Help met Hijack this

hugo2409 · 16 okt 2004

ik heb een log file aangemaakt zou iemand me even kunnen helpen kben nieuw met dit programma, hier is de log:

Logfile of HijackThis v1.98.2
Scan saved at 9:03:19, on 16-10-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Creative\ShareDLL\CtNotify.exe
E:\Program Files\D-Tools\daemon.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
E:\Program Files\Creative\ShareDLL\MediaDet.Exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\MsPMSPSv.exe
C:\PTC\PTC.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\regedit.exe
C:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Richfind - {64B9A473-B409-40A9-A95B-CF0C8D846D50} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Richfind - {55F783B4-7F4C-41B6-9AB6-8DF0A43EBBCB} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {813D4B84-C940-42F8-9CC1-8D9D27DD68FF} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {8763CA84-D56A-4486-B98E-ADCD6E94027E} - E:\WINDOWS\System32\Q97401937.dll
O2 - BHO: Richfind - {92CB7376-2E39-425A-A329-7FEA0F946BF3} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {A4475A0D-1232-44B7-9B7E-EB4736460316} - E:\WINDOWS\System32\Q98133296.dll
O2 - BHO: (no name) - {A4E5E355-8FDD-4370-B9C6-920069E49825} - E:\WINDOWS\System32\fifokm.dll (file missing)
O2 - BHO: Richfind - {C5C2493E-7CE6-4CC8-88AC-E52309FBE5CD} - E:\WINDOWS\System32\Q97238250.dll
O3 - Toolbar: Richfind - {17D81090-88ED-4531-8563-F9CE5227CF62} - E:\WINDOWS\System32\Q97401937.dll
O3 - Toolbar: Richfind - {95F935DC-23D6-419C-974F-D61EA82B58B1} - E:\WINDOWS\System32\Q97238250.dll
O3 - Toolbar: Richfind - {1E185694-19B2-4B08-A5AA-A5A7273DF016} - E:\WINDOWS\System32\Q97820937.dll
O3 - Toolbar: Richfind - {7ABB9133-3BA0-42C6-AE42-C2190929A0F2} - E:\WINDOWS\System32\Q97820937.dll
O3 - Toolbar: Richfind - {F025C832-12B4-41CC-8B3F-56EFE02406EE} - E:\WINDOWS\System32\Q98133296.dll
O3 - Toolbar: Richfind - {FC593DC8-4C66-41CD-8E20-516D03793016} - E:\WINDOWS\System32\Q97820937.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TaskTray] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O9 - Extra button: Richfind - {17D81090-88ED-4531-8563-F9CE5227CF62} - E:\WINDOWS\System32\Q97401937.dll
O9 - Extra button: Richfind - {1E185694-19B2-4B08-A5AA-A5A7273DF016} - E:\WINDOWS\System32\Q97820937.dll
O9 - Extra button: Richfind - {7ABB9133-3BA0-42C6-AE42-C2190929A0F2} - E:\WINDOWS\System32\Q97820937.dll
O9 - Extra button: Richfind - {95F935DC-23D6-419C-974F-D61EA82B58B1} - E:\WINDOWS\System32\Q97238250.dll
O9 - Extra button: Richfind - {F025C832-12B4-41CC-8B3F-56EFE02406EE} - E:\WINDOWS\System32\Q98133296.dll
O9 - Extra button: Richfind - {FC593DC8-4C66-41CD-8E20-516D03793016} - E:\WINDOWS\System32\Q97820937.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - E:\WINDOWS\System32\vbsys.dll

ps: de E: is mijn windows schijf

pcguy · 16 okt 2004

Ziet er lekker uit hoor:8-0:

Kijk ff voor je

pcguy · 16 okt 2004

Hallo hugo,

Sluit alle vensters en laat hijackthis deze items fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R3 - URLSearchHook: Richfind - {64B9A473-B409-40A9-A95B-CF0C8D846D50} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {55F783B4-7F4C-41B6-9AB6-8DF0A43EBBCB} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {813D4B84-C940-42F8-9CC1-8D9D27DD68FF} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {8763CA84-D56A-4486-B98E-ADCD6E94027E} - E:\WINDOWS\System32\Q97401937.dll
O2 - BHO: Richfind - {92CB7376-2E39-425A-A329-7FEA0F946BF3} - E:\WINDOWS\System32\Q97820937.dll
O2 - BHO: Richfind - {A4475A0D-1232-44B7-9B7E-EB4736460316} - E:\WINDOWS\System32\Q98133296.dll
O2 - BHO: (no name) - {A4E5E355-8FDD-4370-B9C6-920069E49825} - E:\WINDOWS\System32\fifokm.dll (file missing)
O2 - BHO: Richfind - {C5C2493E-7CE6-4CC8-88AC-E52309FBE5CD} - E:\WINDOWS\System32\Q97238250.dll
O3 - Toolbar: Richfind - {17D81090-88ED-4531-8563-F9CE5227CF62} - E:\WINDOWS\System32\Q97401937.dll
O3 - Toolbar: Richfind - {95F935DC-23D6-419C-974F-D61EA82B58B1} - E:\WINDOWS\System32\Q97238250.dll
O3 - Toolbar: Richfind - {1E185694-19B2-4B08-A5AA-A5A7273DF016} - E:\WINDOWS\System32\Q97820937.dll
O3 - Toolbar: Richfind - {7ABB9133-3BA0-42C6-AE42-C2190929A0F2} - E:\WINDOWS\System32\Q97820937.dll
O3 - Toolbar: Richfind - {F025C832-12B4-41CC-8B3F-56EFE02406EE} - E:\WINDOWS\System32\Q98133296.dll
O3 - Toolbar: Richfind - {FC593DC8-4C66-41CD-8E20-516D03793016} - E:\WINDOWS\System32\Q97820937.dll
O9 - Extra button: Richfind - {17D81090-88ED-4531-8563-F9CE5227CF62} - E:\WINDOWS\System32\Q97401937.dll
O9 - Extra button: Richfind - {1E185694-19B2-4B08-A5AA-A5A7273DF016} - E:\WINDOWS\System32\Q97820937.dll
O9 - Extra button: Richfind - {7ABB9133-3BA0-42C6-AE42-C2190929A0F2} - E:\WINDOWS\System32\Q97820937.dll
O9 - Extra button: Richfind - {95F935DC-23D6-419C-974F-D61EA82B58B1} - E:\WINDOWS\System32\Q97238250.dll
O9 - Extra button: Richfind - {F025C832-12B4-41CC-8B3F-56EFE02406EE} - E:\WINDOWS\System32\Q98133296.dll
O9 - Extra button: Richfind - {FC593DC8-4C66-41CD-8E20-516D03793016} - E:\WINDOWS\System32\Q97820937.dll
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - E:\WINDOWS\System32\vbsys.dll

Herstart in veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm
Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm
Verwijder indien aanwezig deze items:

E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q97401937.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q98133296.dll <--- deze file
E:\WINDOWS\System32\Q97238250.dll <--- deze file
E:\WINDOWS\System32\Q97401937.dll <--- deze file
E:\WINDOWS\System32\Q97238250.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q98133296.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q97401937.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
E:\WINDOWS\System32\Q97238250.dll <--- deze file
E:\WINDOWS\System32\Q98133296.dll <--- deze file
E:\WINDOWS\System32\Q97820937.dll <--- deze file
c:\x.cab <--- deze file
E:\WINDOWS\System32\vbsys.dll <--- deze file

Herstart in gewone modus en plaats een nieuwe log.

hugo2409 · 16 okt 2004

wat is die site achter het veilige modus stukje?

pcguy · 16 okt 2004

Dat zijn links op/naar deze site: http://users.pandora.be/marcvn/spyware

Die site is gemaakt door iemand die op een ander forum waar ik ook zit spyware problemen oplost en hijackthislogs controleert. (dat forum ga ik natuurlijk niet hier posten aangezien dat spam zou zijn)

hugo2409 · 16 okt 2004

k bedankt

hugo2409 · 16 okt 2004

mijn nieuwe log

Logfile of HijackThis v1.98.2
Scan saved at 10:06:51, on 16-10-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
C:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O18 - Filter: text/html - {1C8D1D08-6D60-4478-8438-AB02BE62BC1C} - E:\WINDOWS\System32\Q97820937.dll
O18 - Filter: text/plain - {1C8D1D08-6D60-4478-8438-AB02BE62BC1C} - E:\WINDOWS\System32\Q97820937.dll

pcguy · 16 okt 2004

Heb je andere dingen laten fixen of niet je hele log gepost?

hugo2409 · 16 okt 2004

eeer nee wat er in stond maar is het niet goed dan?

hugo2409 · 16 okt 2004

hmz kheb toch wat te veel weggegooid :S kon me handschrift niet lezen en nu week niet wat ik te veel heb weggegooid, oeps :S

pcguy · 16 okt 2004

Edit: nu wel duidelijk schrijven dan,
Plaats eens alle backups terug, dan beginnen we opnieuw!

