Mededeling

Collapse
No announcement yet.

Virus scanner (McAfee) stopt spontaan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus scanner (McAfee) stopt spontaan

    Verplaatst Virus --->>> Hijackthis logs.

    Ik heb sinds enige weken een probleem met McAfee virus scanner. Ik krijg dan de melding: "In NT On-Access Scanner Service is een fout opgetreden etc" ( Zie bijlage NT-Error.doc)

    Dit gebeurt ook als ik de PC niet actief gebruik. Ik heb McAfee verwijderd en opnieuw geinstalleerd maar dat heeft niet geholpen

    Ik gebruik Zonealarm Firewall, Ad-Aware en McAfee virus scanner.

    Vraag is hoe is dit probleem kan oplossen.

    Alvast bedankt voor jullie hulp/suggesties,
    Rob


    Zie hieronder de HijackThis.log
    Logfile of HijackThis v1.99.1
    Scan saved at 20:30:05, on 21-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
    C:\ScanPanel\ScnPanel.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Els-Rob\Mijn documenten\system updates\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Bijgevoegde Bestanden
    Last edited by Crash; 21-12-07, 21:11. Reden: Afzender vergeten

  • #2
    Aanvulling

    Ik zie dat er een groot aantal 'hulp-aanvragen' gedaan wordt. Daarom heb ik in de tussentijd enige aanvullende informatie verzameld. Wellicht geeft dat meer aanknopingspunten:

    1.
    Ad-Aware + Spybot geven geen foutmeldingen

    2.
    De foutmelding verschijnt als ik in de explorer een nieuwe folder aanmaak

    3.
    Vlgs mij heeft dit probleem geleid tot het 'leegmaken' van mijn folders van outlook express (de dbx-files staan er wel maar outlook 'ziet' de mails niet meer. Dit probleem had ik eerder. Toen heb ik, net als nu, de meeste mails kunnen redden via "dbxtract".

    4.
    Ik heb de 'logfiles' bij de foutmelding beschikbaar (incl. de DMP-files) Als het nodig is kan ik deze toevoegen als bijlage. Ik hoor graag of dit nuttig is.

    Alvast bedankt voor jullie reactie/support.

    Rob

    Comment


    • #3
      Aanvulling (2)

      Ik heb inmiddels een ander minder plezierig fenomeen in mijn mail. Alles wat ik in outlook express zet 'verdwijnt' vanzelf:

      1.
      bij het ontvangen mails krijg ik nog wel de melding "1 nieuw bericht ontvangen"; het bericht zelf zie ik niet.

      2.
      Idem voor het verzenden van berichten. Die komen we in "Postvak uit" maar worden vervolgens niet meer verstuurd.

      Dit fenomeen doet zich onder 1 van de 5 accounts (op Win XP Home) voor.
      Op een andere account werkt outlook express zonder problemen.

      Alvast bedankt voor jullie hulp.

      Groeten,
      Rob

      Comment


      • #4
        een merkwaardig probleem, van welk account is bovenstaande HJT logje ??


        Schakel tijdelijk Windows Defender uit
        Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
        * Open Windows Defender > Klik Tools
        * Klik "General Settings"
        * Scroll naar "Real Time Protection Options"
        * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
        * Sluit Windows Defender
        (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

        Sluit alle vensters behalve Hijackthis
        Klik op 'Fix checked' om de items te verwijderen.


        Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


        Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
        Controleer onder Weergave de volgende instellingen:

        Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
        Uitzetten: Extensies voor bekende bestandstypen verbergen

        Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
        Selecteer: Verborgen bestanden en mappen weergeven

        C:\Windows\Temp
        C:\Documents and Settings\<user>\Local Settings\Temp
        C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
        C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
        <user> staat hier voor je profielnaam !!
        Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

        Maak je prullenbak leeg.


        Download Combofix naar je Bureaublad.
        Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

        OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
        • Dubbelklik op Combofix.exe
          Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
          Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post samen met een nieuw HijackThis log.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hallo Juisterr,

          Bedankt voor je reactie. De eerdere Hijack-log heb ik gemaakt onder het account Els-Rob, waarvan ook de mail-box 'leeggemaakt' is.

          Ik heb in de tussentijd zelf bezig geweest om van het probleem af te komen.

          1.
          Een nieuw profiel gemaakt (onder een ander account de oude directory-structuur renamen, en dan opnieuw inloggen). Dit hielp niet.

          2.
          Conbofix heb ik ook al een keer gedraaid. Ook geen verbetering.

          3.
          Op internet las ik dat combinatie ZoneAlarm en McAfee soms problemen geeft. McAfee heb ik daarom verwijderd en ik heb AVG 'draaien'. Sindsdien (30-dec) is probleem niet meer opgetreden. Wat betreft de mail, ik overweeg naar Thunderbird over te stappen.

