Vraag & Antwoord

Beveiliging & privacy

Hijack log

6 antwoorden
  • Pest patrol rapporteerde een keylogger !!! Nog ergens een verwijzing te vinden of iets datniet door de beugel kan? Logfile of HijackThis v1.99.1 Scan saved at 17:10:17, on 8/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe C:\WINDOWS\system32\Belpic PCSC Service.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Program Files\CurioStudio\GreatNews\GreatNews.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\7-Zip\7zFM.exe C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO98.tmp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: McDetect.exe - Logitech Inc. - (no file) O23 - Service: McShield - Logitech Inc. - (no file) O23 - Service: McTskshd.exe - Logitech Inc. - (no file) O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file) O23 - Service: MCVSRte - Logitech Inc. - (no file) O23 - Service: MpfService - McAfee Security - (no file) O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • ik ga wel even kijken voor je of ik iets kan vinden.
  • Download en installeer [url=http://www.ewido.net/en/download/][color=blue:b40d601ab2][b:b40d601ab2]Ewido Anti-Spyware 4.0[/b:b40d601ab2][/color:b40d601ab2][/url].[list:b40d601ab2] Na de installatie, open Ewido Anti-Spyware 4.0: * onder "[b:b40d601ab2]Status[/b:b40d601ab2]", klik op [b:b40d601ab2]Change state[/b:b40d601ab2] naast "Resident shield". (wijzig van active naar [b:b40d601ab2]inactive[/b:b40d601ab2]!) * onder "[b:b40d601ab2]Update[/b:b40d601ab2]", klik op de [b:b40d601ab2]Start update[/b:b40d601ab2] knop. * onder "[b:b40d601ab2]Scanner[/b:b40d601ab2]", tab "Settings":[list:b40d601ab2]- onder "How to act?", klik op "[u:b40d601ab2]Recommended actions[/u:b40d601ab2]" en selecteer [b:b40d601ab2]Quarantine[/b:b40d601ab2]. ([b:b40d601ab2]ZEER BELANGRIJK![/b:b40d601ab2]) - onder "Reports", selecteer [b:b40d601ab2]Automatically generate report after every scan[/b:b40d601ab2] en [u:b40d601ab2]verwijder[/u:b40d601ab2] het vinkje bij [b:b40d601ab2]Only if threats were found[/b:b40d601ab2][/list:u:b40d601ab2] Sluit Ewido. Laat het [b:b40d601ab2]nog niet[/b:b40d601ab2] scannen.[/list:u:b40d601ab2] start op in veilige modus (op F8 tappen tijdens opstarten) Start [color=blue:b40d601ab2][b:b40d601ab2]Ewido[/b:b40d601ab2][/color:b40d601ab2].[list:b40d601ab2]* Klik op [b:b40d601ab2]Scan[/b:b40d601ab2] en kies [b:b40d601ab2]Complete System Scan[/b:b40d601ab2]. * Na afloop van de scan, klik je op [b:b40d601ab2]Apply All Actions[/b:b40d601ab2]. * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop [b:b40d601ab2]Save Report[/b:b40d601ab2]. * Klik in het menu bovenaan op [b:b40d601ab2]Reports[/b:b40d601ab2]. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:b40d601ab2] Als pestscanner nogmaals die melding geeft zet die melding dan eens hier neer aub. Mag ik ook een nieuw HJT logje aub.
  • --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 16:59:01 9/08/2006 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined). HKU\S-1-5-21-796845957-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning. :mozilla.289:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.290:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.291:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.292:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.293:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.294:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.312:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.55:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.56:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.370:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.311:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). :mozilla.287:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). :mozilla.314:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Cookies\marc@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.267:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined). :mozilla.286:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.206:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Cookies\marc@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Cookies\marc@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined). :mozilla.315:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.417:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.418:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.41:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Cookies\marc@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined). :mozilla.329:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Marc\Cookies\marc@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined). :mozilla.67:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.68:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.69:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.71:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.324:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.325:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.326:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.327:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.328:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.331:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined). :mozilla.139:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.140:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.230:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.341:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.352:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.368:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.369:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.42:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.73:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.317:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.318:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.319:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.320:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.302:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.303:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.304:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.310:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.220:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end
  • Pest Patrol heeft die KGB Keylogger in quarantaine gezet, dus krijg géén melding meer. Logfile of HijackThis v1.99.1 Scan saved at 17:14:59, on 9/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\system32\Belpic PCSC Service.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\7-Zip\7zFM.exe C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO12.tmp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McDetect.exe - Logitech Inc. - (no file) O23 - Service: McShield - Logitech Inc. - (no file) O23 - Service: McTskshd.exe - Logitech Inc. - (no file) O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file) O23 - Service: MCVSRte - Logitech Inc. - (no file) O23 - Service: MpfService - McAfee Security - (no file) O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • Die quarantaine box van pestcontrol legen en zoek eens bij software(configuratiescherm) naar [b:adeb16aac5]KeenValue [/b:adeb16aac5] en verwijder dat indien aanwezig. Doe nogmaals een scan met Ewido en laat nu alles verwijderen wat het vind. succes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.