hugo2409 · 16 okt 2004

ok dan

hugo2409 · 16 okt 2004

ik kopieer de log naar me laptop dan ken ik het iig lezen :S

hugo2409 · 16 okt 2004

ok nu heb ik precies het lijstje gevolgd en ik krijg deze log:

Logfile of HijackThis v1.98.2
Scan saved at 10:42:29, on 16-10-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Creative\ShareDLL\CtNotify.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe
E:\Program Files\Creative\ShareDLL\MediaDet.Exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
C:\downloads\HijackThis.exe
E:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {64B9A473-B409-40A9-A95B-CF0C8D846D50} - (no file)
R3 - URLSearchHook: Richfind - {C71EB63B-C8B1-4D58-810B-3DE435B8BF4E} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Richfind - {69C9D888-FF3F-4331-BB44-02C3F4B43C50} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O3 - Toolbar: (no name) - {FC593DC8-4C66-41CD-8E20-516D03793016} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Richfind - {AA56B95C-26DE-4756-AFBB-1302C6D2F545} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "E:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: DAEMON Tools.lnk = E:\Program Files\D-Tools\daemon.exe
O4 - Global Startup: Creative Taskbar.lnk = E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - Global Startup: MSN Messenger 6.2.lnk = ?
O9 - Extra button: Richfind - {AA56B95C-26DE-4756-AFBB-1302C6D2F545} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O18 - Filter: text/html - {38686ADA-28E5-448E-9332-467E1BE96A53} - E:\WINDOWS\System32\Q97820937.dll
O18 - Filter: text/plain - {38686ADA-28E5-448E-9332-467E1BE96A53} - E:\WINDOWS\System32\Q97820937.dll

dat betekend dak nog geinfected ben cker?

pcguy · 16 okt 2004

kijk erna

hugo2409 · 16 okt 2004

k dat had ik gedaan en meteen het lijstje gevolgd nu krijg ik het laatste log wat ik gepost heb.

hugo2409 · 16 okt 2004

die richfind dingen moeten iig weg

pcguy · 16 okt 2004

Je bent idd weer geinfecteerd ja, dat komt omdat ik je de gefixte items terug heb laten zetten. (die backups)

Sluit alle vensters en laat alleen deze items repareren door hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R3 - URLSearchHook: (no name) - {64B9A473-B409-40A9-A95B-CF0C8D846D50} - (no file)
R3 - URLSearchHook: Richfind - {C71EB63B-C8B1-4D58-810B-3DE435B8BF4E} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O2 - BHO: Richfind - {69C9D888-FF3F-4331-BB44-02C3F4B43C50} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O3 - Toolbar: (no name) - {FC593DC8-4C66-41CD-8E20-516D03793016} - (no file)
O3 - Toolbar: Richfind - {AA56B95C-26DE-4756-AFBB-1302C6D2F545} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O9 - Extra button: Richfind - {AA56B95C-26DE-4756-AFBB-1302C6D2F545} - E:\WINDOWS\System32\Q97820937.dll (file missing)
O18 - Filter: text/html - {38686ADA-28E5-448E-9332-467E1BE96A53} - E:\WINDOWS\System32\Q97820937.dll
O18 - Filter: text/plain - {38686ADA-28E5-448E-9332-467E1BE96A53} - E:\WINDOWS\System32\Q97820937.dll

Herstart weer in veilige modus en laat weer alle bestanden weergeven, verwijder deze indien aanwezig:

E:\WINDOWS\System32\Q97820937.dll

Herstart en plaats een nieuwe log

edit: wil je alsjeblieft niet tussendoor zelf aan het rommelen gaan?
edi2: dat ze terug waren is omdat je de verkeerde ook hebt gefixt en je om dat te herstellen van mij die backups terug moest zetten.

hugo2409 · 16 okt 2004

kheb het gedaan en hier is me nieuwe log:

Logfile of HijackThis v1.98.2
Scan saved at 10:54:06, on 16-10-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Creative\ShareDLL\CtNotify.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe
E:\Program Files\Creative\ShareDLL\MediaDet.Exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\MsPMSPSv.exe
C:\downloads\HijackThis.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "E:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] E:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: DAEMON Tools.lnk = E:\Program Files\D-Tools\daemon.exe
O4 - Global Startup: Creative Taskbar.lnk = E:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - Global Startup: MSN Messenger 6.2.lnk = ?
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

pcguy · 16 okt 2004

Ziet er netjes uit nu :thumb:

Help met Hijack this

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Gebruiker

Wij waarderen jouw privacy