Archief - Trojan generic problemen.

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Grizz

Legacy Member
Hallo,

Mijn probleem zijn een stuk of 3 trojans volgens bullguard antivirus. Met bullguard kan ik er niets aan doen, ieder keer dat het probeert te disinfecteren loopt de hele pc vast. Het virus wordt wel ieder keer geblokkeerd. Ik krijg een melding van bullguard iedere keer als ik iets open, eender wat. Internet explorer, world of warcraft, andere games en programma's.

De grote vraag, hoe krijg ik die virussen weg?

Ik ben eigenlijk nog niet echt bekend met Hijack this... maar hier is de log van m'n scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:27, on 11/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [a0824507] rundll32.exe "C:\WINDOWS\system32\avbqgldo.dll",b
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: bw+0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {BCFAF49B-FFB0-448E-8398-8BDE7881ACF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rjkksh.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 19990 bytes


Ik hoop dat jullie een oplossing weten,
Alvast Bedankt,

Patrick.

Jurgenv1

Legacy Member
Deïnstalleer eens Logitech Desktop messenger.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Grizz

Legacy Member
Hallo, Ik ben een paar dagen out geweest...

Ik heb Combofix laten lopen,
Ik moet hier wel bijzeggen, dat op het moment dat ComboFix vroeg om bullguard uit te schakelen, ik dit geweigerd heb. Ik weet niet als dit direct effect heeft gehad op de resultaten hier volgt de log file... Maar tijdens het werken van combofix heeft bullguard minstens 10-15 keer virussen geblokkeerd, als het niet meer was.

ComboFix 09-02-12.03 - Gebruiker 2009-02-14 17:54:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.2031.1279 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning enabled* (Updated)
FW: BullGuard Firewall *enabled*
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active


WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\ahtttwmy.ini
c:\windows\system32\avbqgldo.dll
c:\windows\system32\bjsvskrx.ini
c:\windows\system32\cbXPjGXP.dll
c:\windows\system32\cfggPqru.ini
c:\windows\system32\cfggPqru.ini2
c:\windows\system32\frldhgav.ini
c:\windows\system32\gaeakpdp.ini
c:\windows\system32\hesrcmar.ini
c:\windows\system32\igiuenhx.ini
c:\windows\system32\jrrtsieu.ini
c:\windows\system32\khsdhugn.ini
c:\windows\system32\kvywapyy.dll
c:\windows\system32\kyjcionx.ini
c:\windows\system32\ldjdykhf.ini
c:\windows\system32\lnnbkqlu.ini
c:\windows\system32\mhwjpaln.dll
c:\windows\system32\mmmnlf.dll
c:\windows\system32\mtxkuhmq.ini
c:\windows\system32\nohjwkod.ini
c:\windows\system32\odlgqbva.ini
c:\windows\system32\ppmpxwwi.ini
c:\windows\system32\qplsjxyr.ini
c:\windows\system32\rmfdtpjm.ini
c:\windows\system32\rvhsngmc.ini
c:\windows\system32\ryxjslpq.dll
c:\windows\system32\trfnbyhw.ini
c:\windows\system32\twreskmp.ini
c:\windows\system32\uckxncxx.dll
c:\windows\system32\ukiauqib.ini
c:\windows\system32\urqPggfc.dll
c:\windows\system32\xedxemky.ini
c:\windows\system32\xxcnxkcu.ini
c:\windows\system32\yfpxkjjj.ini
c:\windows\system32\ymwtttha.dll
c:\windows\system32\yqgwuooe.ini
c:\windows\system32\yypawyvk.ini
c:\windows\Tasks\ipeajies.job

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))


Verder, een nieuwe scan van HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:12, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {38d09c2d-0946-52fb-7814-09ac4c321ad4} - {4da123c4-ca90-4187-bf25-6490d2c90d83} - C:\WINDOWS\system32\rjkksh.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rjkksh.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8565 bytes


Verder, wil ik nog effe bedanken voor het snelle antwoord.

Merci,

Patrick.

Jurgenv1

Legacy Member
* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.
  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
  • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan