Vraag & Antwoord

Beveiliging & privacy

- Hijacklog 1-

Anoniem
None
8 antwoorden
  • Gegroet,
    mogelijk volgen er nog andere logfiles, ik heb enkele vrienden 'hijackthis' laten gebruiken omdat ze last hadden van spyware. Normaal hebben ze eerst [i:a08b71e738]adaware[/i:a08b71e738] en [i:a08b71e738]spybot[/i:a08b71e738] al toegepast en eveneens [i:a08b71e738]CWshredder[/i:a08b71e738].

    [b:a08b71e738]Wat mag ik laten deleten?[/b:a08b71e738]

    Logfile of HijackThis v1.97.7
    Scan saved at 11:39:21, on 7/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\SYSHOST.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
    O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe
    O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe"
    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab
    O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab
    O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab

    __________
    Bedankt,
    :wink: Guft.
  • Hallo Guft,

    Heel wat werk aan de winkel.

    Beëindig deze processen af:
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE

    Update je virusdefinities en doe ook een online virusscan. (zeker 2 virussen)

    Ga naar configuratiescherm - Software - programma's wijzigen en verwijderen.
    Verwijder:
    - Comet Cursor.
    - LOP (indien aanwezig

    Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren:
    [b:6866bcde68]O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing)
    O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)
    O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
    O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe
    O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe"
    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
    O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=[/b:6866bcde68]
    Start de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden.
    Verwijder de volgende items:
    onflow in C:\program files\
    Comet in C:\WINDOWS\SYSTEM\
    Gator.com in C:\Program Files\
    WNAD.EXE in C:\WINDOWS\
    zoek ook op WNAD.DAT files.
    systemchk.exe in C:\WINDOWS\SYSTEM\
    WINDOW ACTIVE in C:\PROGRAM FILES\
    choke.exe in C:\
    systemchk.exe in C:\WINDOWS\SYSTEM\
    SYSHOST.EXE in C:\WINDOWS\SYSTEM\

    Blijft mijn vraag: Zijn Ad-aware en Spybot up-to-date????

    Rebooten, run HijackThis nog een keer, en post een nieuwe log.

    groeten
    Marc
  • Bedankt M@rc, voor de snelle reactie.

    De nieuwe hijacklog volgt weldra.

    Toch nog een vraagje…

    [i:907741c62b]Beëindig deze processen :
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE [/i:907741c62b]

    Hoe doe ik dat? Gewoon verwijderen uit de systemmap of taak beeïndigen met ctrl-alt-del?

    Dan kan ik met de grote schoonmaak beginnen :D

    Guft.
  • Dat doe je met je taakmanager of msconfig.
    Daar zet je die twee processen uit, dus je haalt het vinkje ervoor weg.
    En dan kan je de rest van M@rc zijn post uitvoeren.
  • [u:ef084ff393][b:ef084ff393]Nieuwe log:[/b:ef084ff393][/u:ef084ff393]

    Logfile of HijackThis v1.97.7
    Scan saved at 10:24:06, on 8/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SYSHOST.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab
    O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab
    O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab


    Alles clean?

    Guft. :wink:
  • Nee helaas is het niet schoon.

    Zet systeemherstel uit.
    Ga nou naar je taakmanager en zet de volgende processen uit:
    Cnqmax.exe.
    SYSHOST.EXE

    Doe nu een volledige scan van je computer, zorg wel dat je scanner de laatste virusdefenitie heeft.

    Zet systeem herstel weer aan.
    Post nu een nieuw log.
  • @ Andre,

    Win 98 heeft geen systeemherstel.

    @ Guft,

    De 2 grote boosdoeners blijven actief:
    C:\WINDOWS\SYSTEM\systemchk.exe
    C:\WINDOWS\SYSTEM\SYSHOST.EXE

    Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maak namelijk backups in de map waar het opgestart wordt.
    Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren:[b:36f131e1fa]
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe
    O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=[/b:36f131e1fa]

    Start de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden.
    Verwijder de volgende items:
    SYSHOST.EXE in C:\WINDOWS\SYSTEM\
    systemchk.exe in C:\WINDOWS\SYSTEM\

    Reboot en post en een nieuwe HijackThis-log.


    Had je boven genoemde bestanden niet verwijderd?
    Virusscanner ge-update?
    Online-scan gedaan?

    Groeten
    Marc
  • [quote:36f2a0b6a9="M@rc"]@ Andre,

    Win 98 heeft geen systeemherstel.
    [/quote:36f2a0b6a9]
    Sorry, ik was zo bezig met xp bij andere logs, dat ik het helemaal over het hoofd had gezien. :oops:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.