Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

- Hijacklog 1-

None
8 antwoorden
  • Gegroet,
    mogelijk volgen er nog andere logfiles, ik heb enkele vrienden 'hijackthis' laten gebruiken omdat ze last hadden van spyware. Normaal hebben ze eerst [i:a08b71e738]adaware[/i:a08b71e738] en [i:a08b71e738]spybot[/i:a08b71e738] al toegepast en eveneens [i:a08b71e738]CWshredder[/i:a08b71e738].

    [b:a08b71e738]Wat mag ik laten deleten?[/b:a08b71e738]

    Logfile of HijackThis v1.97.7
    Scan saved at 11:39:21, on 7/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\SYSHOST.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts
    edirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
    O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe
    O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe"
    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS
    ppdf32.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab
    O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab
    O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab

    __________
    Bedankt,
    :wink: Guft.
  • Hallo Guft,

    Heel wat werk aan de winkel.

    Beëindig deze processen af:
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE

    Update je virusdefinities en doe ook een online virusscan. (zeker 2 virussen)

    Ga naar configuratiescherm - Software - programma's wijzigen en verwijderen.
    Verwijder:
    - Comet Cursor.
    - LOP (indien aanwezig

    Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren:
    [b:6866bcde68]O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing)
    O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)
    O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
    O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe
    O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe"
    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
    O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=[/b:6866bcde68]
    Start de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden.
    Verwijder de volgende items:
    onflow in C:\program files\
    Comet in C:\WINDOWS\SYSTEM\
    Gator.com in C:\Program Files\
    WNAD.EXE in C:\WINDOWS\
    zoek ook op WNAD.DAT files.
    systemchk.exe in C:\WINDOWS\SYSTEM\
    WINDOW ACTIVE in C:\PROGRAM FILES\
    choke.exe in C:\
    systemchk.exe in C:\WINDOWS\SYSTEM\
    SYSHOST.EXE in C:\WINDOWS\SYSTEM\

    Blijft mijn vraag: Zijn Ad-aware en Spybot up-to-date????

    Rebooten, run HijackThis nog een keer, en post een nieuwe log.

    groeten
    Marc
  • Bedankt M@rc, voor de snelle reactie.

    De nieuwe hijacklog volgt weldra.

    Toch nog een vraagje…

    [i:907741c62b]Beëindig deze processen :
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE [/i:907741c62b]

    Hoe doe ik dat? Gewoon verwijderen uit de systemmap of taak beeïndigen met ctrl-alt-del?

    Dan kan ik met de grote schoonmaak beginnen :D

    Guft.
  • Dat doe je met je taakmanager of msconfig.
    Daar zet je die twee processen uit, dus je haalt het vinkje ervoor weg.
    En dan kan je de rest van M@rc zijn post uitvoeren.
  • [u:ef084ff393][b:ef084ff393]Nieuwe log:[/b:ef084ff393][/u:ef084ff393]

    Logfile of HijackThis v1.97.7
    Scan saved at 10:24:06, on 8/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SYSHOST.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts
    edirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts
    edirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS
    ppdf32.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab
    O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab
    O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab


    Alles clean?

    Guft. :wink:
  • Nee helaas is het niet schoon.

    Zet systeemherstel uit.
    Ga nou naar je taakmanager en zet de volgende processen uit:
    Cnqmax.exe.
    SYSHOST.EXE

    Doe nu een volledige scan van je computer, zorg wel dat je scanner de laatste virusdefenitie heeft.

    Zet systeem herstel weer aan.
    Post nu een nieuw log.
  • @ Andre,

    Win 98 heeft geen systeemherstel.

    @ Guft,

    De 2 grote boosdoeners blijven actief:
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE

    Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maak namelijk backups in de map waar het opgestart wordt.
    Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren:[b:36f131e1fa]
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=[/b:36f131e1fa]

    Start de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden.
    Verwijder de volgende items:
    SYSHOST.EXE in C:\WINDOWS\SYSTEM\
    systemchk.exe in C:\WINDOWS\SYSTEM\

    Reboot en post en een nieuwe HijackThis-log.


    Had je boven genoemde bestanden niet verwijderd?
    Virusscanner ge-update?
    Online-scan gedaan?

    Groeten
    Marc
  • [quote:36f2a0b6a9="M@rc"]@ Andre,

    Win 98 heeft geen systeemherstel.
    [/quote:36f2a0b6a9]
    Sorry, ik was zo bezig met xp bij andere logs, dat ik het helemaal over het hoofd had gezien. :oops:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.