Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

probleempjes met IE

Anoniem
juisterr
7 antwoorden
  • hallo,

    sinds een aantal weken heb ik een paar problemen met bepaalde internetsites. als ik bijvoorbeeld bij gmail inlog, pakt hij het inloggen wel, maar krijg ik nooit het scherm van me inbox te zien. hij blijft telkens naar een andere pagina zoeken lijkt het. het laadbalkje onder me internetscherm begint steeds opnieuw. bij Hotmail heb ik een zelfde soort probleem. ook op marktplaats heb ik een probleem. ik kan wel de site openen en subrubrieken etc, maar open ik een advertentie, dan geeft hij aan dat de pagina niet gevonden kan worden. aan me internet kan het niet liggen omdat beneden op de pc wel alles het doet. kan iemand me helpen?
    met vriendelijke groet stefan



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:47:11, on 1-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Documents and Settings\user\Mijn documenten\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - C:\WINDOWS\system32
    sz6.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.caresys.nl/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase8300.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D5DC47DE-8CC9-497E-B252-55DB9CF7F60F}: NameServer = 192.168.200.1,192.168.200.2
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 8046 bytes



  • bitcomet.exe known as Tibick Worm bitcomet, has the following information and may help up understand this process better.

    bitcomet.exe - Here is the scoop on Tibick Worm as it pertains to computer network security. The big question: what is bitcomet.exe and is it spyware, a trojan and if so, how do I get rid of Tibick Worm?
    bitcomet.exe (Tibick Worm) - Details

    Finding a program by the name of bitcomet.exe running on your computer means that your computer may be infected with a worm that goes by the name of tibick.

    bron http://www.auditmypc.com/process/bitcomet.asp
  • @stee0036: http://www.liutilities.com/products/wintaskspro/processlibrary/bitcomet/
    Hier zie je dat dit geen spyware is :wink:

    Download Combofix naar je [b:1290f18c8d]bureaublad[/b:1290f18c8d]

    Dubbelklik op [u:1290f18c8d]combofix.exe[/u:1290f18c8d]
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, [b:1290f18c8d]NIET[/b:1290f18c8d] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:1290f18c8d]combofix.txt[/b:1290f18c8d] openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Post nu het logje van Combofix.txt tesamen met een nieuw Hijackthis logje in je volgende bericht.

    Succes 8)

    Pim
  • ah dat van bitcomet wist ik niet. Bedankt.

    Mijn oplossingen liggen op een ander front: Ik heb dit vaker gepost en is beetje mijn stokpaardje.. Als Windows langzaam wordt ga ik niet uren zoeken naar spyware, virussen of registerfouten maar formatteer ik de zaak opnieuw. Ik heb ook ghost images van Windows, die zet ik ook wel eens terug. Op mijn snelle pc is windows erop zetten een half uur. Als je vaker windows installeerd wordt je er ook handiger in.
    Ik heb meerdere schijven en mijn data blijft onaagetast als Windows een duw geef.
  • Zoiets kan je doen, maar is wel heel overkill. Probeer het logje van Combofix eens.

    Trouwens, plotselinge traagheid kan ook komen door een kapotte harde schijf, maar laten we eerst spyware uitsluiten.
  • ik heb het allemaal uitgevoerd en heb de volgende logjes

    ComboFix 07-08-04.3 - "user" 2007-08-07 14:44:01.1 [GMT 2:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.Waar
    * Created a new restore point


    ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


    2007-08-07 14:41 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-07 14:27 <DIR> dr-h—– C:\DOCUME~1\user\Onlangs geopend
    2007-08-07 14:13 <DIR> d——– C:\Program Files\BitComet
    2007-08-07 13:53 <DIR> d——– C:\Program Files\uTorrent
    2007-08-02 10:23 <DIR> d——– C:\Program Files\DC++
    2007-07-30 08:27 63,488 –a—— C:\WINDOWS\xobglu16.dll
    2007-07-30 08:27 23,552 –a—— C:\WINDOWS\xobglu32.dll
    2007-07-28 19:42 <DIR> d——– C:\WINDOWS\Drivers
    2007-07-25 11:56 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
    2007-07-14 12:18 <DIR> d——– C:\Program Files\Samsung
    2007-07-14 12:16 94,000 –a—— C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-07-14 12:16 8,336 –a—— C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-07-14 12:16 77,824 –a—— C:\WINDOWS\system32\fun_mp4_dec.dll
    2007-07-14 12:16 684,032 –a—— C:\WINDOWS\system32\fun_mp4_enc.dll
    2007-07-14 12:16 6,176 –a—— C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-07-14 12:16 6,176 –a—— C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-07-14 12:16 58,320 –a—— C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-07-14 12:16 5,840 –a—— C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-07-14 12:16 5,840 –a—— C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-07-14 12:16 2,729,472 –a—— C:\WINDOWS\system32\fun_avcodec.dll
    2007-07-14 12:16 <DIR> d——– C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-07-14 12:16 <DIR> d——– C:\WINDOWS\system32\Samsung PC Studio Codecs
    2007-07-13 16:40 <DIR> d——– C:\Program Files\iTunes
    2007-07-13 16:40 <DIR> d——– C:\Program Files\iPod
    2007-07-13 16:36 <DIR> d——– C:\Program Files\Common Files\Apple
    2007-07-13 16:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-13 16:31 <DIR> d——– C:\Program Files\QuickTime
    2007-07-08 21:41 <DIR> d——– C:\Downloads


