Vraag & Antwoord

Beveiliging & privacy

- Hijacklog 1-

8 antwoorden
  • Gegroet, mogelijk volgen er nog andere logfiles, ik heb enkele vrienden 'hijackthis' laten gebruiken omdat ze last hadden van spyware. Normaal hebben ze eerst [i:a08b71e738]adaware[/i:a08b71e738] en [i:a08b71e738]spybot[/i:a08b71e738] al toegepast en eveneens [i:a08b71e738]CWshredder[/i:a08b71e738]. [b:a08b71e738]Wat mag ik laten deleten?[/b:a08b71e738] Logfile of HijackThis v1.97.7 Scan saved at 11:39:21, on 7/04/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.51 (5.51.4807.2300) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SA3DSRV.EXE C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\COMPAQ\INTERNET\CISRVR.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\SYSHOST.EXE C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing) O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe" O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe O4 - HKLM\..\RunServices: [HC Reminder] hc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab __________ Bedankt, :wink: Guft.
  • Hallo Guft, Heel wat werk aan de winkel. Beëindig deze processen af: C:\WINDOWS\SYSTEM\systemchk.exe C:\WINDOWS\SYSTEM\SYSHOST.EXE Update je virusdefinities en doe ook een online virusscan. (zeker 2 virussen) Ga naar configuratiescherm - Software - programma's wijzigen en verwijderen. Verwijder: - Comet Cursor. - LOP (indien aanwezig Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren: [b:6866bcde68]O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\WINDOWS\SYSTEM\COMET\BIN\CSBHO.DLL (file missing) O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing) O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid O4 - HKLM\..\Run: [CC2KUI] C:\WINDOWS\SYSTEM\Comet\Bin\comet.exe O4 - HKLM\..\Run: [Gator] "C:\Program Files\Gator.com\Gator\Gator.exe" O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE O4 - HKCU\..\Run: [Choke] C:\choke.exe -blahhh O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL=[/b:6866bcde68] [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]Start de computer op in veilige modus[/url]. Zorg dat alle [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html]verborgen bestanden weergegeven worden[/url]. Verwijder de volgende items: onflow in C:\program files\ Comet in C:\WINDOWS\SYSTEM\ Gator.com in C:\Program Files\ WNAD.EXE in C:\WINDOWS\ zoek ook op WNAD.DAT files. systemchk.exe in C:\WINDOWS\SYSTEM\ WINDOW ACTIVE in C:\PROGRAM FILES\ choke.exe in C:\ systemchk.exe in C:\WINDOWS\SYSTEM\ SYSHOST.EXE in C:\WINDOWS\SYSTEM\ Blijft mijn vraag: Zijn Ad-aware en Spybot up-to-date???? Rebooten, run HijackThis nog een keer, en post een nieuwe log. groeten Marc
  • Bedankt M@rc, voor de snelle reactie. De nieuwe hijacklog volgt weldra. Toch nog een vraagje... [i:907741c62b]Beëindig deze processen : C:\WINDOWS\SYSTEM\systemchk.exe C:\WINDOWS\SYSTEM\SYSHOST.EXE [/i:907741c62b] Hoe doe ik dat? Gewoon verwijderen uit de systemmap of taak beeïndigen met ctrl-alt-del? Dan kan ik met de grote schoonmaak beginnen :D Guft.
  • Dat doe je met je taakmanager of msconfig. Daar zet je die twee processen uit, dus je haalt het vinkje ervoor weg. En dan kan je de rest van M@rc zijn post uitvoeren.
  • [u:ef084ff393][b:ef084ff393]Nieuwe log:[/b:ef084ff393][/u:ef084ff393] Logfile of HijackThis v1.97.7 Scan saved at 10:24:06, on 8/04/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.51 (5.51.4807.2300) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SA3DSRV.EXE C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\COMPAQ\INTERNET\CISRVR.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SYSTEMCHK.EXE C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SYSHOST.EXE C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE C:\WINDOWS\DESKTOP\ANDREAS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.belcast.be/en/altavista R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://helpdesk.pandora.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0813&s=search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c99&lc=0813&s=consumer R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe O4 - HKLM\..\RunServices: [HC Reminder] hc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1043\PHDINTL.DLL/phdContext.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/nl-be/msnchat3.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://communities.msn.be/scr/PhotoUC/MsnPUpld.cab O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://communities.msn.com/central/msnchat4.cab O16 - DPF: Yahoo! Chess - http://yog11.yahoo.com/yog/y/cq0_x.cab O16 - DPF: Yahoo! Checkers - http://yog4.yahoo.com/yog/y/kq0_x.cab O16 - DPF: Yahoo! Dominoes - http://yog21.yahoo.com/yog/y/doq0_x.cab O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.egreetings.com/cnp/Install/AxCtp.cab Alles clean? Guft. :wink:
  • Nee helaas is het niet schoon. Zet [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam] systeemherstel uit. [/url] Ga nou naar je taakmanager en zet de volgende processen uit: Cnqmax.exe. SYSHOST.EXE Doe nu een volledige scan van je computer, zorg wel dat je scanner de laatste virusdefenitie heeft. Zet systeem herstel weer aan. Post nu een nieuw log.
  • @ Andre, Win 98 heeft geen systeemherstel. @ Guft, De 2 grote boosdoeners blijven actief: C:\WINDOWS\SYSTEM\systemchk.exe C:\WINDOWS\SYSTEM\SYSHOST.EXE Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maak namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters. Run HijackThis nog een keer en laat volgende items repareren:[b:36f131e1fa] O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O4 - HKCU\..\Run: [system] C:\WINDOWS\SYSTEM\systemchk.exe O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL=[/b:36f131e1fa] [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]Start de computer op in veilige modus[/url]. Zorg dat alle [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html]verborgen bestanden weergegeven worden[/url]. Verwijder de volgende items: SYSHOST.EXE in C:\WINDOWS\SYSTEM\ systemchk.exe in C:\WINDOWS\SYSTEM\ Reboot en post en een nieuwe HijackThis-log. Had je boven genoemde bestanden niet verwijderd? Virusscanner ge-update? Online-scan gedaan? Groeten Marc
  • [quote:36f2a0b6a9="M@rc"]@ Andre, Win 98 heeft geen systeemherstel. [/quote:36f2a0b6a9] Sorry, ik was zo bezig met xp bij andere logs, dat ik het helemaal over het hoofd had gezien. :oops:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.