          Ik weet dus niet of ik de oorzaak heb te pakken, maar het ziet er wel hoopvol uit.

          Alvast een vraagje bij Hijack-log: kan ik de volgende regel verwijderen?
          O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
          Volgens is dit nog een overblijfsel van Norton.

          Alvast bedankt voor je reactie.
          Rob

          Hierbij de gevraagde logjes:

          Logfile of HijackThis v1.99.1
          Scan saved at 19:49:06, on 6-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Analog Devices\Core\smax4pnp.exe
          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
          C:\Program Files\Dell\Media Experience\DMXLauncher.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
          C:\WINDOWS\system32\hkcmd.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
          C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
          C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\ScanPanel\ScnPanel.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\igfxsrvc.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Documents and Settings\Els - Rob\Mijn documenten\system updates\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
          O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
          O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
          O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
          O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
          O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


          ComboFix 08-01-06.1 - Els - Rob 2008-01-05 18:51:34.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Els - Rob\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
          .

          2008-01-05 18:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-01 20:50 . 2008-01-01 20:50 <DIR> d-------- C:\Program Files\CCleaner
          2008-01-01 20:18 . 2008-01-01 20:18 <DIR> d-------- C:\Documents and Settings\Els - Rob\Contacts
          2008-01-01 16:50 . 2008-01-01 17:48 <DIR> d-------- C:\Documents and Settings\Joost\Application Data\AVG7
          2007-12-31 20:22 . 2008-01-04 18:32 <DIR> d-------- C:\Documents and Settings\AWC JC\Application Data\AVG7
          2007-12-30 23:12 . 2007-12-30 23:12 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Lavasoft
          2007-12-30 22:58 . 2007-12-30 22:58 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AdobeUM
          2007-12-30 22:28 . 2008-01-04 17:41 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\AVG7
          2007-12-30 20:14 . 2008-01-05 11:09 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AVG7
          2007-12-30 20:09 . 2007-12-30 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2007-12-30 20:08 . 2007-12-30 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-30 20:08 . 2007-12-30 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2007-12-30 19:36 . 2007-12-30 19:36 <DIR> d---s---- C:\Documents and Settings\Els - Rob\UserData
          2007-12-30 19:27 . 2007-12-30 19:27 <DIR> d-------- C:\WINDOWS\McAfee.com
          2007-12-30 19:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2007-12-30 19:13 . 2007-12-30 19:15 <DIR> d-------- C:\Program Files\Java
          2007-12-30 19:12 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\Common Files\Java
          2007-12-30 19:04 . 2007-12-30 19:04 <DIR> d-------- C:\Documents and Settings\Els - Rob\DoctorWeb
          2007-12-30 15:25 . 2007-12-30 15:25 <DIR> d-------- C:\Temp\NT On access error
          2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Sjablonen
          2007-12-30 15:24 . 2008-01-05 18:37 <DIR> dr-h----- C:\Documents and Settings\Els - Rob\Onlangs geopend
          2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Netwerkprinteromgeving
          2007-12-30 15:24 . 2008-01-05 12:34 <DIR> dr------- C:\Documents and Settings\Els - Rob\Mijn documenten
          2007-12-30 15:24 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els - Rob\Menu Start
          2007-12-30 15:24 . 2008-01-04 19:32 <DIR> dr------- C:\Documents and Settings\Els - Rob\Favorieten
          2007-12-30 15:24 . 2008-01-05 18:49 <DIR> d-------- C:\Documents and Settings\Els - Rob\Bureaublad
          2007-12-30 15:24 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Symantec
          2007-12-30 15:24 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Jasc Software Inc
          2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Sjablonen
          2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr-h----- C:\Documents and Settings\Els-Rob\Onlangs geopend
          2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Netwerkprinteromgeving
          2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Mijn documenten
          2007-12-30 15:20 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob\Menu Start
          2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Favorieten
          2007-12-30 15:20 . 2007-12-30 20:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Bureaublad
          2007-12-30 15:20 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Symantec
          2007-12-30 15:20 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Jasc Software Inc
          2007-12-30 14:27 . 2007-12-30 14:28 <DIR> d-------- C:\RVAXO
          2007-12-30 14:25 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
          2007-12-30 14:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2007-12-30 14:23 . 2007-12-30 14:23 <DIR> d-------- C:\Program Files\SpeedFan
          2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Sjablonen
          2007-12-29 10:38 . 2007-12-30 15:01 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old3\Onlangs geopend
          2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Netwerkprinteromgeving
          2007-12-29 10:38 . 2007-12-30 14:15 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Mijn documenten
          2007-12-29 10:38 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Menu Start
          2007-12-29 10:38 . 2007-12-29 18:49 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Favorieten
          2007-12-29 10:38 . 2007-12-30 14:25 <DIR> d-------- C:\Documents and Settings\Els-Rob old3\Bureaublad
          2007-12-29 09:38 . 2007-12-29 09:38 <DIR> d-------- C:\Temp\backup
          2007-12-28 18:24 . 2007-12-28 18:24 <DIR> d---s---- C:\Documents and Settings\Els-Rob old2\UserData
          2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Sjablonen
          2007-12-28 18:03 . 2007-12-28 20:05 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old2\Onlangs geopend
          2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Netwerkprinteromgeving
          2007-12-28 18:03 . 2007-12-29 10:56 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Mijn documenten
          2007-12-28 18:03 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Menu Start
          2007-12-28 18:03 . 2007-12-28 20:09 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Favorieten
          2007-12-28 18:03 . 2007-12-28 20:23 <DIR> d-------- C:\Documents and Settings\Els-Rob old2\Bureaublad
          2007-12-28 11:40 . 2007-12-28 11:41 <DIR> d-------- C:\Temp\mail-bck
          2007-12-24 18:45 . 2008-01-04 18:43 <DIR> dr-h----- C:\Documents and Settings\AWC JC\Onlangs geopend
          2007-12-24 16:52 . 2007-12-24 16:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Apple Computer
          2007-12-24 16:52 . 2007-12-24 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2007-12-24 16:52 . 2007-12-24 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
          2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Program Files\ZoneAlarmSB
          2007-12-14 16:52 . 2007-01-28 10:16 143,253 --a------ C:\WINDOWS\hpdj3840.hi2
          2007-12-14 16:52 . 2007-01-28 10:16 10,755 --a------ C:\WINDOWS\hpdj3840.bu2

