Vraag & Antwoord

Beveiliging & privacy

hijackthislog: spam, spyware, virus ?

Anoniem
guft
1 antwoord
 • De problemen:
  - foutmelding opstarten pc betreffende wilogon.exe. Klassiek kaderke met het vertel aan microsoft of niet gegeven (send, don't send)
  - het verzenden van zeer veel spam (sentbox volledig vol)
  - inbox vol 'delivery status notification' terwijl er niks bewust verzonden wordt (vermoedelijk link met sentbox)
  - via msn wordt er spam betreffende dieetpillen e.d. verzonden waarna even later msn vastloopt

  De log:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:38:38, on 31/08/2009
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
  C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB958481-x86.exe
  d:\15d2a22eeae375a60bfd985059dd\HotFixInstaller.exe
  C:\WINDOWS\System32\msiexec.exe
  C:\WINDOWS\System32\MsiExec.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
  D:\Program Files2\BitTorrent\bittorrent.exe
  C:\DOCUME~1\Anzji\LOCALS~1\Temp\a.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
  O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [Windows Logon Assistant] "C:\Documents and Settings\Anzji\Application Data\Applications\winlogon.exe"
  O4 - HKLM\..\Run: [Windows Login Assistant] "C:\Documents and Settings\Anzji\Application Data\S03-7323-GEYNAWT-2623-TGAW\winlogon.exe"
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Windows Logon Assistant] "C:\Documents and Settings\Anzji\Application Data\Applications\winlogon.exe"
  O4 - HKCU\..\Run: [Windows Login Assistant] "C:\Documents and Settings\Anzji\Application Data\S03-7323-GEYNAWT-2623-TGAW\winlogon.exe"
  O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\Anzji\LOCALS~1\Temp\a.exe
  O4 - HKLM\..\Policies\Explorer\Run: [Windows Logon Assistant] "C:\Documents and Settings\Anzji\Application Data\Applications\winlogon.exe"
  O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Assistant] "C:\Documents and Settings\Anzji\Application Data\S03-7323-GEYNAWT-2623-TGAW\winlogon.exe"
  O4 - HKCU\..\Policies\Explorer\Run: [Windows Logon Assistant] "C:\Documents and Settings\Anzji\Application Data\Applications\winlogon.exe"
  O4 - HKCU\..\Policies\Explorer\Run: [Windows Login Assistant] "C:\Documents and Settings\Anzji\Application Data\S03-7323-GEYNAWT-2623-TGAW\winlogon.exe"
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: ONCE.BAT
  O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: Messenger USN Journal Reader service voor Gedeelde mappen (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)


  End of file - 8640 bytes

  Alvast bedankt,

  Guft. :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord