Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis.exe geblokkeerd? kan niet openen.

Anoniem
None
47 antwoorden
  • Hijackthis gedownload maar kan het niet openen.
    Als ik op pictogram klik dan doet hij dus helemaal niets. ook ccleaner kan ik niet openen.
    zijn deze programma's geblokkeerd?

    Windows XP
  • [quote:c69be6e371="710665"]Hijackthis gedownload maar kan het niet openen.
    Als ik op pictogram klik dan doet hij dus helemaal niets. ook ccleaner kan ik niet openen.
    zijn deze programma's geblokkeerd?

    Windows XP[/quote:c69be6e371]

    Is dit ook zo in veilige modus? Zoja, probeer daar eens.
  • geprobeerd in Veilige Modus en inderdaad ook dan start hijack en CCleaner ook niet op.
  • andere naam geven aan het exe bestand

    iets van help.exe oid
  • nee, dat helpt ook niet!
    sommige programma's openene overigens wel gewoon, maar lijkt er op dat als ze te maken hebben met virusen, spyware e.d. dan niet
  • Download Silent Runners
    Unzip het naar een eigen map.
    Start SilentRunners.vbs
    Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren.
    Wacht tot je een melding krijgt dat het script klaar is.
    Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post de inhoud van dit logje.
  • "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ———————————

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS.2\system32\ctfmon.exe" [MS]
    "RoboForm" = ""C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"" ["Siber Systems"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
    "MVS Splash" = "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" ["McAfee, Inc."]
    "McAfee Managed Services Tray" = ""C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"" ["McAfee, Inc."]
    "MPFExe" = "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" ["McAfee Security"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "MSConfig" = "C:\WINDOWS.2\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
    "SPAMfighter Agent" = ""C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60" ["SPAMfighter ApS"]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "KernelFaultCheck" = "C:\WINDOWS.2\system32\dumprep 0 -k"
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {2A0EDFF4-3A37-E02E-AA23-75AD6A6B53E5}\(Default) = (no title provided)
    -> {HKLM…CLSID} = "Class"
    \InProcServer32\(Default) = "C:\WINDOWS.2\snasc1.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
    -> {HKLM…CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Verzendmap van Share-to-Web"
    -> {HKLM…CLSID} = "Verzendmap van Share-to-Web"
    \InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM…CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{15d97b29-af41-4891-9206-4385aa4cabb5}" = "PaperMaster - Shell Extension"
    -> {HKLM…CLSID} = "PaperMaster"
    \InProcServer32\(Default) = "C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll" ["j2 Global Communications, Inc."]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM…CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM…CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\browseui.dll" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM…CLSID} = "Outlook-extensie voor bestandspictogrammen"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM…CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\Audiodev.dll" [MS]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM…CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
    -> {HKLM…CLSID} = "Microsoft AntiMalware ShellExecuteHook"
    \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
    <<!>> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
    -> {HKLM…CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM…CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    <<!>> "Userinit" = "userinit.exe,,C:\WINDOWS.2\SERVICES.EXE" [MS], [null data]

    HKLM\System\CurrentControlSet\Control\SecurityProviders\
    <<!>> ("ntoskrnl.dll" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"

    HKLM\System\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"sprestrt" [MS]|"sprestrt" [MS]|"sprestrt" [MS]|"sprestrt" [MS]|"sprestrt" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]
    <<!>> wzcnotif\DLLName = "wzcdlg.dll" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM…CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    HotShellExtPM\(Default) = "{15D97B29-AF41-4891-9206-4385AA4CABB5}"
    -> {HKLM…CLSID} = "PaperMaster"
    \InProcServer32\(Default) = "C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll" ["j2 Global Communications, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM…CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM…CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM…CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


    Default executables:
    ——————–

    HKCU\Software\Classes\.bat\(Default) = (value not set)

    HKCU\Software\Classes\.cmd\(Default) = (value not set)

    HKCU\Software\Classes\.com\(Default) = (value not set)

    HKCU\Software\Classes\.exe\(Default) = "exefile"

    HKCU\Software\Classes\.hta\(Default) = "htafile"


    Group Policies {GPedit.msc branch and setting}:
    ———————————————–

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "NoBandCustomize" = (REG_DWORD) hex:0x00000000
    {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
    Disable customizing browser toolbars}

    "NoMovingBands" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoCloseDragDropBands" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoSetTaskbar" = (REG_DWORD) hex:0x00000000
    {User Configuration|Administrative Templates|Start Menu and Taskbar|
    Prevent changes to Taskbar and Start Menu Settings}

    "NoToolbarsOnTaskbar" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoResolveSearch" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoWelcomeScreen" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}

    "DisableTaskMgr" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "DisableCAD" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "ShutdownWithoutLogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "HideShutdownScripts" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "RunLogonScriptSync" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "RunStartupScriptSync" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "HideStartupScripts" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}


    Active Desktop and Wallpaper:
    —————————–

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


    Enabled Screen Saver:
    ———————

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS.2\system32\logon.scr" [MS]


    Startup items in "Henk Grim" & "All Users" startup folders:
    ———————————————————–

    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten
    "Dynomic ASP Dienst" -> URL shortcut to: "https://asp.dynomic.nl/+webvpn+/index.html
    "McAfee Total Protection" -> shortcut to: "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe" ["McAfee, Inc."]

