Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

Verzoek nakijken Hijackthis log

Pagina: 1
Acties:

maandag 28 juli 2008 21:10

Acties:
  • Tomino
  • Registratie: Januari 2006
  • Laatst online: 20:30

Tomino

Topicstarter
Beste allemaal.

Momenteel zit ik achter een PC die geinfecteerd is met een aantal hardnekkige virussen:
DNSCHANGER.AVT en ZLOB.A

Deze krijg ik niet weg met NORMAN en niet met AVG.
Zou iemand naar mijn Hijacthis kunnen kijken voor een oplossing?
Noot: Pc ic van mijn oom, maar even onder mijn naam geplaatst..
Logfile of HijackThis v1.99.1
Scan saved at 21:09:04, on 28-7-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\zanda.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINNT\explorer.exe
D:\spybotsd160.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23A39.tmp\spybotsd160.tmp
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.nl/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.casema.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://klant.casema.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: XBTBPos00 - {3AC80099-3683-446F-A35C-FFD27DA063B4} - C:\PROGRA~1\GENEAL~1\GENEAL~1.DLL
O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Genealogie Werkbalk - {3FE20A68-5F78-4CF1-A941-3AAA55DE4C9D} - C:\Program Files\Genealogie Werkbalk\genealogiewerkbalk1.1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpamBlocker] "C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn...tatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.../MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec....ontent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.c...eb_site.cab?1123665431812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec....tent/common/bin/cabsa.cab
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} - http://www.webcamenvivo.com/xxx/pagomast.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn...rStatsClient.cab31267.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/...sengersetupdownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.co...an/2,0,0,4519/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.c...p/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B9856D-4672-429A-8BFF-8559F9D9CBA1}: NameServer = 85.255.116.126,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB62D7FA-BD3E-4A73-A9EC-6EC948929ADB}: NameServer = 85.255.116.126,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.126 85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.126 85.255.112.215
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.126 85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.126 85.255.112.215
O18 - Protocol: bw+0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol hijack: mhtml -
O18 - Protocol: offline-8876480 - {006F2872-2FB7-4039-8DAA-3222E9567FBC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Norman\nse\bin\NSESVC.EXE" -daemon (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

maandag 28 juli 2008 21:12

Acties:
  • Kixtart
  • Registratie: Mei 2004
  • Niet online

Kixtart

Destruction = Improvement

www.hijackthis.de :)
Je moet zelf ook nog even doorkijken, maar gewoonlijk is er veel uit te halen door naar de vinkjes en visitor rating te kijken.

Heb je trouwens de virusscanners laten draaien in de veilige modus?

edit:
Hij komt iig in de log aan met Smitfraud. Als het goed is is dit een fix ervoor: http://www.techzine.nl/tu...ijderen-(spysheriff).html
edit2:
De domeinverwijzingen (O17) lijkt ook niet echt geweldig. IP's is van:
UkrTeleGroup Ltd in Ukraine

[ Voor 58% gewijzigd door Kixtart op 28-07-2008 21:19 ]

☻/
/▌
/ \

maandag 28 juli 2008 21:18

Acties:
  • niels88
  • Registratie: April 2003
  • Niet online

niels88

Tsja, Windows 2000 sp4 met IE6 ;)

Maar er zitten inderdaad vreemde dingen tussen...

dinsdag 29 juli 2008 08:27

Acties:
  • FlipFluitketel
  • Registratie: Juli 2002
  • Laatst online: 20:17

FlipFluitketel

Frontpage Admin
Probeer eens even met Malwarebytes Anti-Malware. Deze krijgt veel rommel weg die ik met andere programma's niet (compleet) verwijderd kreeg.

There are only 10 types of people in the world...those who understand binary and those who don't.
Jeremy Clarkson: It’s, um, a mobile phone holder, or as Richard Hammond calls it, a seat!

dinsdag 29 juli 2008 09:16

Acties:
  • Tomino
  • Registratie: Januari 2006
  • Laatst online: 20:30

Tomino

Topicstarter
Bedankt voor de 1e link Kixtart. Kende Hijackthis wel maar die site nog niet :)
Ondertussen al een aantal dingen verwijderd e.d.
Ik ga vanavond als ik er weer ben die dingen proberen!

Alvast thnx!
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq