antivirus.startpagina.nl

wat wel en niet

  • Anonymous avatar

    Ermo

    Bij deze een log van mij.

    Ik weet niet wat wel en niet op de computer thuis hoort. Heb inmiddels Spy, AdAware, Coolw gedaan.

    Logfile of HijackThis v1.99.1

    Scan saved at 22:26:10, on 15-11-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\cisvc.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Norton AntiVirus\SAVScan.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    C:\WINDOWS\system32\cidaemon.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Messenger Plus! 3\MsgPlus.exe

    C:\Program Files\Media Access\MediaAccK.exe

    C:\Program Files\Media Access\MediaAccess.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\devldr32.exe

    E:\Erwin en Monique\download\Hijack This\hijackthis.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O4 - HKLM\..\Run: SysTray.Exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Messenger Plus! 3\MsgPlus.exe”

    O4 - HKLM\..\Run: C:\Program Files\Media Access\MediaAccK.exe

    O4 - HKLM\..\Run: c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: D:\Setup.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehouse.com/games/chainz2/mjolauncher.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Bij voorbaat mijn dank,

    Ermo

  • Anonymous avatar

    Avondsmurf

    Ermo,

    Je mag Hijackthis nog een keer opstarten en de volgende regels nog even aanvinken en vervolgens op fix klikken:

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

    O4 - HKLM\..\Run: D:\Setup.exe

    Vrewijder vervolgens de volgende map van je computer:

    C:\Program Files\iMesh

    Restart hierna je computer opnieuw en plaats hier een nieuw logje ter controlle en vertel even wat je bevindingen nu zijn………… Smurfie :)

  • Anonymous avatar

    Ermo

    Weer een log. Hopelijk ziet er goed uit.

    Logfile of HijackThis v1.99.1

    Scan saved at 23:47:58, on 15-11-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\cisvc.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Norton AntiVirus\SAVScan.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    C:\WINDOWS\system32\cidaemon.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Messenger Plus! 3\MsgPlus.exe

    C:\Program Files\Media Access\MediaAccK.exe

    C:\Program Files\Media Access\MediaAccess.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\devldr32.exe

    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

    C:\Program Files\Norton AntiVirus\OPScan.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O4 - HKLM\..\Run: SysTray.Exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Messenger Plus! 3\MsgPlus.exe”

    O4 - HKLM\..\Run: C:\Program Files\Media Access\MediaAccK.exe

    O4 - HKLM\..\Run: c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehouse.com/games/chainz2/mjolauncher.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Dank,

    Ermo

  • Anonymous avatar

    Argus

    Media Access:http://www.bleepingcomputer.com/startups/MediaAccK.exe-7591.html

  • Anonymous avatar

    lucas

    Hoi Smurfie brilletje weer smerig :D

    Ermo,

    Volg het advies van Argus nog even op.

    Start op in veilige modus (uitleg )

    Start alléén hijack,vink alleen de onderstaande regels aan en klik op “fix checked”

    O4 - HKLM\..\Run: C:\Program Files\Media Access\MediaAccK.exe

    Verwijder de volgende map.

    C:/WINDOWS/MADOPEW.DLL

    C:\Program Files\Media Access\ <–deze map

    Leeg je temp file's,de mappen vet gedrukt leegmaken, niet verwijderen!:

    C:\Windows\Geschiedenis\

    C:\Windows\History\

    C:\Windows\Temp\

    C:\Windows\Temporary Internet Files\Content.ie5\

    Lucas :)

  • Anonymous avatar

    lucas

    Ermo,

    Hierbij een correctie op de aanvulling ;)

    Per ongeluk een bestand laten staan die niet bij jouw logje hoord, excuus.

    Start op in veilige modus (uitleg )

    Start alléén hijack,vink alleen de onderstaande regels aan en klik op “fix checked”

    O4 - HKLM\..\Run: C:\Program Files\Media ccess\MediaAccK.exe

    Verwijder de volgende map.

    C:\Program Files\Media Access\ <–deze map

    Leeg je temp file's,de mappen vet gedrukt leegmaken, niet verwijderen!:

    C:\Windows\Geschiedenis\

    C:\Windows\History\

    C:\Windows\Temp\

    C:\Windows\Temporary Internet Files\Content.ie5\

    Lucas die klaarblijkelijk een brilletje nodig heeft :)