antivirus.startpagina.nl

nieuw logje

  • Anonymous avatar

    Miranda

    Hoi Paul,

    Hierbij dan het wordpad bestandje

    groetjes Miranda

    REGEDIT4

    ; RegSrch.vbs © Bill James

    ; Registry search results for string “adchannel” 2-11-2005 22:18:18

    ; NOTE: This file will be deleted when you close WordPad.

    ; You must manually save this file to a new location if you want to refer to it again later.

    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

    “ServerAddress”=“adchannel.contextplus.net”

    “LegalNote”=“http://adchannel.contextplus.net/legal-note/nonbranded.html”

    “freq_caps4”="MSCF;freq_caps4;AAAAAAAAAAAAAAAAZixpQwMAAAAjHwAAAAAAAAEAAABPlmhDpx8AAAAAAAABAAAATClpQ9QfAAAAAAAAAwAAAA/iaEMa6WhDTPZoQynfLEw|||||;1043068672;30479393;adchannel.contextplus.net;/services;0;{NULL};"

  • Anonymous avatar

    pablo

    hoi miranda,

    Download AproposFix.

    http://swandog46.geekstogo.com/aproposfix.exe

    Dubbelklik op aproposfix.exe en unzip het naar je bureaublad.

    Gebruik het nog niet.

    Start de computer op in veilige modus.

    Op je bureaublad zoek je de map aproposfix,open de map en dubbelklik RunThis.bat en volg de instructies.

    Wanneer het tooltje klaar is, herstart je de computer in normale windows modus.

    vertel of je nu van je popups af bent en plaats voor de zekerheid nog even een hiojack logje :)

    paul :)

  • Anonymous avatar

    Miranda

    Komt ie dan weer en onderaan staat log.txt!

    groetjes Miranda

    Logfile of HijackThis v1.99.1

    Scan saved at 23:05:49, on 2-11-2005

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

    C:\WINDOWS\System32\sstray.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\CyberLink\PowerVCRII\Agent.exe

    C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe

    C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\PROGRA~1\SYMANT~1\VPTray.exe

    C:\Program Files\Browser MOUSE\mouse32a.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\Shareaza\Shareaza.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program Files\Symantec AntiVirus\DefWatch.exe

    C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    C:\Program Files\hijackthis.exe

    C:\Program Files\hijackthis.exe

    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - Default URLSearchHook is missing

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

    O4 - HKLM\..\Run: sstray.exe /r

    O4 - HKLM\..\Run: Ati2mdxx.exe

    O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: C:\Program Files\Microsoft Works\WkDetect.exe

    O4 - HKLM\..\Run: C:\Program Files\Microsoft Works\wkfud.exe

    O4 - HKLM\..\Run: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: C:\Program Files\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

    O4 - HKLM\..\Run: C:\PROGRA~1\SYMANT~1\VPTray.exe

    O4 - HKLM\..\Run: C:\Program Files\Browser MOUSE\mouse32a.exe

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKCU\..\Run: C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\Shareaza\Shareaza.exe” -tray

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Log of AproposFix v1

    ************

    Running from directory:

    C:\Documents and Settings\Eigenaar\Bureaublad\aproposfix

    ************

    Registry entries found:

    @=“89Cv2\\hiihiijiI8\\xLTabhiihxkiD:4y5D9i9fZaLToniKYPcLYZiMHZZSPWjZfZ”

    “Device”=“\\\\.\\bRGCemtu”

    “DriverPath”=“C:\\WINDOWS\\System32\\drivers\\fasslip.sys”

    “DriverName”=“RSVALG”

    “HideUninstallerName”=“C:\\Program Files\\Gooprose\\ipxraycs.exe”

    “UninstallerPath”=“C:\\WINDOWS\\System32\\ntdpds.exe”

    “UninstallerRegKey”=“HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D85D5437-7F9C-47D9-9942-27368DDF3F6D}”

    “UninstallerParams”=“/CTUN”

    “HDll”=“C:\\WINDOWS\\System32\\screnacm.dll”

    “ServerAddress”=“adchannel.contextplus.net”

    “LegalNote”=“http://adchannel.contextplus.net/legal-note/nonbranded.html”

    “PartnerId”=“CP.IST2”

    “InstallationId”=“{X91fa0df-7c28-50fa-f7f5-3cf6c3de7520}”

    “PageFiltering”=dword:00000001

    “ClientName”=“C:\\Program Files\\Gooprose\\magmsnap.exe”

    ************

    Removing hidden service:

    Service RSVALG removed.

    Removing hidden folder:

    Deletion of folder Gooprose succeeded!

    Deleting files:

    Deletion of file C:\WINDOWS\System32\drivers\fasslip.sys succeeded!

    Deletion of file C:\WINDOWS\System32\fasdeapi.exe succeeded!

    Deletion of file C:\WINDOWS\System32\screnacm.dll succeeded!

    Deletion of file C:\WINDOWS\System32\ntdpds.exe succeeded!

    Backing up files:

    Done!

    Removing registry entries:

    REGEDIT4

    Done!

    Finished!

  • Anonymous avatar

    Miranda

    Hoi Pablo,

    Ik heb mijn hijack logje alweer neergezet, maar nog geen reactie van je gekregen???

    groetjes Miranda

  • Anonymous avatar

    pablo

    hoi miranda,

    sorry,had je logje over het hoofd gezien ;)

    maar het is goed gelukt zo te zien,had je nog problemen met popups? :)

    ik raad je wel aan om nu te updaten naar sp2 ;)

    lees om herhaling (te proberen ) te voorkomen deze beveiligingstips eens door. :)

    paul :)

  • Anonymous avatar

    Miranda

    Hoi Paul,

    Op de een of andere manier levert SP2 bij mij altijd problemen op, dus ik weet niet of dat nou zo verstandig is, maar ik zal het in ieder geval doorlezen!!

    Bedankt!

    groetjes Miranda

  • Anonymous avatar

    pablo

    hoi miranda,

    de problemen met sp2 zouden allemaal opgelost moeten zijn ;):)

    ik zou het dus nog eens proberen ;)

    graag gedaan en succes ;)

    paul :)