Vraag & Antwoord

Beveiliging & privacy

hijack this

Anoniem
M@rc
5 antwoorden
 • Kan iemand hier naar kijken voor mij, alvast bedankt


  Logfile of HijackThis v1.98.2
  Scan saved at 18:42:40, on 28-10-04
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINNT\System32\smss.exe
  C:\WINNT\system32\winlogon.exe
  C:\WINNT\system32\services.exe
  C:\WINNT\system32\lsass.exe
  C:\WINNT\system32\svchost.exe
  C:\WINNT\System32\svchost.exe
  C:\WINNT\system32\spoolsv.exe
  C:\WINNT\Explorer.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINNT\System32\CTsvcCDA.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINNT\System32\nvsvc32.exe
  C:\WINNT\system32\pctspk.exe
  C:\WINNT\System32\svchost.exe
  C:\WINNT\System32\MsPMSPSv.exe
  C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
  C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
  C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
  C:\Program Files\Caere\OmniPagePro90\opware32.exe
  C:\WINNT\System32\nrymnq.exe
  C:\PROGRA~1\NORTON~1\navapw32.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
  C:\WINNT\system32\ntvdm.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\WINNT\System32\ypfasl.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\SpywareRemover\popup-watch\PopUpWatch.exe
  C:\Program Files\SpywareRemover\popup-watch\A9DAB7F.DLL
  C:\Temp\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {32F84020-B412-7D93-8752-115505A3281D} - C:\WINNT\System32\guegzdfy.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [anvshell] anvshell.exe
  O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
  O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
  O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
  O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
  O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
  O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
  O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
  O4 - HKLM\..\Run: [ppgkwgtgthtr] C:\WINNT\System32\nrymnq.exe
  O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
  O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [Pgjj] C:\WINNT\System32\ypfasl.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm (file missing)
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
 • Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen:
  ypfasl.exe
  nrymnq.exe

  Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
  Twain-Tech

  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:af491f6b82]
  R3 - Default URLSearchHook is missing
  O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
  O2 - BHO: (no name) - {32F84020-B412-7D93-8752-115505A3281D} - C:\WINNT\System32\guegzdfy.dll

  O4 - HKLM\..\Run: [ppgkwgtgthtr] C:\WINNT\System32\nrymnq.exe
  O4 - HKCU\..\Run: [Pgjj] C:\WINNT\System32\ypfasl.exe

  O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

  [/b:af491f6b82]

  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\WINNT\System32\ypfasl.exe
  C:\WINNT\System32\nrymnq.exe


  Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
 • Ik heb jouw suggestie's uitgevoerd en hier is mijn nieuwe log bestand

  Thanks


  Logfile of HijackThis v1.98.2
  Scan saved at 19:28:05, on 28-10-04
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINNT\System32\smss.exe
  C:\WINNT\system32\winlogon.exe
  C:\WINNT\system32\services.exe
  C:\WINNT\system32\lsass.exe
  C:\WINNT\system32\svchost.exe
  C:\WINNT\System32\svchost.exe
  C:\WINNT\system32\spoolsv.exe
  C:\WINNT\Explorer.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINNT\System32\CTsvcCDA.EXE
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINNT\System32\nvsvc32.exe
  C:\WINNT\system32\pctspk.exe
  C:\WINNT\System32\svchost.exe
  C:\WINNT\System32\MsPMSPSv.exe
  C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
  C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
  C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
  C:\Program Files\Caere\OmniPagePro90\opware32.exe
  C:\PROGRA~1\NORTON~1\navapw32.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
  C:\WINNT\system32\ntvdm.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Temp\hijackthis\HijackThis.exe
  C:\WINNT\system32\wuauclt.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [anvshell] anvshell.exe
  O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
  O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
  O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
  O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
  O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
  O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
  O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
  O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
  O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm (file missing)
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
 • Ziet er goed uit kawazxr.
  Alle problemen opgelost?

  Installeer SpywareBlaster en Spywareguard.
  Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
  Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

  groeten,
  Marc
 • Thanks voor je snelle en goede hulp :D :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.