keylogger uitgeschakelt?

[thomasijn]

van morgen heeft iemand per mail een keylogger naar mij verstuurt wel men anti virus heeft bu 5 files in quarantaine maar als ik vraag om ze uit quarantaine te verwijderen ben ik erdan vanaf of komen ze dan weer op men pc en ka het zien dat ik nog steeds spy ware op men pc heb ik heb avira anti virus en ik zou nu graag tips hebben om ervoor te zorgen dat die kerel niks van achtwoorden kan stelen want tot die tijd durf ik nergens op in te loggen XS

[thomasijn]

dit zijn de gegevens heb ik de keylogger uitgeschakelt ja of nee?

Avira AntiVir Personal

Report file date: dinsdag 28 december 2010 13:34

Scanning for 2304661 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : GEBRUIKER-MSI

Version information:

BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 8/12/2010 12:44:02

AVSCAN.DLL : 10.0.3.0 46440 Bytes 8/09/2010 13:06:04

LUKE.DLL : 10.0.3.2 104296 Bytes 8/12/2010 12:44:03

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 07:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:38:59

VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 14:39:00

VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 14:39:01

VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 14:39:01

VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 14:39:01

VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 14:39:01

VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 14:39:02

VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 14:39:02

VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 14:39:02

VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 14:39:02

VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 14:39:02

VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 14:39:02

VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 13:56:42

VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 13:56:42

VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 13:56:42

VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 13:56:42

VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 12:09:48

VBASE018.VDF : 7.11.0.186 2048 Bytes 27/12/2010 12:09:48

VBASE019.VDF : 7.11.0.187 2048 Bytes 27/12/2010 12:09:48

VBASE020.VDF : 7.11.0.188 2048 Bytes 27/12/2010 12:09:48

VBASE021.VDF : 7.11.0.189 2048 Bytes 27/12/2010 12:09:48

VBASE022.VDF : 7.11.0.190 2048 Bytes 27/12/2010 12:09:48

VBASE023.VDF : 7.11.0.191 2048 Bytes 27/12/2010 12:09:48

VBASE024.VDF : 7.11.0.192 2048 Bytes 27/12/2010 12:09:48

VBASE025.VDF : 7.11.0.193 2048 Bytes 27/12/2010 12:09:48

VBASE026.VDF : 7.11.0.194 2048 Bytes 27/12/2010 12:09:49

VBASE027.VDF : 7.11.0.195 2048 Bytes 27/12/2010 12:09:49

VBASE028.VDF : 7.11.0.196 2048 Bytes 27/12/2010 12:09:49

VBASE029.VDF : 7.11.0.197 2048 Bytes 27/12/2010 12:09:49

VBASE030.VDF : 7.11.0.198 2048 Bytes 27/12/2010 12:09:49

VBASE031.VDF : 7.11.0.205 27648 Bytes 28/12/2010 12:09:49

Engineversion : 8.2.4.126

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/09/2010 13:06:04

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 2/12/2010 17:42:05

AESCN.DLL : 8.1.7.2 127349 Bytes 27/11/2010 14:32:56

AESBX.DLL : 8.1.3.2 254324 Bytes 27/11/2010 14:32:57

AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 13:36:37

AEPACK.DLL : 8.2.4.5 512375 Bytes 24/12/2010 13:56:45

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 27/11/2010 14:32:56

AEHEUR.DLL : 8.1.2.57 3142008 Bytes 24/12/2010 13:56:45

AEHELP.DLL : 8.1.16.0 246136 Bytes 2/12/2010 17:40:53

AEGEN.DLL : 8.1.5.0 397685 Bytes 2/12/2010 17:40:49

AEEMU.DLL : 8.1.3.0 393589 Bytes 27/11/2010 14:32:53

AECORE.DLL : 8.1.19.0 196984 Bytes 2/12/2010 17:40:36

AEBB.DLL : 8.1.1.0 53618 Bytes 8/09/2010 13:06:04

AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 14:47:40

AVREG.DLL : 10.0.3.2 53096 Bytes 12/11/2010 10:46:45

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 8/12/2010 12:44:03

AVARKT.DLL : 10.0.22.6 231784 Bytes 8/12/2010 12:44:00

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/11/2010 10:46:39

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20101228-132942-2EC52CF3.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, Q:, W:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: dinsdag 28 december 2010 13:34

Starting search for hidden objects.

C:\Users\Gebruiker\AppData\Roaming\Jagex\Rsbot.jar

C:\Users\Gebruiker\AppData\Roaming\Jagex\Rsbot.jar

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2589062597-774389406-1228636832-1000\Software\Microsoft\Windows Live\Toolbar\RP\dr

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\SoftGrid\4.5\Client\AppFS\contextid

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\pendingfilerenameoperations

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'avscan.exe' - '78' Module(s) have been scanned

Scan process 'avgnt.exe' - '67' Module(s) have been scanned

Scan process 'ArcCon.ac' - '53' Module(s) have been scanned

Scan process 'ACDaemon.exe' - '44' Module(s) have been scanned

Scan process 'MGSysCtrl.exe' - '51' Module(s) have been scanned

Scan process 'soffice.bin' - '93' Module(s) have been scanned

Scan process 'soffice.exe' - '20' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '150' Module(s) have been scanned

Scan process 'CVHSVC.EXE' - '60' Module(s) have been scanned

Scan process 'cfvwl.exe' - '75' Module(s) have been scanned

Scan process 'cfvwl.exe' - '19' Module(s) have been scanned

Scan process 'sftlist.exe' - '70' Module(s) have been scanned

Scan process 'sftvsa.exe' - '28' Module(s) have been scanned

Scan process 'SeaPort.exe' - '66' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned

Scan process 'MSIService.exe' - '26' Module(s) have been scanned

Scan process 'FABS.exe' - '28' Module(s) have been scanned

Scan process 'avguard.exe' - '78' Module(s) have been scanned

Scan process 'ACService.exe' - '24' Module(s) have been scanned

Scan process 'sched.exe' - '50' Module(s) have been scanned

Scan process 'FusionSVC.exe' - '19' Module(s) have been scanned

Scan process 'cfvwli.exe' - '25' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'Q:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'W:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '110' files ).

Starting the file scan:

Begin scan in 'C:\' <OS_Install>

End of the scan: dinsdag 28 december 2010 13:59

Used time: 24:34 Minute(s)

The scan has been canceled!

3212 Scanned directories

267812 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

267812 Files not concerned

1120 Archives were scanned

0 Warnings

0 Notes

425592 Objects were scanned with rootkit scan

4 Hidden objects were found

[kweezie wabbit]

Met deze tool kunnen we dieper en op een andere manier scannen dan een gewone virusscanner.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.