Vraag & Antwoord

Beveiliging & privacy

http://103.nowfind.biz/search.php?q=vicodin ??? + log

11 antwoorden
  • [b:4a6778b02e]Genoemde website blijft zich hardnekkig opdringen (http://103.nowfind.biz/search.php?q=vicodin), wie kan mij helpen?[/b:4a6778b02e] [b:4a6778b02e]Zie ook mijn log-file:[/b:4a6778b02e] Logfile of HijackThis v1.99.1 Scan saved at 18:10:26, on 7-5-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\wp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WebSiteViewer\125234.dlr C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe O1 - Hosts: auto.search.msn.com 127.0.0.1 O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\3UGHUM~1.DLL O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url= O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url= O13 - Home Prefix: http://103.nowfind.biz/gall.php?url= O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url= O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E252E6E-A7BA-4E08-A813-0A3D5D87CD46}: NameServer = 62.251.0.6 62.251.0.7 O20 - AppInit_DLLs: nno94exkh8js5.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Jack, De 103.nowfind is een lastige. Komt steeds terug omdat dit door een verborgen programma steeds opnieuw wordt geactiveerd. Maar er zijn nog een paar ander infecties aanwezig die we eerst maar moeten verwijderen. Ik ga even kijken. Sjaak
  • Ik heb inmiddels diverse scan en fix acties gedaan gedaan met de volgende log als resultaat waarin de '103.nowfind' aanwezig blijft: Logfile of HijackThis v1.99.1 Scan saved at 20:42:23, on 7-5-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php O1 - Hosts: auto.search.msn.com 127.0.0.1 O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url= O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url= O13 - Home Prefix: http://103.nowfind.biz/gall.php?url= O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url= O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Sjaak heeft gelijk, nowfind is een hele lastige, maar het is mogelijk om deze te verwijderen: http://www.techsupportforum.com/computer/topic/49710-1.html Ik zie dat door jouw scan en fix-acties inmiddels al wel enkele infecties verdwenen zijn :wink:
  • Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of de volgende programma's aanwezig zijn en de-installeer die: - Security IGuard - Virtual Maid - Search Maid Download het volgende bestand [url=http://users.telenet.be/marcvn/regfiles/smitfraudfix.zip]Smitfraudfix.zip[/url] en installeer het bestand op je bureaublad. gebruik het nog niet. Download [url=http://www.atribune.org/downloads/KillBox.exe]Killbox[/url]. Klik op killbox.exe. Kies de optie: "Delete on reboot". [b:9ec722edee]Kopieer[/b:9ec722edee] het volgende vetgedrukte: [b:9ec722edee]C:\wp.exe C:\wp.bmp C:\Windows\sites.ini C:\Windows\popuper.exe C:\Windows\System32\helper.exe C:\Windows\System32\intmonp.exe C:\Windows\System32\msmsgs.exe C:\Windows\System32\ole32vbs.exe C:\Windows\system32\msole32.exe C:\Program Files\WebSiteViewer\125234.dlr [/b:9ec722edee] Open [b:9ec722edee]'file'[/b:9ec722edee] in het killboxmenu bovenaan en kies: [b:9ec722edee]Paste from clipboard[/b:9ec722edee] Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld. Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes die je gekopieerd hebt zien staan (dit is alvast de bedoeling) Daarna klik je op de rode knop met het wit kruisje erin Killbox zal je vertellen dat die bestanden zullen verwijderd worden bij een volgende reboot.. Klik [b:9ec722edee]YES[/b:9ec722edee] Killbox zal vragen of je nu wilt rebooten, klik [b:9ec722edee]YES[/b:9ec722edee] Als je volgende boodschap krijgt: "PendingFileRenameOperations Registry Data has been Removed by External Process!" , dan zal je handmatig moeten rebooten. Je pc moet nu rebooten. Start de computer op in [b:9ec722edee]veilige[/b:9ec722edee] modus. (klik [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] voor hulp) Zorg dat de verborgen bestanden en systeembestanden worden weergegeven. (klik [url=http://users.telenet.be/marcvn/spyware/1117602.htm]hier[/url] voor hulp) Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). En verwijder het volgende [b:9ec722edee](Probeer niet te zoeken via "zoeken" in het startmenu want op die manier worden deze mappen niet zichtbaar)[/b:9ec722edee] C:\Program Files\[b:9ec722edee]Search Maid[/b:9ec722edee] C:\Program Files\[b:9ec722edee]Virtual Maid[/b:9ec722edee] C:\Windows\System32\[b:9ec722edee]Log Files[/b:9ec722edee] C:\Program Files\[b:9ec722edee]Security IGuard[/b:9ec722edee] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:9ec722edee]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\H7U1CS~1.DLL O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe O20 - AppInit_DLLs: nno94exkh8js5.dll [/b:9ec722edee]Sluit alle vensters behalve hijackthis. Klik op 'Fix checked' om de items te verwijderen Dubbelklik nu op het bestand smitfraud.reg Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok. De volgende bestanden verwijderen:[b] C:\WINDOWS\System32\msmsgs.exe c:\wp.exe c:\wp.bmp Herstart de PC nogmaals. Doe vervolgens een scan met [url=http://www.pandasoftware.com/activescan/]Panda[/url] Post het resultaat tesamen met een log van hijackthis. Sjaak
  • Ik zie nu dat er al wat verbetering is uitgevoerd.. Maar volg de instructies maar. msmsgs.exe in system32 hoort daar niet. Wat niet meer aanwezig is hoef je dus niet meer te verwijderen. Sjaak
  • Verwijzingen naar andere logjes zijn gevaarlijk. In het log dat jij daar opgeeft zijn behalve 103.nowfind nog een andere infecties aanwezig waardoor je zeker moet zijn welk tool hier van toepassing is. Gebruik geen DelDomains.inf zoals vaak wordt geadviseerd. Goede kans dat er met een scan van Panda resultaat kan worden geboekt en dat kan nooit kwaad. :wink: Sjaak
  • Ik begrijp wat je bedoelt Sjaak, ik was zelf op zoek gegaan naar een oplossing en zag toen dat jij al gepost had. Ik had de link alleen maar gepost om als inspiratie te laten dienen, omdat er zeer veel mislukte pogingen op het internet te vinden waren en het in dit geval wel gelukt was. Het was niet mijn bedoeling om verwarring te zaaien :roll: vr.gr.smeenk
  • Excuus, ik was even niet in de gelegenheid om al eerder te reageren. Goed, het lijkt erop dat ik aardig van de ellende af ben. Bijgaand de log-files van Panda en Hijack: [b:6ca2f3c46e]Logfile of HijackThis v1.99.1[/b:6ca2f3c46e] Scan saved at 19:33:48, on 10-5-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jack\Mijn documenten\Mijn Downloads\Hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E252E6E-A7BA-4E08-A813-0A3D5D87CD46}: NameServer = 62.251.0.6 62.251.0.7 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe [b:6ca2f3c46e]Panda:[/b:6ca2f3c46e] Incident Status Location Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Air Tickets.lnk Spyware:Spyware/Bridge No disinfected C:\WINDOWS\System32\a.exe Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys Adware:Adware/ExactSearch No disinfected Windows Registry Adware:Adware/SuperSpider No disinfected C:\m.exe Adware:Adware/Startpage.NA No disinfected Windows Registry Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Ab scissor.url Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\mstasks1.exe Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\System32\P2P Networking Adware:Adware/Adsmart No disinfected Windows Registry Adware:Adware/IGuard No disinfected C:\WINDOWS\System32\wldr.dll Adware:Adware/BlueScreenWarningNo disinfected Windows Registry Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Air Tickets.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Car Rentals.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Hotel Deals.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Going Places\Luggage.lnk Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Broadband comparison.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Credit counseling.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Credit report.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Crm software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Debt credit card.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Escorts.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Fha.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Health insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Help desk software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Insurance home.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Loan for debt consolidation.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Loan for people with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Marketing email.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Mortgage insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Mortgage life insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Nevada corporations.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online Betting Site.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online gambling casino.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Online instant loan.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Order phentermine.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Payroll advance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Personal loans online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Personal loans with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Prescription Drugs Rx Online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Refinancing my mortgage.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Tahoe vacation rental.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Unsecured bad credit loans.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\Videos.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Jack\Favorieten\Sites about\What is hydrocodone.url Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Adware Remover.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Anti-Virus.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\PC Cleaner.lnk Adware:Adware/CWS No disinfected C:\Documents and Settings\Jack\Favorieten\Technology\Tech & gadgets.lnk Adware:Adware/SuperSpider No disinfected C:\m.exe Adware:Adware/SuperSpider No disinfected C:\mssys.com Adware:Adware/CWS.Searchmeup No disinfected C:\new.exe Adware:Adware/SuperSpider No disinfected C:\q250204.exe Virus:Exploit/CodeBase.S No disinfected C:\stasxx.chm[1.htm] Spyware:Spyware/Fstb No disinfected C:\stasxx.chm[htm2chm_explorer] Virus:Trj/Delf.NU Disinfected C:\WINDOWS\11460.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\12657.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\12823.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\20085.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\20858.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\21655.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22027.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22183.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22303.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2282.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22843.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\22917.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2310.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23130.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23162.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23188.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23259.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23398.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23543.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23592.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23707.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\23769.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25397.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25516.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25752.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25811.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\25825.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25830.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\25913.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26094.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26167.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26628.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\26776.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26805.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\26948.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27176.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27393.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27421.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27542.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27582.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2760.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27667.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\27704.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2796.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28121.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28215.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2829.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28519.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2852.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28558.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28608.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28670.