Vraag & Antwoord
Hijack log
6 antwoorden
- Pest patrol rapporteerde een keylogger !!!
Nog ergens een verwijzing te vinden of iets datniet door de beugel kan?
Logfile of HijackThis v1.99.1
Scan saved at 17:10:17, on 8/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
C:\WINDOWS\system32\Belpic PCSC Service.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CurioStudio\GreatNews\GreatNews.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO98.tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART
O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McDetect.exe - Logitech Inc. - (no file)
O23 - Service: McShield - Logitech Inc. - (no file)
O23 - Service: McTskshd.exe - Logitech Inc. - (no file)
O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file)
O23 - Service: MCVSRte - Logitech Inc. - (no file)
O23 - Service: MpfService - McAfee Security - (no file)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe - ik ga wel even kijken voor je of ik iets kan vinden.
- Download en installeer .[list:b40d601ab2]
Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "[b:b40d601ab2]Status[/b:b40d601ab2]", klik op [b:b40d601ab2]Change state[/b:b40d601ab2] naast "Resident shield". (wijzig van active naar [b:b40d601ab2]inactive[/b:b40d601ab2]!)
* onder "[b:b40d601ab2]Update[/b:b40d601ab2]", klik op de [b:b40d601ab2]Start update[/b:b40d601ab2] knop.
* onder "[b:b40d601ab2]Scanner[/b:b40d601ab2]", tab "Settings":[list:b40d601ab2]- onder "How to act?", klik op "[u:b40d601ab2]Recommended actions[/u:b40d601ab2]" en selecteer [b:b40d601ab2]Quarantine[/b:b40d601ab2]. ([b:b40d601ab2]ZEER BELANGRIJK![/b:b40d601ab2])
- onder "Reports", selecteer [b:b40d601ab2]Automatically generate report after every scan[/b:b40d601ab2] en [u:b40d601ab2]verwijder[/u:b40d601ab2] het vinkje bij [b:b40d601ab2]Only if threats were found[/b:b40d601ab2][/list:u:b40d601ab2]
Sluit Ewido. Laat het [b:b40d601ab2]nog niet[/b:b40d601ab2] scannen.[/list:u:b40d601ab2]
start op in veilige modus (op F8 tappen tijdens opstarten)
Start - ———————————————————
ewido anti-spyware - Scan Report
———————————————————
+ Created at: 16:59:01 9/08/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
C:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
D:\Documents and Settings\Marc\Mijn documenten\Temp\Te bewaren programma's\downloads\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning.
:mozilla.289:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.370:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Cookies\marc@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Cookies\marc@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Cookies\marc@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.417:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Cookies\marc@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Marc\Cookies\marc@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\vcfss706.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end - Pest Patrol heeft die KGB Keylogger in quarantaine gezet, dus krijg géén melding meer.
Logfile of HijackThis v1.99.1
Scan saved at 17:14:59, on 9/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\Belpic PCSC Service.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe
C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\Marc\LOCALS~1\Temp\7zO12.tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SmartBackup] "C:\Program Files\JAM Software\SmartBackup\SmartBackup2.exe" /WINSTART
O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Citi Internet Number - {F2019321-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {1358E11F-ADE8-4D2B-9135-1A4CB9A23D7B} (Install Class) - https://genius.belgacom.be/esupport/download/IPGInstaller.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: BELPIC PCSC Service (BELGIUM_ID_CARD_SERVICE) - Zetes/CSC - C:\WINDOWS\system32\Belpic PCSC Service.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McDetect.exe - Logitech Inc. - (no file)
O23 - Service: McShield - Logitech Inc. - (no file)
O23 - Service: McTskshd.exe - Logitech Inc. - (no file)
O23 - Service: mcupdmgr.exe - Logitech Inc. - (no file)
O23 - Service: MCVSRte - Logitech Inc. - (no file)
O23 - Service: MpfService - McAfee Security - (no file)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe - Die quarantaine box van pestcontrol legen en zoek eens bij software(configuratiescherm) naar [b:adeb16aac5]KeenValue [/b:adeb16aac5] en verwijder dat indien aanwezig. Doe nogmaals een scan met Ewido en laat nu alles verwijderen wat het vind.
succes
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.