Vraag & Antwoord

Beveiliging & privacy

Hijackthis.exe geblokkeerd? kan niet openen.

Anoniem
None
47 antwoorden
  • Mooi zo.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:25f666d34a]R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS.2\system32\userinit.exe,,C:\WINDOWS.2\SERVICES.EXE
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: Class - {2A0EDFF4-3A37-E02E-AA23-75AD6A6B53E5} - C:\WINDOWS.2\snasc1.dll (file missing)
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {B4426A90-E6A7-448D-AE26-072F9C517CA1} - http://uv97vqm3.com/6cfb03fe/10002/1/xp/CoolGold.cab[/b:25f666d34a]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Wil je deze ook nog even laten lopen:
    Download dit tooltje.
    Is de link niet bereikbaar, dan probeer je dit via een andere computer te downloaden.
    Start de tool, klik op scan en volg de instructies.
    Krijg je de melding dat er geen gromozon rootkitcomponenten gevonden zijn, dan sta je toch toe om verder te gaan met het verwijderingsprocess.
    De computer zal vragen om te herstarten. Doe dit.
    Als de computer opnieuw gestart is, loopt de removaltool.
    Als het tooltje klaar is post je de inhoud van het logbestand dat opent. ( c:\gromozon_removal.log )

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • dat is al geweldig Marc, dank je wel!

    :D

    Removal tool loaded into memory
    ————————————
    Executing rootkit removal engine….
    ————————————
    Disabling rootkit file: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    Resetting file permissions…
    Clearing attributes…
    Removing file…
    Rootkit removed! Cleaning up…

    Removing temp files…
    Scanning: C:\WINDOWS.2
    Scanning: C:\Program Files\Common Files
    Gromozon-Related Malicious Code Detected!
    FileName: C:\WINDOWS.2\12F.tmp
    Removed!
    Gromozon-Related Malicious Code Detected!
    FileName: C:\WINDOWS.2\144.tmp
    Removed!
    Gromozon-Related Malicious Code Detected!
    FileName: C:\WINDOWS.2\D8.tmp
    Removed!
    Gromozon-Related Malicious Code Detected!
    FileName: C:\WINDOWS.2\8F.tmp
    Removed!


    Trojan.Gromozon Removed!
  • Logfile of HijackThis v1.99.1
    Scan saved at 16:21:00, on 16-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS.2\Explorer.EXE
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\WINDOWS.2\Mixer.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    C:\Program Files\KPN\AgentSrv.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS.2\system32\cisvc.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\KPN\CBSysTray.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\hijack\hijackthis\henk.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: McAfee Total Protection.lnk = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KPN TaskBar Icon.LNK = C:\Program Files\KPN\CBSysTray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://ols.chello.be/nl/fscax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://www.tpnabestaandenzorg.nl/forms90/jinitiator/jinit.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\WPDShServiceObj.dll
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\KPN\AgentSrv.EXE
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LQHTDOM - Unknown owner - C:\DOCUME~1\HENKGR~1.HEN\LOCALS~1\Temp\LQHTDOM.exe (file missing)
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm


    @m@rc zijn deze 2 ook niet restanten van de infectie

    bestand was bij mij onvindbaar
  • Die R0 sleutels kan je fixen maar hoeven niet noodzakelijk kwaadaardig te zijn.

    Ga naar start - uitvoeren en tik in: sc delete [b:45c7fe5ec3]LQHTDOM[/b:45c7fe5ec3]
    Druk op OK.