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2886.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28910.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\28944.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\290.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29028.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29212.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29265.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29318.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29330.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29343.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29373.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29379.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\2946.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29511.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29773.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29775.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\29942.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30028.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30113.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30144.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30382.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30425.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3055.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\30865.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3101.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31037.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31115.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\31201.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3129.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\31717.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3180.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32365.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32650.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\32932.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33041.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33047.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33296.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3343.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33509.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33586.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3366.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3368.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33694.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\33737.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\33776.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34055.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34202.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34270.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34288.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34436.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34456.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\34525.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35087.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35130.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\35452.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36099.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3628.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36485.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36540.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36674.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\36965.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37176.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37202.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37204.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3744.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\37730.exe Virus:Trj/Delf.NU Disinfected C:\WINDOWS\37870.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38104.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38496.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38790.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\38974.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39049.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39143.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3927.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\3930.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39453.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39575.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\39769.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40082.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40174.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40289.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40410.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40496.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40514.exe Virus:Trj/Clicker.DW Disinfected C:\WINDOWS\40694.exe
  • Dat is toch aardig gelukt met Panda. Niet alles is verwijderd maar dat lijstje geef ik dan wel. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:7fa7936899]O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D88476-8B91-4996-80E7-5AA328CCCC14} - (no file) (HKCU) [/b:7fa7936899]Klik op 'Fix checked' om de items te verwijderen In Internet Explorer bij de favorieten de folder "Sites About", "Going Places" en "Technology" verwijderen. Start de verkenner op. Zorg dat de [url=http://users.pandora.be/marcvn/spyware/1117602.htm]besturingssysteembestanden en verborgen bestanden zichtbaar zijn[/url] Ook handig is om de volgende optie onder Mapopties->Weergave [b:7fa7936899]uit[/b:7fa7936899] te zetten: "Extenties voor bekende bestandstypes verbergen" De volgende bestanden verwijderen:[b] C:\m.exe C:\mssys.com C:\new.exe C:\q250204.exe C:\stasxx.chm[1.htm] C:\stasxx.chm[htm2chm_explorer] C:\WINDOWS\mstasks1.exe C:\WINDOWS\smdat32m.sys C:\WINDOWS\System32\a.exe C:\WINDOWS\System32\wldr.dll C:\WINDOWS\System32\P2P Networking\ [b] Verder kan je nog de Tijdelijke internet-bestand verwijderen. In IE onder Extra -> Internet Opties... In het midden klikken op "Bestanden verwijderen" Verwijder ook de bestanden uit de Temp-directory: Klik op Start -> Uitvoeren en typ in : %temp% (en op OK) Alle directories en bestanden selecteren en deze verwijderen. Kijk ook nog eens naar de updates van Windows en installeer een firewall. Ik denk dat jou systeem dan weer in orde is. Sjaak
  • Bedankt voor je hulp en adviezen. :P Heb je nog een tip voor een gratis en praktische firewall? (geen 'sp2') Zoals je ziet heb ik inmiddels ook Avast geinstalleerd die toch ook het e.e.a. al aardig stopt.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.