    C:\Documents And Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten
    "KPN TaskBar Icon" -> shortcut to: "C:\Program Files\KPN\CBSysTray.exe" ["KPN"]


    Enabled Scheduled Tasks:
    ————————

    "MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


    Winsock2 Service Provider DLLs:
    ——————————-

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ————————————

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{724D43A0-0D85-11D4-9908-00400523E39A}"
    -> {HKLM…CLSID} = "&RoboForm"
    \InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{724D43A0-0D85-11D4-9908-00400523E39A}"
    -> {HKLM…CLSID} = "&RoboForm"
    \InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{724D43A0-0D85-11D4-9908-00400523E39A}" = (no title provided)
    -> {HKLM…CLSID} = "&RoboForm"
    \InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {EE7637A4-2FD9-52BF-C1E0-9866A882D72C}\(Default) = (no title provided)
    -> {HKLM…CLSID} = "JavaScript console"
    \InProcServer32\(Default) = "C:\WINDOWS.2\snasc1.dll" [file not found]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
    -> {HKCU…CLSID} = "Java Plug-in 1.5.0_09"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" [null data]
    -> {HKLM…CLSID} = "Java Plug-in 1.5.0_09"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin
    pjpi150_09.dll" ["Sun Microsystems, Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ——————————————————————

    AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
    Bluetooth Support Service, BthServ, "C:\WINDOWS.2\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS.2\System32\bthserv.dll" [MS]}
    Cisco Systems, Inc. STC Agent, STCAgent, "C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe" ["Cisco Systems, Inc."]
    Connected Agent Service, AgentSrv, "C:\Program Files\KPN\AgentSrv.EXE -asv" ["Connected Corporation"]
    CSE Scheduler Daemon, CSE Scheduler, ""C:\Program Files\CS Engineering\Scheduler\schedulerd.exe"" ["CS Net"]
    McAfee Total Protection Agent Service, myAgtSvc, "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart" ["McAfee, Inc."]
    McShield, McShield, "C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe" ["McAfee, Inc."]
    Message Queuing, MSMQ, "C:\WINDOWS.2\system32\mqsvc.exe" [MS]
    Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS.2\system32\mqtgsvc.exe" [MS]
    Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]


    Print Monitors:
    —————

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    LPR Port\Driver = "lprmon.dll" [MS]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
    PDF reDirect Monitor\Driver = "PDFreDirectMonNT.dll" [null data]
    PDFCreator\Driver = "pdfcmnnt.dll" [null data]


    ———-
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ———- (total run time: 83 seconds, including 7 seconds for message boxes)
  • en ook pdfcreator opent niet meer.
  • Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:4a113dba59]REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS.2\\system32\\userinit.exe,"
    [/code:1:4a113dba59]
    Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


    Herstart de computer.
    Probeer of je een hijackthislog kan maken. Indien het lukt post je deze.
  • opdracht uitgevoerd, maar ik kan nog [b:5972022bc9]niet [/b:5972022bc9]hijack openen.
  • Kreeg je wanneer je op fix.reg dubbelklikte de vraag om de wijzigingen aan het register te laten toevoegen?
  • ja die melding kreeg ik en uiteraard uitgevoerd.
  • ik heb dit ook eens voorgeschoteld gekregen, ook adaware en spybot weigerden dienst op die pc, en mijn hele trucendoos (en die van anderen) was niet in staat een oorzaak te vinden…
    dat was een 98 systeem, dus dat werd een nieuwe installatie (dat mocht ook wel eens trouwens op die bak van een vrolijke ´altijd-maar-door-klikker´).
    maar jij hebt xp: is er een herstelpunt dan zou ik niet meer verder zoeken.
  • [quote:22d9206d59="derkdejong"]maar jij hebt xp: is er een herstelpunt dan zou ik niet meer verder zoeken.[/quote:22d9206d59]en dat heeft hij al gedaan
  • en dat heeft hij al gedaan

    tja, dat lees ik ook nu niet…..
  • Download Pocket KillBox.
    Unzip het programma naar je bureaublad.
    Klik op killbox.exe.
    Selecteer de optie “Delete on reboot”.
    In het veld “Full path of file to delete" Kopieer en plak je het volgende:
    [code:1:9b5a28bde2]
    C:\WINDOWS.2\SERVICES.EXE
    [/code:1:9b5a28bde2]
    Klik op de knop "Single File".
    Klik op de knop met de rode cirkel en het witte kruis.
    Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".