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-06 17:55 15,628,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
          2008-01-04 23:01 152,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
          2007-12-30 20:42 --------- d-----w C:\Program Files\Network Associates
          2007-12-30 13:27 --------- d-----w C:\Program Files\Google
          2007-12-30 09:14 32,407,741 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
          2007-12-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-23 21:25 --------- d-----w C:\Program Files\Hitman Pro
          2007-12-23 21:20 --------- d-----w C:\Program Files\DBX Backup
          2007-12-23 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-14 15:53 --------- d-----w C:\Program Files\HP
          2007-12-14 15:53 --------- d-----w C:\Program Files\Hewlett-Packard
          2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
          2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
          2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-01 15:25 36,864 ----a-w C:\WINDOWS\system32\EGameEncrypt.dll
          2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
          2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
          2007-10-25 09:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
          2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-25 09:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
          2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
          2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
          2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
          2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
          2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
          2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
          2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
          2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
          2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
          2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
          2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
          2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
          2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
          2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
          2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
          2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
          2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
          2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
          "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
          "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 13:17 180269]
          "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
          "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-04-06 13:26 37888]
          "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]
          "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
          "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
          "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
          "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 21:28 49152]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
          "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 01:17 172032]
          "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 09:24 579072]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
          "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
          "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 20:09 219136]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54]
          ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2006-01-08 12:32:45]


          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-31 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-05 10:09:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-06 18:55:49
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
          -> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
          .
          Voltooingstijd: 2008-01-06 18:56:37
          ComboFix-quarantined-files.txt 2008-01-06 17:56:32
          ComboFix2.txt 2007-10-19 17:48:35
          ComboFix3.txt 2007-05-05 16:39:52
          .
          2007-12-28 11:32:04 --- E O F ---

          Comment


          • #6
            Hallo Juisterr,

            Bedankt voor je reactie. De eerdere Hijack-log heb ik gemaakt onder het account Els-Rob, waarvan ook de mail-box 'leeggemaakt' is.

            Ik ben in de tussentijd zelf bezig geweest om van het probleem af te komen.

            1.
            Een nieuw profiel gemaakt (onder een ander account de oude directory-structuur renamen, en dan opnieuw inloggen). Dit hielp niet.

            2.
            Conbofix heb ik ook al een keer gedraaid. Ook geen verbetering.

            3.
            Op internet las ik dat combinatie ZoneAlarm en McAfee soms problemen geeft. McAfee heb ik daarom verwijderd en ik heb AVG 'draaien'. Sindsdien (30-dec) is probleem niet meer opgetreden. Wat betreft de mail, ik overweeg naar Thunderbird over te stappen.

