Mededeling

Collapse
No announcement yet.

richfind

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    richfind

    Wie kan mij helpen om deze chitzooi van min pc te verwijderen??
    Ben momenteel al 4 uur bezig maar komt elke keer terug!!!
    Het logboek ziet er als volgt uit.
    Logfile of HijackThis v1.98.2
    Scan saved at 0:48:26, on 26-11-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\ewupdater.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\DitExp.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Stokkers\Mijn documenten\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R3 - URLSearchHook: Search - {2B754C0B-FD52-4E68-BD99-E80D292B148D} - C:\WINDOWS\system32\Q142078.dll
    O1 - Hosts: 213.222.11.11 auto.search.msn.com
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Search - {691DB2FC-9542-427C-BA91-47000EC96581} - C:\WINDOWS\system32\Q142078.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Search - {F1528E24-6ABC-4713-B82C-0860E9AE3618} - C:\WINDOWS\system32\Q142078.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program Files\Nieuwe map\aaSymNetDrv\SNDMon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
    O4 - HKCU\..\Run: [2020Downloader] C:\WINDOWS\mssvr.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Search - {F1528E24-6ABC-4713-B82C-0860E9AE3618} - C:\WINDOWS\system32\Q142078.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Contains -
    O16 - DPF: DownloadInformation -
    O16 - DPF: InstalledVersion -
    O18 - Filter: text/html - {90A0D77C-B05B-40C4-9F08-F2224B88D280} - C:\WINDOWS\system32\Q142078.dll
    O18 - Filter: text/plain - {90A0D77C-B05B-40C4-9F08-F2224B88D280} - C:\WINDOWS\system32\Q142078.dll
    Labels: Geen
    • Citaat
  • #2
    Hi belle,

    Het is handig om deze pagina op te slaan in je favorieten zodat je deze makkelijker kan vinden wanneer je terugkomt.

    Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/

    R3 - URLSearchHook: Search - {2B754C0B-FD52-4E68-BD99-E80D292B148D} - C:\WINDOWS\system32\Q142078.dll

    O1 - Hosts: 213.222.11.11 auto.search.msn.com

    O2 - BHO: Search - {691DB2FC-9542-427C-BA91-47000EC96581} - C:\WINDOWS\system32\Q142078.dll

    O3 - Toolbar: Search - {F1528E24-6ABC-4713-B82C-0860E9AE3618} - C:\WINDOWS\system32\Q142078.dll

    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKCU\..\Run: [2020Downloader] C:\WINDOWS\mssvr.exe

    O9 - Extra button: Search - {F1528E24-6ABC-4713-B82C-0860E9AE3618} - C:\WINDOWS\system32\Q142078.dll

    O16 - DPF: Contains -
    O16 - DPF: DownloadInformation -
    O16 - DPF: InstalledVersion -

    O18 - Filter: text/html - {90A0D77C-B05B-40C4-9F08-F2224B88D280} - C:\WINDOWS\system32\Q142078.dll
    O18 - Filter: text/plain - {90A0D77C-B05B-40C4-9F08-F2224B88D280} - C:\WINDOWS\system32\Q142078.dll

    Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

    Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

    Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

    Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

    C:\WINDOWS\system32\Q142078.dll
    C:\WINDOWS\ewupdater.exe
    C:\WINDOWS\mssvr.exe

    Herstart de computer en post een nieuwe log in deze thread.
    • Citaat

    Comment

    • #3
      richfind

      thanks voor de hulp zo het nu lijkt ben ik er eindelijk van verlost
      • Citaat

      Comment

      • #4
        Oorspronkelijk geplaatst door belle
        thanks voor de hulp zo het nu lijkt ben ik er eindelijk van verlost
        Kan je toch een nieuwe log plaatsen voor de zekerheid.
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X