    Na de reboot probeer je of Hijackthis werkt.
    Indien niet, dan maak je een nieuwe log met silent runners.
  • Marc ik kan killbox wel downloaden maar dus NIEt openen net als Hijack.

    dus hier mijn log van Silentrunners

    "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ———————————

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS.2\system32\ctfmon.exe" [MS]
    "RoboForm" = ""C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"" ["Siber Systems"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
    "MVS Splash" = "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" ["McAfee, Inc."]
    "McAfee Managed Services Tray" = ""C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"" ["McAfee, Inc."]
    "MPFExe" = "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" ["McAfee Security"]
    "SPAMfighter Agent" = ""C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60" ["SPAMfighter ApS"]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "KernelFaultCheck" = "C:\WINDOWS.2\system32\dumprep 0 -k"
    "Hitman Pro Expiration Helper" = ""C:\Program Files\Hitman Pro\xphelper.exe"" ["Mark Loman"]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {2A0EDFF4-3A37-E02E-AA23-75AD6A6B53E5}\(Default) = (no title provided)
    -> {HKLM…CLSID} = "Class"
    \InProcServer32\(Default) = "C:\WINDOWS.2\snasc1.dll" [file not found]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM…CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {C451C08A-EC37-45DF-AAAD-18B51AB5E837}\(Default) = (no title provided)
    -> {HKLM…CLSID} = "PDFCreator Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
    -> {HKLM…CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM…CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{15d97b29-af41-4891-9206-4385aa4cabb5}" = "PaperMaster - Shell Extension"
    -> {HKLM…CLSID} = "PaperMaster"
    \InProcServer32\(Default) = "C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll" ["j2 Global Communications, Inc."]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM…CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\browseui.dll" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM…CLSID} = "Outlook-extensie voor bestandspictogrammen"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM…CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\Audiodev.dll" [MS]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM…CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM…CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
    -> {HKLM…CLSID} = "Microsoft AntiMalware ShellExecuteHook"
    \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
    <<!>> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
    -> {HKLM…CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM…CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS.2\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    <<!>> "Userinit" = "C:\WINDOWS.2\system32\userinit.exe,,C:\WINDOWS.2\SERVICES.EXE" [MS], [null data]
  • Probeer dit even:

    Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
    Dubbelklik op KillAFile.exe om de tool te starten.
    In het keuzemenu kies je voor optie 1:
    1: Delete a file on reboot
    Wanneer deze melding verschijnt
    [code:1:d731c641b7]Insert full path and filename to delete.
    and then press enter: [/code:1:d731c641b7]
    tik je dit in: [b:d731c641b7]C:\WINDOWS.2\SERVICES.EXE[/b:d731c641b7]
    Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
    Sta dit toe.
    Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

    Indien je een melding krijgt dat het bestand niet gevonden wordt, meld je me dit even.
  • KILLAFILE - logfile


    Running from: "C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad"

    Delete on reboot: C:\windows.2\services.exe

    — Rebooting the computer —

    C:\windows.2\services.exe deleted


    Finished!
  • Logfile of HijackThis v1.99.1
    Scan saved at 10:11:00, on 16-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS.2\Explorer.EXE
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\WINDOWS.2\Mixer.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\KPN\CBSysTray.exe
    C:\WINDOWS.2\system32
    otepad.exe
    C:\Program Files\KPN\AgentSrv.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS.2\system32\cisvc.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\hijack\hijackthis\henk.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS.2\system32\userinit.exe,,C:\WINDOWS.2\SERVICES.EXE
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: Class - {2A0EDFF4-3A37-E02E-AA23-75AD6A6B53E5} - C:\WINDOWS.2\snasc1.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: McAfee Total Protection.lnk = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KPN TaskBar Icon.LNK = C:\Program Files\KPN\CBSysTray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://ols.chello.be/nl/fscax.cab
    O16 - DPF: {B4426A90-E6A7-448D-AE26-072F9C517CA1} - http://uv97vqm3.com/6cfb03fe/10002/1/xp/CoolGold.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://www.tpnabestaandenzorg.nl/forms90/jinitiator/jinit.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\WPDShServiceObj.dll
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\KPN\AgentSrv.EXE
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LQHTDOM - Unknown owner - C:\DOCUME~1\HENKGR~1.HEN\LOCALS~1\Temp\LQHTDOM.exe (file missing)
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: SysAsc - Unknown owner - \\?\C:\Program Files\Windows NT\com5.exe (file missing)


Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.