    Download en installeer [b:45c7fe5ec3]AVG Anti-Spyware[/b:45c7fe5ec3].
    Na de installatie open je AVG Anti-Spyware:
    - onder 'Status' klik je naast 'Resident shield' op [b:45c7fe5ec3]Change state[/b:45c7fe5ec3]. (deze moet op 'Inactive' komen te staan)
    - onder 'Update' klik je bij 'Manual update' op de knop [b:45c7fe5ec3]Start update[/b:45c7fe5ec3].
    - onder 'Scanner' ga je naar de tab 'Settings' en wijzig je het volgende: [list:45c7fe5ec3]- onder 'How to act?', klik je op 'Recommended actions' en selecteer je [b:45c7fe5ec3]Quarantine[/b:45c7fe5ec3].
    - Onder 'Reports', selecteer je [b:45c7fe5ec3]Automatically generate report after every scan[/b:45c7fe5ec3] en verwijder je het vinkje bij [b:45c7fe5ec3]Only if threats were found[/b:45c7fe5ec3].
    - Sluit AVG Anti-Spyware. Laat het [b:45c7fe5ec3]nog niet[/b:45c7fe5ec3] scannen.[/list:u:45c7fe5ec3]
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Start AVG Anti-Spyware.
    - Klik op 'Scanner'.
    - Klik op 'Complete system scan'.
    AVG Anti-Spyware gaat nu je volledige computersysteem scannen.
    - Als de scan beëindigd is, klik je onderaan op de knop [b:45c7fe5ec3]Apply all Actions[/b:45c7fe5ec3].
    - Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop 'Save Report'. Het rapport van de scan wordt nu opgeslagen in de map C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports
    Klik je op de knop 'Save report as' dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. (bv je bureaublad)
    - Sluit AVG Anti-Spyware af.

    Herstart de computer in normale modus en post het rapport van AVG Anti-Spyware.
  • ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 10:28:58 17-12-2006

    + Scan result:



    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging\kill2me.zip/Kill2Me.exe -> Adware.LookMe : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Documents And Settings\Administrator.HENK-89XRF4EC75\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@cz.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents And Settings\Administrator.HENK-89XRF4EC75\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents And Settings\Administrator.HENK-89XRF4EC75\Cookies\administrator@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@oewabox[2].txt -> TrackingCookie.Oewabox : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents And Settings\Administrator.HENK-89XRF4EC75\Cookies\administrator@php.sales.tfag[1].txt -> TrackingCookie.Tfag : Cleaned.
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Cookies\henk grim@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.


    ::Report end
  • Hoe werkt de computer nu?

    Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
    Plaatst het op je bureaublad.
    Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
    Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
    Zorg dat aangevinkt zijn:
    - Running processes
    - Windows Registry
    - Local Hard Drives
    Klik op de knop "Start Scan".

    Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
    Ga naar Start - Uitvoeren en tik in: [b:42076de2cd]%temp%\sarscan.log[/b:42076de2cd]
    Er opent een kladblokbestandje. Post de inhoud van dit bestand.

    Doe dit ook nog even:
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • die werkt prima Marc heb ik zo het idee.
    Dank je klasse!

    Henk Grim - 06-12-17 12:30:00,65 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))


