Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Erik
Goedenavond mensen,
sinds korte tijd heb ik het volgende probleem;
wanneer ik op een bepaald moment, bepaalde sites bezoek (vakantiesites), dan ontvang ik de dag erna spam in mijn mailbox, die afkomstig is van de eerder bezochte sites.
Ik heb op dat moment geen e-mailadres achtergelaten en mij ook niet voor een nieuwsbrief ingeschreven.
Via de software.startpagina.nl adviseerde ze mij om jullie te raadplegen.
Ik heb inmiddels “LEES DIT EERST voordat je een nieuw bericht gaat plaatsen !!”
afgehandeld en daarna een hijacklog gemaakt.
Kunnen jullie hier iets vreemds aan ontdekken?
Alvast bedankt voor de hulp.
Logfile of HijackThis v1.99.1
Scan saved at 18:34:32, on 5-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\BinarySense\HDDlife\HDDlife.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU\..\Run: “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”
O4 - HKCU\..\Run: “C:\PROGRA~1\SecCopy\SecCopy.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nl.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/2663/defaults/activex/IPSUploader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