            Ik weet dus niet of ik de oorzaak heb te pakken, maar het ziet er wel hoopvol uit.

            Alvast een vraagje bij Hijack-log: kan ik de volgende regel verwijderen?
            O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
            Volgens is dit nog een overblijfsel van Norton.

            Alvast bedankt voor je reactie.
            Rob

            Hierbij de gevraagde logjes:

            Logfile of HijackThis v1.99.1
            Scan saved at 19:49:06, on 6-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Windows Defender\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Analog Devices\Core\smax4pnp.exe
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\WINDOWS\system32\dla\tfswctrl.exe
            C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\ScanPanel\ScnPanel.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\igfxsrvc.exe
            C:\Program Files\Windows Defender\MSASCui.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Documents and Settings\Els - Rob\Mijn documenten\system updates\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
            O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
            O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
            O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
            O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
            O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


            ComboFix 08-01-06.1 - Els - Rob 2008-01-05 18:51:34.3 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Els - Rob\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
            .

            2008-01-05 18:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-01 20:50 . 2008-01-01 20:50 <DIR> d-------- C:\Program Files\CCleaner
            2008-01-01 20:18 . 2008-01-01 20:18 <DIR> d-------- C:\Documents and Settings\Els - Rob\Contacts
            2008-01-01 16:50 . 2008-01-01 17:48 <DIR> d-------- C:\Documents and Settings\Joost\Application Data\AVG7
            2007-12-31 20:22 . 2008-01-04 18:32 <DIR> d-------- C:\Documents and Settings\AWC JC\Application Data\AVG7
            2007-12-30 23:12 . 2007-12-30 23:12 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Lavasoft
            2007-12-30 22:58 . 2007-12-30 22:58 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AdobeUM
            2007-12-30 22:28 . 2008-01-04 17:41 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\AVG7
            2007-12-30 20:14 . 2008-01-05 11:09 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AVG7
            2007-12-30 20:09 . 2007-12-30 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
            2007-12-30 20:08 . 2007-12-30 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2007-12-30 20:08 . 2007-12-30 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
            2007-12-30 19:36 . 2007-12-30 19:36 <DIR> d---s---- C:\Documents and Settings\Els - Rob\UserData
            2007-12-30 19:27 . 2007-12-30 19:27 <DIR> d-------- C:\WINDOWS\McAfee.com
            2007-12-30 19:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2007-12-30 19:13 . 2007-12-30 19:15 <DIR> d-------- C:\Program Files\Java
            2007-12-30 19:12 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\Common Files\Java
            2007-12-30 19:04 . 2007-12-30 19:04 <DIR> d-------- C:\Documents and Settings\Els - Rob\DoctorWeb
            2007-12-30 15:25 . 2007-12-30 15:25 <DIR> d-------- C:\Temp\NT On access error
            2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Sjablonen
            2007-12-30 15:24 . 2008-01-05 18:37 <DIR> dr-h----- C:\Documents and Settings\Els - Rob\Onlangs geopend
            2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Netwerkprinteromgeving
            2007-12-30 15:24 . 2008-01-05 12:34 <DIR> dr------- C:\Documents and Settings\Els - Rob\Mijn documenten
            2007-12-30 15:24 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els - Rob\Menu Start
            2007-12-30 15:24 . 2008-01-04 19:32 <DIR> dr------- C:\Documents and Settings\Els - Rob\Favorieten
            2007-12-30 15:24 . 2008-01-05 18:49 <DIR> d-------- C:\Documents and Settings\Els - Rob\Bureaublad
            2007-12-30 15:24 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Symantec
            2007-12-30 15:24 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Jasc Software Inc
            2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Sjablonen
            2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr-h----- C:\Documents and Settings\Els-Rob\Onlangs geopend
            2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Netwerkprinteromgeving
            2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Mijn documenten
            2007-12-30 15:20 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob\Menu Start
            2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Favorieten
            2007-12-30 15:20 . 2007-12-30 20:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Bureaublad
            2007-12-30 15:20 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Symantec
            2007-12-30 15:20 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Jasc Software Inc
            2007-12-30 14:27 . 2007-12-30 14:28 <DIR> d-------- C:\RVAXO
            2007-12-30 14:25 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
            2007-12-30 14:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2007-12-30 14:23 . 2007-12-30 14:23 <DIR> d-------- C:\Program Files\SpeedFan
            2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Sjablonen
            2007-12-29 10:38 . 2007-12-30 15:01 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old3\Onlangs geopend
            2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Netwerkprinteromgeving
            2007-12-29 10:38 . 2007-12-30 14:15 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Mijn documenten
            2007-12-29 10:38 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Menu Start
            2007-12-29 10:38 . 2007-12-29 18:49 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Favorieten
            2007-12-29 10:38 . 2007-12-30 14:25 <DIR> d-------- C:\Documents and Settings\Els-Rob old3\Bureaublad
            2007-12-29 09:38 . 2007-12-29 09:38 <DIR> d-------- C:\Temp\backup
            2007-12-28 18:24 . 2007-12-28 18:24 <DIR> d---s---- C:\Documents and Settings\Els-Rob old2\UserData
            2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Sjablonen
            2007-12-28 18:03 . 2007-12-28 20:05 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old2\Onlangs geopend
            2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Netwerkprinteromgeving
            2007-12-28 18:03 . 2007-12-29 10:56 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Mijn documenten
            2007-12-28 18:03 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Menu Start
            2007-12-28 18:03 . 2007-12-28 20:09 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Favorieten
            2007-12-28 18:03 . 2007-12-28 20:23 <DIR> d-------- C:\Documents and Settings\Els-Rob old2\Bureaublad
            2007-12-28 11:40 . 2007-12-28 11:41 <DIR> d-------- C:\Temp\mail-bck
            2007-12-24 18:45 . 2008-01-04 18:43 <DIR> dr-h----- C:\Documents and Settings\AWC JC\Onlangs geopend
            2007-12-24 16:52 . 2007-12-24 16:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Apple Computer
            2007-12-24 16:52 . 2007-12-24 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2007-12-24 16:52 . 2007-12-24 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
            2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Program Files\ZoneAlarmSB
            2007-12-14 16:52 . 2007-01-28 10:16 143,253 --a------ C:\WINDOWS\hpdj3840.hi2
            2007-12-14 16:52 . 2007-01-28 10:16 10,755 --a------ C:\WINDOWS\hpdj3840.bu2