    2006-12-17 08:33 3,968 –a—— C:\WINDOWS.2\system32\drivers\AvgAsCln.sys
    2006-12-16 15:31 <DIR> d——– C:\Documents And Settings\All Users.WINDOWS.2\Application Data\TEMP
    2006-12-16 09:50 90,112 –a—— C:\WINDOWS.2\system32\regdacl.exe
    2006-12-16 09:50 <DIR> d——– C:\WINDOWS.2\system32\regdacl
    2006-12-15 17:46 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\Image Zone Express
    2006-12-15 17:38 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\HP
    2006-12-15 17:19 <DIR> d——– C:\Documents And Settings\All Users.WINDOWS.2\Application Data\HP
    2006-12-15 17:14 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2006-12-15 17:13 49,664 -ra—— C:\WINDOWS.2\system32\drivers\HPZid412.sys
    2006-12-15 17:13 16,496 -ra—— C:\WINDOWS.2\system32\drivers\HPZipr12.sys
    2006-12-15 17:12 77,824 -ra—— C:\WINDOWS.2\system32\hpzids01.dll
    2006-12-15 17:12 37,376 –a—— C:\WINDOWS.2\system32\hpz3l43a.dll
    2006-12-15 17:12 15,104 –a—— C:\WINDOWS.2\system32\drivers\usbscan.sys
    2006-12-15 17:08 94,208 –a—— C:\WINDOWS.2\system32\HPZipt12.dll
    2006-12-15 17:08 69,632 –a—— C:\WINDOWS.2\system32\HPZipm12.exe
    2006-12-15 17:08 65,536 –a—— C:\WINDOWS.2\system32\HPZinw12.exe
    2006-12-15 17:08 57,344 –a—— C:\WINDOWS.2\system32\HPZisn12.dll
    2006-12-15 17:08 278,584 –a—— C:\WINDOWS.2\system32\HPZidr12.dll
    2006-12-15 17:08 204,800 –a—— C:\WINDOWS.2\system32\HPZipr12.dll
    2006-12-15 17:07 31,616 –a—— C:\WINDOWS.2\system32\drivers\usbccgp.sys
    2006-12-15 17:07 25,856 –a—— C:\WINDOWS.2\system32\drivers\usbprint.sys
    2006-12-14 15:33 <DIR> d——– C:\Program Files\Hijackthis
    2006-12-13 22:55 <DIR> d——– C:\Program Files\SpywareBlaster
    2006-12-13 22:54 502,368 –a—— C:\WINDOWS.2\system32\drivers\amon.sys
    2006-12-13 22:54 274,432 –a—— C:\WINDOWS.2\system32\imon.dll
    2006-12-13 15:11 264,097 –a—— C:\WINDOWS.2\PDFCreator_Toolbar_Uninstaller_5468.exe
    2006-12-13 15:11 <DIR> d——– C:\Program Files\PDFCreator
    2006-12-10 16:22 <DIR> dr-h—– C:\$VAULT$.AVG
    2006-12-10 16:17 816,672 –a—— C:\WINDOWS.2\system32\drivers\avg7core.sys
    2006-12-10 16:17 4,960 –a—— C:\WINDOWS.2\system32\drivers\avgtdi.sys
    2006-12-10 16:17 4,224 –a—— C:\WINDOWS.2\system32\drivers\avg7rsw.sys
    2006-12-10 16:17 3,968 –a—— C:\WINDOWS.2\system32\drivers\avgclean.sys
    2006-12-10 16:17 28,416 –a—— C:\WINDOWS.2\system32\drivers\avg7rsxp.sys
    2006-12-10 16:17 18,240 –a—— C:\WINDOWS.2\system32\drivers\avgmfx86.sys
    2006-12-10 16:16 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\AVG7
    2006-12-10 16:16 <DIR> d——– C:\Documents And Settings\All Users.WINDOWS.2\Application Data\AVG7
    2006-12-10 14:53 <DIR> d——– C:\Program Files\InterMute
    2006-12-10 12:59 <DIR> d——– C:\SOPHTEMP
    2006-12-10 12:37 <DIR> d——– C:\Documents And Settings\All Users.WINDOWS.2\Application Data\Grisoft
    2006-12-10 12:33 3,108 –a—— C:\WINDOWS.2\system32\tmp.reg
    2006-12-10 12:32 79,360 –a—— C:\WINDOWS.2\system32\swxcacls.exe
    2006-12-10 12:32 42,496 –a—— C:\WINDOWS.2\system32\swreg.exe
    2006-12-10 12:32 40,960 –a—— C:\WINDOWS.2\system32\swsc.exe
    2006-12-10 12:32 288,417 –a—— C:\WINDOWS.2\system32\SrchSTS.exe
    2006-12-10 12:29 <DIR> d——– C:\avenger
    2006-12-10 12:18 16 –a—— C:\chdir.bat
    2006-12-10 12:11 <DIR> d——– C:\WINDOWS.2\Prefetch
    2006-12-10 11:53 24,661 –a—— C:\WINDOWS.2\system32\spxcoins.dll
    2006-12-10 11:53 13,312 –a—— C:\WINDOWS.2\system32\irclass.dll
    2006-12-10 10:48 <DIR> d——– C:\WINDOWS.2\system32\Logfiles
    2006-12-06 22:04 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\F-Secure
    2006-12-06 21:53 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\ispnews
    2006-12-06 21:32 <DIR> d——– C:\WINDOWS.2\rnapxs
    2006-12-06 20:12 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2006-12-06 19:43 <DIR> d——– C:\WINDOWS.2\system32\drivers\UMDF
    2006-12-06 14:47 <DIR> d——– C:\Program Files\UPCSmartGuard
    2006-11-30 22:34 <DIR> d——– C:\Program Files\UCBHybrideAflosPlan
    2006-11-28 19:43 <DIR> d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\WholeSecurity
    2006-11-24 12:02 <DIR> d–hs—- C:\WINDOWS.2\ftpcache
    2006-11-19 16:44 <DIR> d——– C:\Program Files\PDFCreator Toolbar
    2006-11-17 13:42 <DIR> d——– C:\Program Files\ATnotes
    2006-11-17 13:20 <DIR> d——– C:\Program Files\ToniArts
    2006-11-17 13:10 <DIR> d——– C:\Program Files\Grisoft


