hoe ziet het laatste logje eruit ?

Jurgenv1

Legacy Member
Logje ziet er goed uit, deïnstalleer anders die security pack en neem AVG ofzo en idd gezond verstand. :)
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan