Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

http://103.nowfind.biz/search.php?q=vicodin ??? + log

steggel
11 antwoorden
  • [b:4a6778b02e]Genoemde website blijft zich hardnekkig opdringen (http://103.nowfind.biz/search.php?q=vicodin), wie kan mij helpen?[/b:4a6778b02e]

    [b:4a6778b02e]Zie ook mijn log-file:[/b:4a6778b02e]

    Logfile of HijackThis v1.99.1
    Scan saved at 18:10:26, on 7-5-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\wp.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WebSiteViewer\125234.dlr
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
    O1 - Hosts: auto.search.msn.com 127.0.0.1
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\3UGHUM~1.DLL
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
    O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url=
    O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url=
    O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
    O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E252E6E-A7BA-4E08-A813-0A3D5D87CD46}: NameServer = 62.251.0.6 62.251.0.7
    O20 - AppInit_DLLs: nno94exkh8js5.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
  • Jack,

    De 103.nowfind is een lastige. Komt steeds terug omdat dit door een verborgen programma steeds opnieuw wordt geactiveerd.

    Maar er zijn nog een paar ander infecties aanwezig die we eerst maar moeten verwijderen.

    Ik ga even kijken.

    Sjaak
  • Ik heb inmiddels diverse scan en fix acties gedaan gedaan met de volgende log als resultaat waarin de '103.nowfind' aanwezig blijft:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:42:23, on 7-5-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
    O1 - Hosts: auto.search.msn.com 127.0.0.1
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url=
    O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url=
    O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
    O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
  • Sjaak heeft gelijk, nowfind is een hele lastige, maar het is mogelijk om deze te verwijderen:

    http://www.techsupportforum.com/computer/topic/49710-1.html

    Ik zie dat door jouw scan en fix-acties inmiddels al wel enkele infecties verdwenen zijn :wink:
  • Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of de volgende programma's aanwezig zijn en de-installeer die:

    - Security IGuard
    - Virtual Maid
    - Search Maid

    Download het volgende bestand Smitfraudfix.zip en installeer het bestand op je bureaublad.
    gebruik het nog niet.

    Download Killbox.
    Klik op killbox.exe.
    Kies de optie: "Delete on reboot".
    [b:9ec722edee]Kopieer[/b:9ec722edee] het volgende vetgedrukte:

    [b:9ec722edee]C:\wp.exe
    C:\wp.bmp
    C:\Windows\sites.ini
    C:\Windows\popuper.exe
    C:\Windows\System32\helper.exe
    C:\Windows\System32\intmonp.exe
    C:\Windows\System32\msmsgs.exe
    C:\Windows\System32\ole32vbs.exe
    C:\Windows\system32\msole32.exe
    C:\Program Files\WebSiteViewer\125234.dlr [/b:9ec722edee]

    Open [b:9ec722edee]'file'[/b:9ec722edee] in het killboxmenu bovenaan en kies: [b:9ec722edee]Paste from clipboard[/b:9ec722edee]

    Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
    Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

    Daarna klik je op de rode knop met het wit kruisje erin
    Killbox zal je vertellen dat die bestanden zullen verwijderd worden bij een volgende reboot.. Klik [b:9ec722edee]YES[/b:9ec722edee]
    Killbox zal vragen of je nu wilt rebooten, klik [b:9ec722edee]YES[/b:9ec722edee]
    Als je volgende boodschap krijgt: "PendingFileRenameOperations Registry Data has been Removed by External Process!" , dan zal je handmatig moeten rebooten.

    Je pc moet nu rebooten.

    Start de computer op in [b:9ec722edee]veilige[/b:9ec722edee] modus. (klik hier voor hulp)
    Zorg dat de verborgen bestanden en systeembestanden worden weergegeven. (klik hier voor hulp)

    Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). En verwijder het volgende [b:9ec722edee](Probeer niet te zoeken via "zoeken" in het startmenu want op die manier worden deze mappen niet zichtbaar)[/b:9ec722edee]

    C:\Program Files\[b:9ec722edee]Search Maid[/b:9ec722edee]
    C:\Program Files\[b:9ec722edee]Virtual Maid[/b:9ec722edee]
    C:\Windows\System32\[b:9ec722edee]Log Files[/b:9ec722edee]
    C:\Program Files\[b:9ec722edee]Security IGuard[/b:9ec722edee]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:9ec722edee]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\H7U1CS~1.DLL
    O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
    O20 - AppInit_DLLs: nno94exkh8js5.dll
    [/b:9ec722edee]Sluit alle vensters behalve hijackthis.
    Klik op 'Fix checked' om de items te verwijderen

    Dubbelklik nu op het bestand smitfraud.reg
    Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.

    De volgende bestanden verwijderen:
    C:\WINDOWS\System32\msmsgs.exe
    c:\wp.exe
    c:\wp.bmp

    Herstart de PC nogmaals.

    Doe vervolgens een scan met Panda

    Post het resultaat tesamen met een log van hijackthis.

    Sjaak
  • Ik zie nu dat er al wat verbetering is uitgevoerd..
    Maar volg de instructies maar. msmsgs.exe in system32 hoort daar niet.

    Wat niet meer aanwezig is hoef je dus niet meer te verwijderen.

    Sjaak
  • Verwijzingen naar andere logjes zijn gevaarlijk.
    In het log dat jij daar opgeeft zijn behalve 103.nowfind nog een andere infecties aanwezig waardoor je zeker moet zijn welk tool hier van toepassing is.

    Gebruik geen DelDomains.inf zoals vaak wordt geadviseerd.

    Goede kans dat er met een scan van Panda resultaat kan worden geboekt en dat kan nooit kwaad. :wink:

    Sjaak
  • Ik begrijp wat je bedoelt Sjaak, ik was zelf op zoek gegaan naar een oplossing en zag toen dat jij al gepost had.

    Ik had de link alleen maar gepost om als inspiratie te laten dienen, omdat er zeer veel mislukte pogingen op het internet te vinden waren en het in dit geval wel gelukt was.

    Het was niet mijn bedoeling om verwarring te zaaien :roll:

    vr.gr.smeenk
  • Excuus, ik was even niet in de gelegenheid om al eerder te reageren.

    Goed, het lijkt erop dat ik aardig van de ellende af ben.
    Bijgaand de log-files van Panda en Hijack:


    [b:6ca2f3c46e]Logfile of HijackThis v1.99.1[/b:6ca2f3c46e]
    Scan saved at 19:33:48, on 10-5-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin
    pjpi142.dll
    O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E252E6E-A7BA-4E08-A813-0A3D5D87CD46}: NameServer = 62.251.0.6 62.251.0.7
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    [b:6ca2f3c46e]Panda:[/b:6ca2f3c46e]