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-16 09:50 4096 –a—— C:\WINDOWS.2\system32\reboot.exe
    2006-12-16 09:23 213 –a—— C:\WINDOWS.2\system32.dll
    2006-12-11 01:07 213 –a—— C:\WINDOWS.2\mssystem.dll
    2006-11-20 16:48 26336 –a—— C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-07 21:48 805 –a—— C:\WINDOWS.2\reg09.exe
    2006-11-07 15:11 ——– d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\Google
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS.2\system32\msxml4.dll
    2006-11-02 16:32 ——– d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\AltDesk
    2006-11-02 11:52 42496 ——— C:\WINDOWS.2\system32\wpdshextres.dll
    2006-10-28 21:54 69689 –a—— C:\WINDOWS.2\UNZIP.DLL
    2006-10-28 21:54 208896 –a—— C:\WINDOWS.2\PATCH.EXE
    2006-10-28 21:54 1142784 –a—— C:\WINDOWS.2\TMUPDATE.DLL
    2006-10-28 20:18 ——– d——– C:\Program Files\Invention Office RG
    2006-10-28 20:14 ——– d——– C:\Program Files\Altdesk
    2006-10-28 18:40 ——– d——– C:\Program Files\SPAMfighter
    2006-10-26 13:16 76560 –a—— C:\WINDOWS.2\system32\drivers\tmcomm.sys
    2006-10-26 12:46 ——– d——– C:\Program Files\Security Task Manager
    2006-10-20 13:38 ——– d——– C:\Program Files\Hijack This
    2006-10-19 21:37 ——– d——– C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\Lavasoft
    2006-10-18 21:47 767488 ——— C:\WINDOWS.2\system32\WMVSENCD.dll
    2006-10-18 21:47 656896 ——— C:\WINDOWS.2\system32\WMVXENCD.dll
    2006-10-18 21:47 613376 ——— C:\WINDOWS.2\system32\wmpmde.dll
    2006-10-18 21:47 535040 ——— C:\WINDOWS.2\system32\wmdrmsdk.dll
    2006-10-18 21:47 317440 ——— C:\WINDOWS.2\system32\MP4SDECD.dll
    2006-10-18 21:47 295936 ——— C:\WINDOWS.2\system32\wmpeffects.dll
    2006-10-18 21:47 284160 ——— C:\WINDOWS.2\system32\PortableDeviceApi.dll
    2006-10-18 21:47 2603008 ——— C:\WINDOWS.2\system32\WpdShext.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS.2\system32\MPG4DECD.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS.2\system32\MP43DECD.dll
    2006-10-18 21:47 212992 ——— C:\WINDOWS.2\system32\MFPLAT.dll
    2006-10-18 21:47 199168 ——— C:\WINDOWS.2\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47 166912 ——— C:\WINDOWS.2\system32\PortableDeviceTypes.dll
    2006-10-18 21:47 1574912 ——— C:\WINDOWS.2\system32\WMVENCOD.dll
    2006-10-18 21:47 1543680 ——— C:\WINDOWS.2\system32\WMVDECOD.dll
    2006-10-18 21:47 1382912 ——— C:\WINDOWS.2\system32\WMVSDECD.dll
    2006-10-18 21:47 133632 ——— C:\WINDOWS.2\system32\WPDShServiceObj.dll
    2006-10-18 21:47 132096 ——— C:\WINDOWS.2\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47 130048 ——— C:\WINDOWS.2\system32\wmpps.dll
    2006-10-18 21:47 101888 ——— C:\WINDOWS.2\system32\PortableDeviceClassExtension.dll
    2006-10-18 20:00 249856 ——— C:\WINDOWS.2\system32\drmupgds.exe
    2006-10-18 20:00 17408 ——— C:\WINDOWS.2\system32\wpdshextautoplay.exe
    2006-10-17 13:20 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-17 12:37 ——– d——– C:\Program Files\Windows Media Bonus Pack for Windows XP
    2006-10-17 11:52 ——– d——– C:\Program Files\MsnMusic
    2006-10-16 16:59 36944 –a—— C:\WINDOWS.2\system32\stcevent.dll
    2006-10-10 12:20 16026 –a—— C:\delfiles.bat
    2006-10-09 10:56 5 –ahs—- C:\WINDOWS.2\system32\ebfcbdda8_s.dll
    2006-10-09 08:12 1343488 –a—— C:\WINDOWS.2\system32\FreeImage.dll
    2006-10-02 15:28 312128 ——— C:\WINDOWS.2\system32\msdelta.dll
    2006-09-28 20:13 95344 ——— C:\WINDOWS.2\system32\WUDFCoinstaller.dll
    2006-09-28 18:56 55808 ——— C:\WINDOWS.2\system32\WudfSvc.dll
    2006-09-28 18:56 316416 ——— C:\WINDOWS.2\system32\WUDFx.dll
    2006-09-28 18:56 165376 ——— C:\WINDOWS.2\system32\WudfPlatform.dll
    2006-09-28 18:56 146432 ——— C:\WINDOWS.2\system32\WudfHost.exe
    2006-09-25 17:58 23856 –a—— C:\WINDOWS.2\system32\spupdsvc.exe
    2006-09-22 11:46 7812848 –a—— C:\vssetup.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS.2\\system32\\ctfmon.exe"
    "RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "C-Media Mixer"="Mixer.exe /startup"
    "MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
    "McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
    "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
    "SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "Hitman Pro Expiration Helper"="\"C:\\Program Files\\Hitman Pro\\xphelper.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS.2\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS.2\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"=dword:00000000
    "NoMovingBands"=dword:00000000
    "NoCloseDragDropBands"=dword:00000000
    "NoSetTaskbar"=dword:00000000
    "NoToolbarsOnTaskbar"=dword:00000000
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000
    "DisableCAD"=dword:00000000
    "ShutdownWithoutLogon"=dword:00000001
    "DontDisplayLastUserName"=dword:00000000
    "HideShutdownScripts"=dword:00000000
    "RunLogonScriptSync"=dword:00000000
    "RunStartupScriptSync"=dword:00000000