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-06 17:55 15,628,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
            2008-01-04 23:01 152,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
            2007-12-30 20:42 --------- d-----w C:\Program Files\Network Associates
            2007-12-30 13:27 --------- d-----w C:\Program Files\Google
            2007-12-30 09:14 32,407,741 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
            2007-12-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-23 21:25 --------- d-----w C:\Program Files\Hitman Pro
            2007-12-23 21:20 --------- d-----w C:\Program Files\DBX Backup
            2007-12-23 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-14 15:53 --------- d-----w C:\Program Files\HP
            2007-12-14 15:53 --------- d-----w C:\Program Files\Hewlett-Packard
            2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
            2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
            2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-01 15:25 36,864 ----a-w C:\WINDOWS\system32\EGameEncrypt.dll
            2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
            2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
            2007-10-25 09:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
            2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-25 09:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
            2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
            2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
            2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
            2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
            2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
            2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
            2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
            2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
            2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
            2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
            2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
            2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
            2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
            2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
            2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
            2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
            2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
            "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
            "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
            "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 13:17 180269]
            "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
            "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-04-06 13:26 37888]
            "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]
            "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
            "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
            "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
            "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 21:28 49152]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
            "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
            "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 01:17 172032]
            "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
            "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 09:24 579072]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
            "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
            "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
            "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 20:09 219136]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54]
            ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2006-01-08 12:32:45]


            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-31 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2008-01-05 10:09:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
            - C:\Program Files\Windows Defender\MpCmdRun.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-06 18:55:49
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
            -> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
            .
            Voltooingstijd: 2008-01-06 18:56:37
            ComboFix-quarantined-files.txt 2008-01-06 17:56:32
            ComboFix2.txt 2007-10-19 17:48:35
            ComboFix3.txt 2007-05-05 16:39:52
            .
            2007-12-28 11:32:04 --- E O F ---

            Comment


            • #7
              Schakel volgende achtergebleven Symantec service uit
              Restjes van Symante, maar die kunnen conflicteren met je avg

              * Ga naar start > uitvoeren > typ services.msc en enter

              * Ga in de lijst van services die opent, op zoek naar volgende service:
              planner voor automatische liveupdate

              * Doe er rechtermuisklik op > kies "eigenschappen"

              * In het venstertje dat opent, klik (indien aanklikbaar) op "stoppen", en bij "opstarttype", selecteer "uitgeschakeld".

              * Klik dan onderaan op knopje Toepassen/ok

              * en die hetzelfde voor deze :
              symantec core lc

              * toepassen/ok

              nog bedankt voor je antwoord.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Hallo Juisterr,

                Bedankt voor je reactie.

                De laatste 'vuiltjes' zijn verwijderd. Van mij mag je deze discussie / vraag afsluiten.

                Groeten,
                Rob

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X