Vraag & Antwoord

Beveiliging & privacy

[XP professional] Ik vertrouw mijn systeem niet meer

Anoniem
juisterr
2 antwoorden
 • Na een lange afwezigheid eindelijk weer eens internet thuis. Echter na de eerste sessie (windows updates ophalen :cry: ) heb ik het gevoel dat er iets niet lekker zit.
  In eerste instantie had ik erg veel verkeer hoewel ik niets deed. Waarschijnlijk zijn dit windows updates geweest (hoewel ik de setting halverwege veranderd heb, bleef dit doorgaan). Vanavond lijkt het rustig (maak ik heb alle updates nu binnen gehaald)

  Adaware vindt niets evenals AVG. Windows defender en Spybot Search and Destroy vinden ook niets.
  Spyware doctor vindt wat cookies:
  [code:1:ddb7616116]wim@com[2].txt
  wim@m.webtrends[1].txt
  wim@stat.onestat[2].txt[/code:1:ddb7616116]Deze kunnen niet verwijderd worden (tenzij ik koop)
  [code:1:ddb7616116]Logfile of HijackThis v1.99.1
  Scan saved at 09:52:08 PM, on 2006-11-08
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Apache Group\Apache2\bin\Apache.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\Program Files\Apache Group\Apache2\bin\Apache.exe
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  C:\mysql\bin\mysqld-nt.exe
  C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\SOUNDMAN.EXE
  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\System32\alg.exe
  C:\Program Files\iBurstDashboard\TrayLauncher.exe
  C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
  C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\cmd.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  d:\Documents and Settings\wim\My Documents\_downloads\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
  O1 - Hosts: 172.18.32.2 www.home.net
  O1 - Hosts: 172.18.32.2 www.wim.net
  O1 - Hosts: 172.18.32.2 www.liza.net
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: iBurst Launcher.lnk = ?
  O4 - Global Startup: iBurst_Terminal UTL.lnk = ?
  O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162458658050
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162458623878
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BB816-B6AD-430C-99FD-AE97B4150BC4}: NameServer = 196.30.31.193 196.46.70.1
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
  O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
  O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe[/code:1:ddb7616116]

  Wat ik niet vertrouw
  In ZoneAlarm staat 'generic host process for win32 services' vermeld en deze moet internet access hebben, anders kan ik niet surfen. Misschien zie ik spoken.
  Andere programma's waar ik geen idee van heb (in ZoneAlarm):
  lsa shell (export version)
  run a dll as an app
  Verder heb ik in ZoneAlarm twee ikoontjes voor 'generic host process for win32 services'

  Ook kan ik mijn default pagina in internet explorer niet veranderen en updaten naar IE7 gaat ook niet.

  Gaarne advies

  PS iBurst is mijn verbinding met het internet
 • die generic host is okay om toe te voegen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.