    "HideStartupScripts"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001
    "NoWelcomeScreen"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=dword:00000000
    "NoDispAppearancePage"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoThemesTab"=dword:00000000
    "NoChangeKeyboardNavigationIndicators"=dword:00000000
    "NoChangeAnimation"=dword:00000000
    "NoAddPrinter"=dword:00000000
    "NoDeletePrinter"=dword:00000000
    "RestrictCpl"=dword:00000000
    "DisallowCpl"=dword:00000000
    "NoDrives"=dword:00000000
    "NoViewOnDrive"=dword:00000000
    "NoDriveAutoRun"=dword:00000000
    "NoDriveTypeAutoRun"=dword:00000091
    "RestrictRun"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=dword:00000000
    "NoDispAppearancePage"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoThemesTab"=dword:00000000
    "NoChangeKeyboardNavigationIndicators"=dword:00000000
    "NoChangeAnimation"=dword:00000000
    "NoAddPrinter"=dword:00000000
    "NoDeletePrinter"=dword:00000000
    "RestrictCpl"=dword:00000000
    "DisallowCpl"=dword:00000000
    "NoDrives"=dword:00000000
    "NoViewOnDrive"=dword:00000000
    "NoDriveAutoRun"=dword:00000000
    "NoDriveTypeAutoRun"=dword:00000091
    "RestrictRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    "location"="Common Startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Fast Note.lnk]
    "location"="Common Startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^KPN TaskBar Icon.LNK]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS.2\\Menu Start\\Programma's\\Opstarten\\KPN TaskBar Icon.LNK"
    "backup"="C:\\WINDOWS.2\\pss\\KPN TaskBar Icon.LNKCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\KPN\\CBSYST~1.EXE "
    "item"="KPN TaskBar Icon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS.2\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS.2\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS.2\\Menu Start\\Programma's\\Opstarten\\Windows Desktop Search.lnk"
    "backup"="C:\\WINDOWS.2\\pss\\Windows Desktop Search.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\Program Files\\MSN Toolbar Suite\\DS\\02.05.0001.1119\\nl-nl\\bin\\WindowsSearch.exe /startup"
    "item"="Windows Desktop Search"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^EfdeceServer.lnk]
    "path"="C:\\Documents and Settings\\Henk Grim.HENK-6H0YJSNWIW\\Menu Start\\Programma's\\Opstarten\\EfdeceServer.lnk"
    "backup"="C:\\WINDOWS.2\\pss\\EfdeceServer.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\Efdece\\NWP\\Server\\EFDECE~1.EXE "
    "item"="EfdeceServer"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^Google Desktop.lnk]
    "path"="C:\\Documents and Settings\\Henk Grim.HENK-6H0YJSNWIW\\Menu Start\\Programma's\\Opstarten\\Google Desktop.lnk"
    "backup"="C:\\WINDOWS.2\\pss\\Google Desktop.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~2.EXE /homepage"
    "item"="Google Desktop"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^SpamExperts.lnk]
    "path"="C:\\Documents and Settings\\Henk Grim.HENK-6H0YJSNWIW\\Menu Start\\Programma's\\Opstarten\\SpamExperts.lnk"
    "backup"="C:\\WINDOWS.2\\pss\\SpamExperts.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\SPAMEX~1\\SPAMEX~1.EXE "
    "item"="SpamExperts"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgas"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgcc"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="rundll32"
    "hkey"="HKLM"
    "command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FSM32"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UPCSmartGuard\\Common\\FSM32.EXE\" /splash"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FSSW"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UPCSmartGuard\\FSGUI\\FSSW.EXE\" /reboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TNBUtil"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UPCSmartGuard\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IMEKRMIG"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS.2\\ime\\imkr6_1\\IMEKRMIG.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IMJPMIG"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS.2\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ispnews"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UPCSmartGuard\\FSGUI\\ispnews.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nod32kui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SerExt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SerExt"
    "hkey"="HKLM"
    "command"="SerExt.exe /plug"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SFAgent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="spamihilator"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tca"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tcm"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="xpupdate"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS.2\tasks\MP Scheduled Scan.job

    Completion time: 06-12-17 12:32:12.84
    C:\ComboFix.txt … 06-12-17 12:32
    C:\ComboFix3.txt … 06-11-25 21:49
    C:\ComboFix2.txt … 06-12-10 01:36
  • Sophos : hier ging iets verkkerd bij heb ik het idee!

    kreeg de melding :
    Could not initialize kernel driver memsweep.sys.
    De opgegeven service is voor verwijdering gemarkeerd.



    Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
    Started logging on 17-12-2006 at 12:27:04
    Warning: Failed to set privilege SeDebugPrivilege. You may not have
    sufficient access rights.
    Niet alle toegangsrechten waarnaar wordt verwezen, zijn toegewezen aan de aanroeper.
    Error: Could not initialize kernel driver memsweep.sys. Please restart and try again.
    De opgegeven service is voor verwijdering gemarkeerd.
    Warning: Error reading list of user profiles. You may not have
    access rights to the whole registry.
    Stopped logging on 17-12-2006 at 12:40:05
  • Logfile of HijackThis v1.99.1
    Scan saved at 12:43:10, on 17-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS.2\Explorer.EXE
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\WINDOWS.2\Mixer.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\KPN\CBSysTray.exe
    C:\Program Files\KPN\AgentSrv.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS.2\system32\cisvc.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS.2\system32\cmd.exe
    C:\ASSIS1\DFRUNCON.EXE
    C:\ASSIS1\DFDAEMON.EXE
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\hijack\hijackthis\henk.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: McAfee Total Protection.lnk = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KPN TaskBar Icon.LNK = C:\Program Files\KPN\CBSysTray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://ols.chello.be/nl/fscax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://www.tpnabestaandenzorg.nl/forms90/jinitiator/jinit.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\WPDShServiceObj.dll
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\KPN\AgentSrv.EXE
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
  • Mooi. Ik ga met de logjes aan de slag, maar eerst een logje van Sophos.

    Download sedebugfix.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/sedebugfix.exe
    Dubbelklik op sedebugfix.exe. Wanneer je de melding krijgt om de computer te herstarten druk je op een toets om het venster van sedebugfix.exe te sluiten en herstart je de computer.

    Run daarna de sophos scanner opnieuw.
  • Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
    Started logging on 17-12-2006 at 12:27:04
    Warning: Failed to set privilege SeDebugPrivilege. You may not have
    sufficient access rights.
    Niet alle toegangsrechten waarnaar wordt verwezen, zijn toegewezen aan de aanroeper.
    Error: Could not initialize kernel driver memsweep.sys. Please restart and try again.
    De opgegeven service is voor verwijdering gemarkeerd.
    Warning: Error reading list of user profiles. You may not have
    access rights to the whole registry.
    Stopped logging on 17-12-2006 at 12:40:05


    Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
    Started logging on 17-12-2006 at 13:17:39
    Warning: Error reading list of user profiles. You may not have
    access rights to the whole registry.
    Hidden: file C:\WINDOWS.0\ServicePackFiles\i386\fpsrvadm.exe
    Stopped logging on 17-12-2006 at 13:28:18
  • Is dit niet dat gromozon ding? Die blokkeert ook toegang tot services etc.
    Zie: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=168686
  • Klopt Gerben: zie http://forum.computertotaal.nl/phpBB/viewtopic.php?p=1164173#1164173
    Die rootkit is in principe al verwijderd.
    PREVX heeft een removaltool die deze meestal perfect verwijderd.

    Maar hier zat nog wat in de weg.

    Download Dr. Web CureIt.
    Plaats het op je bureaublad.
    [list:915c549e9f]
    [*:915c549e9f]Dubbelklik op [b:915c549e9f]drweb-cureit.exe[/b:915c549e9f] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'.
    [*:915c549e9f]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje.
    [*:915c549e9f]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten.
    [*:915c549e9f]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
    [*:915c549e9f]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:915c549e9f]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:915c549e9f]
    [*:915c549e9f]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:915c549e9f]Move incurable[/b:915c549e9f].
    [img:915c549e9f]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:915c549e9f]
    Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden.
    [*:915c549e9f]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad.
    [*:915c549e9f]Sluit het programma Dr. Web CureIt af.
    [*:915c549e9f]Herstart de computer en post het logje.
    [/list:u:915c549e9f]
  • myagtsvc.exe c:\program files\mcafee\managed virusscan\agent Probably BACKDOOR.Trojan Renamed.

