Richfind probleem

  • Onderwerp starter Onderwerp starter Edu
  • Startdatum Startdatum
Status
Niet open voor verdere reacties.
E

Edu

Gebruiker
Lid geworden
2 jan 2003
Berichten
20
Hallo experts,

ook ik heb last van de vervelende on(lo)smakelijke Richfind toolbar en startpagina.
Heb gescand met Ad-Aware build 1.05.
Daarna met Hijack v 1.98.2 en bijgaande logfile gemaakt
Wie verlost mij van Richfind?
Bij voorbaat mijn dank.

Edu


Logfile of HijackThis v1.98.2
Scan saved at 21:44:28, on 6-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Capture Express\capexp.exe
C:\Documents and Settings\Eduard\Application Data\Map Maker\MMManager.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Creative\PlayCenter2\CTPLAY2.EXE
C:\WINDOWS\system32\ntvdm.exe
D:\Downloads\Bewaren\Beveiliging\Hijack_This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://groups.google.nl/advanced_group_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Richfind - {E3713899-6AD3-4701-B992-A38090891FD7} - C:\WINDOWS\System32\Q15729487.dll
R3 - URLSearchHook: Richfind - {59091771-02C3-4172-93D6-FF51A05C9F7D} - C:\WINDOWS\System32\Q15729487.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Richfind - {14A51B61-20F2-48BD-8388-53B79C5FF150} - C:\WINDOWS\System32\Q15729487.dll
O2 - BHO: Richfind - {454515E6-38E2-4E87-87FD-C5074414EDF3} - C:\WINDOWS\System32\Q15729487.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Richfind - {B718ADF1-3237-4410-8F4C-108D3EFEC010} - C:\WINDOWS\System32\Q15729487.dll
O3 - Toolbar: Richfind - {CFD0C15B-0BB8-4E30-A2C8-D56201985AA2} - C:\WINDOWS\System32\Q15729487.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Capture Express 2000.lnk = C:\Program Files\Capture Express\capexp.exe
O4 - Startup: SunClock5.lnk = C:\Documents and Settings\Eduard\Application Data\Map Maker\MMManager.exe
O9 - Extra button: Richfind - {B718ADF1-3237-4410-8F4C-108D3EFEC010} - C:\WINDOWS\System32\Q15729487.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Richfind - {CFD0C15B-0BB8-4E30-A2C8-D56201985AA2} - C:\WINDOWS\System32\Q15729487.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} (AcontiX Control) - http://secure.aconti.net/acontix/goodthinxx.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O18 - Filter: text/html - {483B2A1A-4F52-47BA-90C1-61141AFE5D30} - C:\WINDOWS\System32\Q15729487.dll
O18 - Filter: text/plain - {483B2A1A-4F52-47BA-90C1-61141AFE5D30} - C:\WINDOWS\System32\Q15729487.dll
 
Geplaatst door Edu

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/

R3 - URLSearchHook: Richfind - {E3713899-6AD3-4701-B992-A38090891FD7} - C:\WINDOWS\System32\Q15729487.dll
R3 - URLSearchHook: Richfind - {59091771-02C3-4172-93D6-FF51A05C9F7D} - C:\WINDOWS\System32\Q15729487.dll

O2 - BHO: Richfind - {14A51B61-20F2-48BD-8388-53B79C5FF150} - C:\WINDOWS\System32\Q15729487.dll
O2 - BHO: Richfind - {454515E6-38E2-4E87-87FD-C5074414EDF3} - C:\WINDOWS\System32\Q15729487.dll

O3 - Toolbar: Richfind - {B718ADF1-3237-4410-8F4C-108D3EFEC010} - C:\WINDOWS\System32\Q15729487.dll
O3 - Toolbar: Richfind - {CFD0C15B-0BB8-4E30-A2C8-D56201985AA2} - C:\WINDOWS\System32\Q15729487.dll

O9 - Extra button: Richfind - {B718ADF1-3237-4410-8F4C-108D3EFEC010} - C:\WINDOWS\System32\Q15729487.dll
O9 - Extra button: Richfind - {CFD0C15B-0BB8-4E30-A2C8-D56201985AA2} - C:\WINDOWS\System32\Q15729487.dll

O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} (AcontiX Control) - http://secure.aconti.net/acontix/goodthinxx.cab

O18 - Filter: text/html - {483B2A1A-4F52-47BA-90C1-61141AFE5D30} - C:\WINDOWS\System32\Q15729487.dll
O18 - Filter: text/plain - {483B2A1A-4F52-47BA-90C1-61141AFE5D30} - C:\WINDOWS\System32\Q15729487.dll
Klik om te vergroten...


1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, het volgende bestand (indien nog aanwezig):

C:\WINDOWS\System32\Q15729487.dll <- dat bestand

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
Nieuwe log

Hoi Buffy,

tot nu toe alles gelukt denk ik.
Hierbij zoals gevraagd de nieuwe log.

Logfile of HijackThis v1.98.2
Scan saved at 22:39:05, on 8-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Capture Express\capexp.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Documents and Settings\Eduard\Application Data\Map Maker\MMManager.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\rundll32.exe
D:\Downloads\Bewaren\Beveiliging\Hijack_This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://groups.google.nl/advanced_group_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Capture Express 2000.lnk = C:\Program Files\Capture Express\capexp.exe
O4 - Startup: SunClock5.lnk = C:\Documents and Settings\Eduard\Application Data\Map Maker\MMManager.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
 
Bedankt !!

Bedankt voor je hulp Buffy.

Weet je mischien ook hoe dit probleem is onstaan en hoe ik het mogelijk in de toekomst kan voorkomen ?

Groeten
Edu
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan