logje van juleken [Archief]

Volledige versie bekijken : logje van juleken

juleken

3 June 2006, 14:00

Logfile of HijackThis v1.99.1
Scan saved at 13:57:18, on 3/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\PROGRA~1\TELENE~2\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andries\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiEU Shared Browser Helper Object - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\system32\BhoCitEU.dll
O2 - BHO: MediaCodec.BHO - {525A7CE1-5FD4-4FC7-A333-27D3754DB57C} - C:\WINDOWS\Downloaded Program Files\MediaCodec.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Media Helper] C:\WINDOWS\system32\Microsoft\Extension\mediaconfi g.hta
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: Button Test - {20340348-8448-47f8-ae16-796747b6605c} - C:\WINDOWS\system32\Microsoft\Extension\20340348-8448-47f8-ae16-796747b6605c.htm
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: Citi Internet Numbers - {F2019543-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Numbers\CitiINum.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O15 - Trusted Zone: http://software.nocusnetworks.com
O16 - DPF: {49D2D5D8-2D5D-467C-9157-4FF9CF06DBEA} (MediaCodec.HTAHelper) - http://software.nocusnetworks.com/MediaToolbar.cab
O16 - DPF: {62FB8678-5EAD-4D27-A639-415D9F0B668F} (MediaCodec.Install) - http://software.nocusnetworks.com/mediacodec.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

jurgenv

3 June 2006, 14:21

* je moet Java updaten:

Ga naar Start > Configuratiescherm dubbelklik op het Software icoontje. Je zal een lijst te zien krijgen van de geïnstalleerde programma's op je systeem.
Zoek in de lijst naar alle voorgaande versies van Java. (J2SE Runtime Environment.... )
Het heeft volgend icoontje: http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Selecteer het en kies voor verwijderen.
Daarna, download en installeer de nieuwste versie van hier:

http://www.java.com/en/download/manual.jsp

* Download LSPFix (http://cexx.org/LSPFix.exe).
Start het programma.
Plaats een vinkje bij I know what I am doing.
Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: winsflt.dll.
(Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
Klik op Finish en start de computer opnieuw.

* open hijackthis en vink volgende regels aan:

O2 - BHO: CitiEU Shared Browser Helper Object - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\system32\BhoCitEU.dll
O4 - HKLM\..\Run: [Media Helper] C:\WINDOWS\system32\Microsoft\Extension\mediaconfi g.hta
O9 - Extra button: Button Test - {20340348-8448-47f8-ae16-796747b6605c} - C:\WINDOWS\system32\Microsoft\Extension\20340348-8448-47f8-ae16-796747b6605c.htm
O15 - Trusted Zone: http://software.nocusnetworks.com
O16 - DPF: {49D2D5D8-2D5D-467C-9157-4FF9CF06DBEA} (MediaCodec.HTAHelper) - http://software.nocusnetworks.com/MediaToolbar.cab
O16 - DPF: {62FB8678-5EAD-4D27-A639-415D9F0B668F} (MediaCodec.Install) - http://software.nocusnetworks.com/mediacodec.cab

* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Download en unzip Killbox (http://www.downloads.subratam.org/KillBox.exe) naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie "Delete on reboot".
In het veld "Full Path of File to Delete" kopieer en plak je het volgende:

C:\WINDOWS\system32\BhoCitEU.dll

Klik op de knop: single file (!Belangrijk!)

Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je pc moet nu rebooten.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* post nu een nieuw hijackthis logje

juleken

3 June 2006, 15:01

Logfile of HijackThis v1.99.1
Scan saved at 15:07:07, on 3/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TELENE~2\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Andries\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {525A7CE1-5FD4-4FC7-A333-27D3754DB57C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {60722DEA-A88C-46DF-B69A-BF5088C33B30} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: Citi Internet Numbers - {F2019543-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Numbers\CitiINum.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.nocusnetworks.com
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

jurgenv

3 June 2006, 15:12

* open hijackthis en vink volgende regels aan:

O2 - BHO: (no name) - {525A7CE1-5FD4-4FC7-A333-27D3754DB57C} - (no file)
O3 - Toolbar: (no name) - {60722DEA-A88C-46DF-B69A-BF5088C33B30} - (no file)
O15 - Trusted Zone: http://software.nocusnetworks.com

* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* post dan een nieuw hijackthis logje hier

juleken

3 June 2006, 15:21

ogfile of HijackThis v1.99.1
Scan saved at 15:21:52, on 3/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TELENE~2\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\DVD Ghost\DVDGhost.EXE
C:\Documents and Settings\Andries\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: Citi Internet Numbers - {F2019543-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Numbers\CitiINum.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~2\backweb\3638286\Program\SERVI C~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

jurgenv

3 June 2006, 15:25

Ziet er goed uit, hoe werkt alles verder? :)

juleken

3 June 2006, 15:32

alles ziet er goed uit nu .ik hoop dat het zo blijft.hartelijk dank en zal blijven reclame maken voor jullie.

jurgenv

3 June 2006, 15:33

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://http://www.safer-networking.org/en/index.html)

Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://www.bitdefender.com/scan/licence.php). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv

Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)