    volgens mij iets verkerds gedaan, klikt per ongeluk op rename.
  • Meld eerst maar even voordat ik verder ga dat ik cureit. opnieuw gestart heb en vreemde meldingen krijg. Wat te doen?

    heb een mail gestuurd met probleem.
  • Wat voor meldingen?
    Kan je het logje posten?
  • mcinst.exe C:\Program Files\Common Files\McAfee\Installer Probably BACKDOOR.Trojan Incurable.Moved.
    Setup.#xe C:\Program Files\Skyline\TerraExplorer Probably DLOADER.Trojan Incurable.Moved.
    PluginManagerPlugin.#ll C:\Program Files\Liquid Audio\Liquid Plugins Probably DLOADER.Trojan Incurable.Moved.
    myRumor.dll C:\Program Files\McAfee\Managed VirusScan\Agent Probably DLOADER.Trojan Incurable.Moved.
    myagtsvc.#xe C:\Program Files\McAfee\Managed VirusScan\Agent Probably BACKDOOR.Trojan Incurable.Moved.
    services32.dll C:\WINDOWS.2 Trojan.DownLoader.15155 Deleted.
    fscax.dll C:\WINDOWS.2\Downloaded Program Files Probably BINARYRES Incurable.Moved.
    Silent Runners.vbs C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging Probably BATCH.Virus Incurable.Moved.
    A0073361.#xe C:\System Volume Information\_restore{72839B86-AE05-4102-B1D2-5321D484C70D}\RP135 Probably BACKDOOR.Trojan Incurable.Moved.
    A0010941.EXE\data001 C:\System Volume Information\_restore{58370BD7-9F9A-4B3C-B03A-F00FD62C1760}\RP20\A0010941.EXE Trojan.DownLoader.15155
    A0010941.EXE\data002 C:\System Volume Information\_restore{58370BD7-9F9A-4B3C-B03A-F00FD62C1760}\RP20\A0010941.EXE Trojan.DownLoader.15155
    A0010941.EXE C:\System Volume Information\_restore{58370BD7-9F9A-4B3C-B03A-F00FD62C1760}\RP20 Archive contains infected objects Moved.
    A0012081.exe C:\System Volume Information\_restore{58370BD7-9F9A-4B3C-B03A-F00FD62C1760}\RP21 Probably BACKDOOR.Trojan Incurable.Moved.
    A0012109.dll C:\System Volume Information\_restore{58370BD7-9F9A-4B3C-B03A-F00FD62C1760}\RP21 Trojan.DownLoader.15155 Deleted.
  • Ziet er goed uit.
    Maak nog even een nieuwe hijackthislog en post deze.

    Alle problemen opgelost nu?
  • hij loopt lekker voor de rest, alleen is er iets met mcaffeevirusscan, die kan ik niet updaten, denk iets met bovenstaande te maken?


    Logfile of HijackThis v1.99.1
    Scan saved at 17:16:49, on 18-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS.2\Explorer.EXE
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\KPN\AgentSrv.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS.2\system32\cisvc.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\WINDOWS.2\Mixer.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\KPN\CBSysTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\system32\cidaemon.exe
    C:\Program Files\KirysTech2k\FastNote\kfn.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS.2\system32\ntvdm.exe
    C:\WINDOWS.2\system32\cmd.exe
    C:\ASSIS1\DFRUNCON.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Efdece\NWP\Server\EFDECE~1.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\hijack\hijackthis\henk.exe.exe
    C:\WINDOWS.2\system32\cidaemon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: McAfee Total Protection.lnk = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KPN TaskBar Icon.LNK = C:\Program Files\KPN\CBSysTray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://ols.chello.be/nl/fscax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - https://www.tpnabestaandenzorg.nl/forms90/jinitiator/jinit.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\WPDShServiceObj.dll
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\KPN\AgentSrv.EXE
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.