Vraag & Antwoord

Beveiliging & privacy

AirLive camera install

Anoniem
opamax
9 antwoorden
  • Hallo,
    Had een AirLive Camara geinstalleerd en later voor een ander gekozen. Die kan ik niet installeren. Mogelijk omdat er van de vorige install nog ergens restanten zijn achtergebleven. Zag ergens een melding dat er een file in /doc../..temp/{665C721C…. niet geinstalleerd kon worden.Heb nu mijn veiligheidprocedure gevolgd (temp weg, fxbear,fxnetsky etc) en een logje gemaakt van Hijackthis. Dat gaat hierbij. Zijn er specialisten die in dat logje iets verkeerds zien (algemeen) en is er iets te zien wat de install van een AirLive camera tegenwerkt ?
    Bij voorbaat hartelijk dank voor de moeite en advies.
    opamax
  • [quote:4b39825bb7="opamax"]Hallo,opamax[/quote:4b39825bb7]
    Logfile of HijackThis v1.99.1
    Scan saved at 23:55:49, on 16-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\multimedia\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Security\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    D:\Cybershot\Picture Package Menu\SonyTray.exe
    D:\Cybershot\Picture Package Applications\Residence.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Security\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Security\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Picture Package Menu.lnk = D:\Cybershot\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = D:\Cybershot\Picture Package Applications\Residence.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95886640-1499-4D7B-AF72-A09522AF0F56}: NameServer = 212.45.33.3,212.45.32.3
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\multimedia\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    Hierbij dan alsnog.
  • Kun je eens de exacte melding geven van de fout die je krijgt?

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:1474602378]
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    [/b:1474602378]

    Sluit alle openstaande vensters, behalve Hijackthis en klik op 'Fix Checked'

    Download Combofix naar je Bureaublad.
    [list:1474602378]
    Dubbelklik [b:1474602378]Combofix.exe[/b:1474602378]
    Volg de instructies, aanvaard de disclaimer door "[b:1474602378]1[/b:1474602378]" te typen en te bevestigen via "[b:1474602378]Enter[/b:1474602378]".
    Tijdens het runnen van de fix, [b:1474602378]NIET[/b:1474602378] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:1474602378]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:1474602378]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:1474602378]

    [b:1474602378]Note:[/b:1474602378] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Pim
  • De juiste melding tijdens (en tevens het einde van) de install van AIRLIVE: [code:1:b65da477cd]Do you want to completely remove the selected application and all of its components ?[/code:1:b65da477cd]Zal vanavond het advies volgen
  • Hier de HT-log:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:55:49, on 16-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\multimedia\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Security\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    D:\Cybershot\Picture Package Menu\SonyTray.exe
    D:\Cybershot\Picture Package Applications\Residence.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Security\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Security\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Picture Package Menu.lnk = D:\Cybershot\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = D:\Cybershot\Picture Package Applications\Residence.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95886640-1499-4D7B-AF72-A09522AF0F56}: NameServer = 212.45.33.3,212.45.32.3
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\multimedia\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    En hier de Combo-log:
    ComboFix 07-10-17.8 - Gebruiker 2007-10-17 21:49:51.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.59 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))
    .

    2007-10-17 21:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-17 10:34 <DIR> dr-h—– C:\Documents and Settings\Gebruiker\Onlangs geopend
    2007-10-09 21:14 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-09-17 10:30 66,048 –a—— C:\WINDOWS\ieResetIcons.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-17 13:02 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\OpenOffice.org2
    2007-10-17 08:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-17 08:26 ——— d—–w C:\Program Files\Security n Tools
    2007-10-16 21:42 96,256 —-a-w C:\WINDOWS\system32\drivers\sptd3069.sys
    2007-10-10 19:00 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-10-10 16:36 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
    2007-09-16 18:04 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\EssentialPIM
    2007-09-16 17:56 ——— d—–w C:\Program Files\Kantoor
    2007-09-07 08:38 ——— d—–w C:\Program Files\Google
    2007-09-07 08:35 ——— d—–w C:\Program Files\Google-Earth
    2007-09-06 13:26 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-08-24 15:07 ——— d—–w C:\Program Files\Common Files\Vbox
    2007-02-26 12:56 284 —-a-w C:\Documents and Settings\Gebruiker\Application Data\ViewerApp.dat
    2005-01-19 23:22 72,826,832 -c–a-w C:\Program Files\A140609_NLD_XP.exe
    2004-08-03 23:03:38 73,728 –sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    2007-07-02 14:03:19 4,775,712 –sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-07-02 14:03:19 172,320 –sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 15:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "SpybotSD TeaTimer"="C:\Program Files\Security\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" []

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00]
    Picture Package Menu.lnk - D:\Cybershot\Picture Package Menu\SonyTray.exe [2005-04-18 03:38:48]
    Picture Package VCD Maker.lnk - D:\Cybershot\Picture Package Applications\Residence.exe [2005-04-18 03:38:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    S3 rtl8029;NT-stuurprogramma voor Realtek RTL8029(AS)-based PCI Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{242a407d-9d74-11d9-8ce6-806d6172696f}]
    AutoRun\command - F:\setup.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-11 22:59:00 C:\WINDOWS\Tasks\PrijzenBackup.bat.job"
    - C:\PrijzenBackup.bat
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-17 21:53:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-17 21:54:05 - machine was rebooted
    .
    — E O F —

    Ben benieuwd wat specialisten-oog ontdekt. Alvast bedankt voor de aaandacht.
  • Install AirLive-camera nog/weer onderbroken. Exacte melding als de laatste keer gemeld. Ra Ra ??
  • Kan je bij die foutmelding net gewoon Yes/Ja intypen, als het goed is gaat hij dan de vorige verwijderen.

    Je logjes zijn schoon.
  • Op het punt van de afgebroken install komt er de melding: 'Do you want to completely remove the selected application and all of its components ?"
    En dan de keuzes: OK of Annuleren. Beide hetzelfde resultaat.
    En hiervoor is er geen keuze dan wel/niet install.
  • Dan weet ik het ook niet meer :cry:

    Ik zou je probleem even voorleggen in de Windows sectie op dit forum, daar zitten mensen die er meer verstand van hebben dan ik. Verwijs dan wel even naar dit topic, het heeft i.i.g. niks met spyware te maken!

    Succes!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.