    Incident Status Location

    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Air Tickets.lnk
    Spyware:Spyware/Bridge No disinfected C:\WINDOWS\System32\a.exe
    Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
    Adware:Adware/ExactSearch No disinfected Windows Registry
    Adware:Adware/SuperSpider No disinfected C:\m.exe
    Adware:Adware/Startpage.NA No disinfected Windows Registry
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Ab scissor.url
    Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\mstasks1.exe
    Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\System32\P2P Networking
    Adware:Adware/Adsmart No disinfected Windows Registry
    Adware:Adware/IGuard No disinfected C:\WINDOWS\System32\wldr.dll
    Adware:Adware/BlueScreenWarningNo disinfected Windows Registry
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Air Tickets.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Car Rentals.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Hotel Deals.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Luggage.lnk
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Ab scissor.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Broadband comparison.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Credit counseling.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Credit report.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Crm software.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Debt credit card.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Escorts.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Fha.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Health insurance.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Help desk software.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Insurance home.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Loan for debt consolidation.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Loan for people with bad credit.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Marketing email.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Mortgage insurance.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Mortgage life insurance.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Nevada corporations.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online Betting Site.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online gambling casino.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online instant loan.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Order phentermine.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Payroll advance.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Personal loans online.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Personal loans with bad credit.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Prescription Drugs Rx Online.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Refinancing my mortgage.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Tahoe vacation rental.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Unsecured bad credit loans.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Videos.url
    Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\What is hydrocodone.url
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Adware Remover.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Anti-Virus.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\PC Cleaner.lnk
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Tech & gadgets.lnk
    Adware:Adware/SuperSpider No disinfected C:\m.exe
    Adware:Adware/SuperSpider No disinfected C:\mssys.com
    Adware:Adware/CWS.Searchmeup No disinfected C:
    ew.exe
    Adware:Adware/SuperSpider No disinfected C:\q250204.exe
    Virus:Exploit/CodeBase.S No disinfected C:\stasxx.chm[1.htm]
    Spyware:Spyware/Fstb No disinfected C:\stasxx.chm[htm2chm_explorer]
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\11460.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\12657.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\12823.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\20085.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\20858.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\21655.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22027.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22183.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22303.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2282.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22843.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22917.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2310.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23130.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23162.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23188.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23259.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23398.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23543.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23592.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23707.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23769.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25397.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25516.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25752.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25811.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\25825.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25830.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25913.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26094.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26167.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26628.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\26776.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26805.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26948.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27176.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27393.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27421.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27542.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27582.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2760.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27667.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27704.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2796.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28121.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28215.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2829.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28519.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2852.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28558.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28608.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28670.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2886.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28910.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28944.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\290.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29028.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29212.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29265.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29318.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29330.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29343.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29373.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29379.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2946.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29511.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29773.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29775.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29942.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30028.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30113.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30144.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30382.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30425.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3055.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30865.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3101.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31037.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31115.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31201.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3129.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\31717.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3180.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32365.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32650.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32932.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33041.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33047.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33296.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3343.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33509.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33586.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3366.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3368.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33694.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33737.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\33776.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34055.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34202.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34270.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34288.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34436.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34456.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34525.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35087.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35130.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35452.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36099.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3628.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36485.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36540.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36674.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36965.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37176.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37202.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37204.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3744.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37730.exe
    Virus:Trj/Delf.NU Disinfected C:\WINDOWS\37870.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38104.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38496.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38790.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38974.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39049.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39143.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3927.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3930.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39453.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39575.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39769.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40082.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40174.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40289.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40410.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40496.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40514.exe
    Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40694.exe
  • Dat is toch aardig gelukt met Panda. Niet alles is verwijderd maar dat lijstje geef ik dan wel.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:7fa7936899]O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU)
    [/b:7fa7936899]Klik op 'Fix checked' om de items te verwijderen

    In Internet Explorer bij de favorieten de folder "Sites About", "Going Places" en "Technology" verwijderen.

    Start de verkenner op.
    Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn
    Ook handig is om de volgende optie onder Mapopties->Weergave [b:7fa7936899]uit[/b:7fa7936899] te zetten:
    "Extenties voor bekende bestandstypes verbergen"
    De volgende bestanden verwijderen:
    C:\m.exe
    C:\mssys.com
    C:
    ew.exe
    C:\q250204.exe
    C:\stasxx.chm[1.htm]
    C:\stasxx.chm[htm2chm_explorer]

    C:\WINDOWS\mstasks1.exe
    C:\WINDOWS\smdat32m.sys

    C:\WINDOWS\System32\a.exe
    C:\WINDOWS\System32\wldr.dll

    C:\WINDOWS\System32\P2P Networking\


    Verder kan je nog de Tijdelijke internet-bestand verwijderen.
    In IE onder Extra -> Internet Opties… In het midden klikken op "Bestanden verwijderen"

    Verwijder ook de bestanden uit de Temp-directory:
    Klik op Start -> Uitvoeren en typ in : %temp% (en op OK)
    Alle directories en bestanden selecteren en deze verwijderen.

    Kijk ook nog eens naar de updates van Windows en installeer een firewall.
    Ik denk dat jou systeem dan weer in orde is.

    Sjaak
  • Bedankt voor je hulp en adviezen. :P

    Heb je nog een tip voor een gratis en praktische firewall? (geen 'sp2')

    Zoals je ziet heb ik inmiddels ook Avast geinstalleerd die toch ook het e.e.a. al aardig stopt.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.