Vraag & Antwoord

Beveiliging & privacy

log 2809

Anoniem
#robkeb#
5 antwoorden
 • Ik kreeg een mail terug die door de ontvanger niet ontvangen kon worden. De mail heb ik zelf niet verzonden, de ontvanger staat niet in mijn adresboek, vandaar dat ik zou willen vragen of een expert mijn HT log zou willen beoordelen. Alvast bedankt daarvoor.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:53:28, on 28-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\iTouch\kbdtray.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Common

  Files\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  c:\program files\common files\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\SiteAdvisor\6172\SAService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\Program Files\Opera\Opera.exe
  C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  C:\Program Files\2xExplorer\2xExplorer.exe
  C:\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

  http://www.verschurenfotovideo.nl/
  R0 - HKCU\Software\Microsoft\Internet

  Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-

  0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-

  206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

  D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-

  6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-

  8333-CF10577473F7} - c:\windows\downloaded program

  files\googletoolbar2.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252

  -17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

  C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32

  \\NeroCheck.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

  Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE

  TWEAKUI.CPL,TweakMeUp
  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1

  \Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program

  Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

  Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1

  \INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

  C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1

  \INSTAL~1\UPDATE~1\issch.exe" -start
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

  Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [SiteAdvisor] C:\Program

  Files\SiteAdvisor\6172\SiteAdv.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

  \ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

  C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

  C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

  C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

  C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

  Files\Common Files\Adobe\Calibration\Adobe Gamma

  Loader.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk =

  C:\Program Files\Logitech\Desktop Messenger\8876480

  \Program\LDMConf.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

  00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

  4FCB-11CF-AAA5-00401C608501} - C:\Program

  Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

  f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

  d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

  Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

  00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

  F110-11d2-BB9E-00C04F795683} - C:\Program

  Files\Messenger\msmsgs.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

  (McAfee.com Operating System Class) -

  http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcins

  ctl.cab
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495}

  (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-

  big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

  (DwnldGroupMgr Class) -

  http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcg

  dmgr.cab
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware

  Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware

  7.5\guard.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

  C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

  Corporation - C:\Program Files\Common

  Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. -

  C:\Program Files\Common

  Files\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) -

  McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

  c:\program files\common files\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee,

  Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Redirector Service (McRedirector) -

  McAfee, Inc. - c:\PROGRA~1\COMMON~1

  \mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee,

  Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc.

  - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) -

  McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

  Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) -

  Unknown owner - C:\Program Files\SiteAdvisor\6172

  \SAService.exe


  End of file - 7244 bytes
 • Je log is amper leesbaar zo:

  Ga naar kladblok –> opmaak en haal het vinkje weg voor automatische terugloop. Post nu een nieuw Hijackthis logje.
 • Inderdaad, sorry voor het ongemak. Hier de nieuwe:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:53:28, on 28-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\iTouch\kbdtray.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  c:\program files\common files\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\SiteAdvisor\6172\SAService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\Program Files\Opera\Opera.exe
  C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  C:\Program Files\2xExplorer\2xExplorer.exe
  C:\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verschurenfotovideo.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe


  End of file - 7244 bytes
 • [quote:f743e8bb68="#robkeb#"]Ik kreeg een mail terug die door de ontvanger niet ontvangen kon worden. De mail heb ik zelf niet verzonden, de ontvanger staat niet in mijn adresboek, vandaar dat ik zou willen vragen of een expert mijn HT log zou willen beoordelen. Alvast bedankt daarvoor.[/quote:f743e8bb68]

  Ik heb weinig verstand van HijackThis logs, maar ik kan je wel vertellen dat in veel gevallen het door jou genoemde probleem komt doordat de spammer een vervalst e-mailadres gebruikt (jouw e-mailadres). Daar kan jij dan weinig aan doen.

  (Het is natuurlijk altijd goed om even een HJT logje te laten controleren, maar ik wilde even aangeven dat er niet per se iets aan de hand hoeft te zijn.)
 • Log is schoon.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.