Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack log

None
6 antwoorden
  • Pest patrol rapporteerde een keylogger !!!
    Nog ergens een verwijzing te vinden of iets datniet door de beugel kan?

    Logfile of HijackThis v1.99.1
    Scan saved at 17:10:17, on 8/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
    C:\WINDOWS\system32\Belpic PCSC Service.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\CurioStudio\GreatNews\GreatNews.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO98.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART
    O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: McDetect.exe - Logitech Inc. - (no file)
    O23 - Service: McShield - Logitech Inc. - (no file)
    O23 - Service: McTskshd.exe - Logitech Inc. - (no file)
    O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file)
    O23 - Service: MCVSRte - Logitech Inc. - (no file)
    O23 - Service: MpfService - McAfee Security - (no file)
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • ik ga wel even kijken voor je of ik iets kan vinden.
  • Download en installeer [b:b40d601ab2]Ewido Anti-Spyware 4.0[/b:b40d601ab2][/color:b40d601ab2].[list:b40d601ab2]
    Na de installatie, open Ewido Anti-Spyware 4.0:
    * onder "[b:b40d601ab2]Status[/b:b40d601ab2]", klik op [b:b40d601ab2]Change state[/b:b40d601ab2] naast "Resident shield". (wijzig van active naar [b:b40d601ab2]inactive[/b:b40d601ab2]!)
    * onder "[b:b40d601ab2]Update[/b:b40d601ab2]", klik op de [b:b40d601ab2]Start update[/b:b40d601ab2] knop.
    * onder "[b:b40d601ab2]Scanner[/b:b40d601ab2]", tab "Settings":[list:b40d601ab2]- onder "How to act?", klik op "[u:b40d601ab2]Recommended actions[/u:b40d601ab2]" en selecteer [b:b40d601ab2]Quarantine[/b:b40d601ab2]. ([b:b40d601ab2]ZEER BELANGRIJK![/b:b40d601ab2])
    - onder "Reports", selecteer [b:b40d601ab2]Automatically generate report after every scan[/b:b40d601ab2] en [u:b40d601ab2]verwijder[/u:b40d601ab2] het vinkje bij [b:b40d601ab2]Only if threats were found[/b:b40d601ab2][/list:u:b40d601ab2]
    Sluit Ewido. Laat het [b:b40d601ab2]nog niet[/b:b40d601ab2] scannen.[/list:u:b40d601ab2]

    start op in veilige modus (op F8 tappen tijdens opstarten)

    Start [b:b40d601ab2]Ewido[/b:b40d601ab2][/color:b40d601ab2].[list:b40d601ab2]* Klik op [b:b40d601ab2]Scan[/b:b40d601ab2] en kies [b:b40d601ab2]Complete System Scan[/b:b40d601ab2].
    * Na afloop van de scan, klik je op [b:b40d601ab2]Apply All Actions[/b:b40d601ab2].
    * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop [b:b40d601ab2]Save Report[/b:b40d601ab2].
    * Klik in het menu bovenaan op [b:b40d601ab2]Reports[/b:b40d601ab2]. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:b40d601ab2]

    Als pestscanner nogmaals die melding geeft zet die melding dan eens hier neer aub.
    Mag ik ook een nieuw HJT logje aub.
  • ———————————————————
    ewido anti-spyware - Scan Report
    ———————————————————

    + Created at: 16:59:01 9/08/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined).
    HKU\S-1-5-21-796845957-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
    :mozilla.289:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.290:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.291:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.292:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.293:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.294:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.312:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.370:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.311:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.287:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.314:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Cookies\marc@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
    :mozilla.267:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.286:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.206:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Cookies\marc@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Cookies\marc@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
    :mozilla.315:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.417:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.418:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Cookies\marc@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    :mozilla.329:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Marc\Cookies\marc@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    :mozilla.67:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.69:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.324:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.325:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.326:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.327:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.328:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.331:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
    :mozilla.139:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.140:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.230:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.341:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.352:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.368:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.369:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.317:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.318:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.319:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.320:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.302:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.303:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.304:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.310:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.220:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


    ::Report end
  • Pest Patrol heeft die KGB Keylogger in quarantaine gezet, dus krijg géén melding meer.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:14:59, on 9/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\Belpic PCSC Service.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe
    C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO12.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART
    O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McDetect.exe - Logitech Inc. - (no file)
    O23 - Service: McShield - Logitech Inc. - (no file)
    O23 - Service: McTskshd.exe - Logitech Inc. - (no file)
    O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file)
    O23 - Service: MCVSRte - Logitech Inc. - (no file)
    O23 - Service: MpfService - McAfee Security - (no file)
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • Die quarantaine box van pestcontrol legen en zoek eens bij software(configuratiescherm) naar [b:adeb16aac5]KeenValue [/b:adeb16aac5] en verwijder dat indien aanwezig. Doe nogmaals een scan met Ewido en laat nu alles verwijderen wat het vind.

    succes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.