Vraag & Antwoord

Beveiliging & privacy

Nog een HJT-logje voor de liefhebbers

Anoniem
M@rc
1 antwoord
 • Hallo allemaal,

  Ik ben nieuw hier op het forum, dus als ik me vergalloppeer, dan graag even een berichtje terug.

  Ik heb het volgende probleem: ik heb inmiddels zo'n kleine driehonderd onbezorgbare mails binnengekregen allemaal met spam erin. Het returnadres is steevast in het format xxxx@mijndomeinnaam.nl, waarbij de xxxx meestal staat voor een viertal willekeurige characters.

  Ik vermoed dat het spoofing is, maar ik wil graag zeker weten dat mijn PC geen ZOMBIE server geworden is. Ik heb Sygate Firewall en McAfee draaien, alsook anti-spyware van Miocrosoft en nog wat anti-spyware tools. Er wordt niets gevonden, maar wellicht wil iemand van jullie zijn deskundig oog eens over mijn HijackThis-log laten gaan:


  Logfile of HijackThis v1.98.0
  Scan saved at 14:42:29, on 07-05-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\VIRUS\sygate\smc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\EASYPH~1\Apache\apache.exe
  C:\Program Files\FileZilla Server\FileZilla Server.exe
  C:\Delphi\d7\Components\Firebird\Firebird_1_5\bin\fbserver.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\PROGRA~1\EASYPH~1\Apache\apache.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\inetsrv\inetinfo.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\program files\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
  C:\WINDOWS\System32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\RealVNC\VNC4\WinVNC4.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\VIRUS\MS_AntiSpy\gcasServ.exe
  C:\WINDOWS\system32\taskswitch.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\VIRUS\MS_AntiSpy\gcasDtServ.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\FeedReader\feedreader.exe
  C:\Utils\winzip\WZQKPICK.EXE
  C:\Office2000\Office\OUTLOOK.EXE
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Utils\tekst\editpadLite\EditPad.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\SysteemSoftware\firefox\firefox.exe
  C:\VIRUS\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lachvandedag.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lachvandedag.com
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\VIRUS\SpyBOT\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  O4 - HKLM\..\Run: [SmcService] C:\VIRUS\sygate\smc.exe -startgui
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [gcasServ] "C:\VIRUS\MS_AntiSpy\gcasServ.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exe
  O4 - HKCU\..\Run: [eMuleAutoStart] C:\emule\emule.exe -AutoStart
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\frontpage2000\Office\OSA9.EXE
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Utils\winzip\WZQKPICK.EXE
  O9 - Extra button: (no name) - AutorunsDisabled - (no file)
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O15 - Trusted Zone: http://www.microolap.com
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
  O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4587/mcfscan.cab
  O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.