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 16:01 2857504 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-08-07 16:00 44335904 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-08-07 14:41 ——— d——– C:\DOCUME~1\user\APPLIC~1\uTorrent
    2007-08-07 14:13 2560 –a—— C:\WINDOWS\system32\BitCometRes.dll
    2007-08-06 12:11 597656 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-08-06 12:11 273104 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-08-05 13:31 512 –a—— C:\ScanSectorLog.dat
    2007-08-03 11:52 ——— d——– C:\DOCUME~1\user\APPLIC~1\Vso
    2007-08-02 22:04 ——— d——– C:\Program Files\TrackMania Nations ESWC
    2007-08-02 11:28 ——— d——– C:\DOCUME~1\user\APPLIC~1\Corel
    2007-08-02 11:24 2828 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-07-27 07:28 359808 –a–c— C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-07-27 07:28 359808 –a—— C:\WINDOWS\system32\drivers\tcpip.sys
    2007-07-14 12:33 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-07-13 22:24 82426 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-13 22:24 468882 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-01 18:19 ——— d——– C:\Program Files\MSN Messenger
    2007-07-01 18:19 ——— d——– C:\Program Files\Messenger Plus! Live
    2007-06-24 15:01 ——— d——– C:\DOCUME~1\user\APPLIC~1\Zylom
    2007-06-17 15:08 ——— d——– C:\Program Files\Xvid
    2007-06-07 20:21 ——— d——– C:\Program Files\Apple Software Update
    2007-05-17 21:11 88 -r-hs—- C:\WINDOWS\system32\E22FBA9882.sys
    2007-05-16 17:19 86528 –a–c— C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 17:19 85504 –a–c— C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 17:19 683520 –a–c— C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 17:19 683520 –a—— C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 17:19 510976 –a–c— C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 17:19 1314816 –a–c— C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-08 11:01 3583488 –a–c— C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-01-25 21:55 87608 –a—— C:\DOCUME~1\user\APPLIC~1\ezpinst.exe
    2007-01-25 21:55 47360 –a—— C:\DOCUME~1\user\APPLIC~1\pcouffin.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 12:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

    R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    R3 E100B;Intel(R) PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
    R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
    S2 Ca504av;TRUST 350FS POWERC@M FLASH(Video);C:\WINDOWS\system32\Drivers\Ca504av.sys
    S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
    S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers
    mwcdc.sys
    S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers
    mwcdcm.sys
    S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers
    mwcd.sys
    S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers
    mwcdcj.sys
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
    S3 USBCamera;TRUST 350FS POWERC@M FLASH(Still);C:\WINDOWS\system32\Drivers\Bulk504.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00c58b3-fecb-11db-813e-000bcda1da13}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ThreeShipsBackPack.htm


    Contents of the 'Scheduled Tasks' folder
    2007-08-03 12:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-07 14:48:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D04216B6-AB2A-01C7-E741-CEAE85EFBA3E}]
    "abljkopndpapkificcodeipnljaefcoflo"=hex:61,61,00,00
    "bbljkopndpapkificcjdfgecomondibmndch"=hex:61,61,00,00

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-07 16:10:00

    — E O F —

    en me [b:aedd4d74dd]hijackthis:[/b:aedd4d74dd]

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:48:55, on 9-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\user\Mijn documenten\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.caresys.nl/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase8300.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D5DC47DE-8CC9-497E-B252-55DB9CF7F60F}: NameServer = 192.168.200.1,192.168.200.2
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 8197 bytes








  • zijn me logjes zo goed?
    m.v.g stefan

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.