Mededeling

Collapse
No announcement yet.

Virus scanner (McAfee) stopt spontaan

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Virus scanner (McAfee) stopt spontaan

    Verplaatst Virus --->>> Hijackthis logs.

    Ik heb sinds enige weken een probleem met McAfee virus scanner. Ik krijg dan de melding: "In NT On-Access Scanner Service is een fout opgetreden etc" ( Zie bijlage NT-Error.doc)

    Dit gebeurt ook als ik de PC niet actief gebruik. Ik heb McAfee verwijderd en opnieuw geinstalleerd maar dat heeft niet geholpen

    Ik gebruik Zonealarm Firewall, Ad-Aware en McAfee virus scanner.

    Vraag is hoe is dit probleem kan oplossen.

    Alvast bedankt voor jullie hulp/suggesties,
    Rob


    Zie hieronder de HijackThis.log
    Logfile of HijackThis v1.99.1
    Scan saved at 20:30:05, on 21-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
    C:\ScanPanel\ScnPanel.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Els-Rob\Mijn documenten\system updates\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Bijgevoegde Bestanden
    Last edited by Crash; 21-12-07, 20:11. Reden: Afzender vergeten
    Labels: Geen
      • Citaat
    • #2
      Aanvulling

      Ik zie dat er een groot aantal 'hulp-aanvragen' gedaan wordt. Daarom heb ik in de tussentijd enige aanvullende informatie verzameld. Wellicht geeft dat meer aanknopingspunten:

      1.
      Ad-Aware + Spybot geven geen foutmeldingen

      2.
      De foutmelding verschijnt als ik in de explorer een nieuwe folder aanmaak

      3.
      Vlgs mij heeft dit probleem geleid tot het 'leegmaken' van mijn folders van outlook express (de dbx-files staan er wel maar outlook 'ziet' de mails niet meer. Dit probleem had ik eerder. Toen heb ik, net als nu, de meeste mails kunnen redden via "dbxtract".

      4.
      Ik heb de 'logfiles' bij de foutmelding beschikbaar (incl. de DMP-files) Als het nodig is kan ik deze toevoegen als bijlage. Ik hoor graag of dit nuttig is.

      Alvast bedankt voor jullie reactie/support.

      Rob
        • Citaat

        Comment

        • #3
          Aanvulling (2)

          Ik heb inmiddels een ander minder plezierig fenomeen in mijn mail. Alles wat ik in outlook express zet 'verdwijnt' vanzelf:

          1.
          bij het ontvangen mails krijg ik nog wel de melding "1 nieuw bericht ontvangen"; het bericht zelf zie ik niet.

          2.
          Idem voor het verzenden van berichten. Die komen we in "Postvak uit" maar worden vervolgens niet meer verstuurd.

          Dit fenomeen doet zich onder 1 van de 5 accounts (op Win XP Home) voor.
          Op een andere account werkt outlook express zonder problemen.

          Alvast bedankt voor jullie hulp.

          Groeten,
          Rob
            • Citaat

            Comment

            • #4
              een merkwaardig probleem, van welk account is bovenstaande HJT logje ??


              Schakel tijdelijk Windows Defender uit
              Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
              * Open Windows Defender > Klik Tools
              * Klik "General Settings"
              * Scroll naar "Real Time Protection Options"
              * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
              * Sluit Windows Defender
              (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



              Start Hijackthis op en kies voor 'Do a system scan only'
              Selecteer alleen de items die hieronder zijn genoemd:

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

              Sluit alle vensters behalve Hijackthis
              Klik op 'Fix checked' om de items te verwijderen.


              Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


              Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
              Controleer onder Weergave de volgende instellingen:

              Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
              Uitzetten: Extensies voor bekende bestandstypen verbergen

              Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
              Selecteer: Verborgen bestanden en mappen weergeven

              C:\Windows\Temp
              C:\Documents and Settings\<user>\Local Settings\Temp
              C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
              C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
              <user> staat hier voor je profielnaam !!
              Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

              Maak je prullenbak leeg.


              Download Combofix naar je Bureaublad.
              Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

              OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
              • Dubbelklik op Combofix.exe
                Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
                Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

              Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
              Plaats deze log in je volgende post samen met een nieuw HijackThis log.

              Windows 10 opstarten in Veilige Modus
                • Citaat

                Comment

                • #5
                  Hallo Juisterr,

                  Bedankt voor je reactie. De eerdere Hijack-log heb ik gemaakt onder het account Els-Rob, waarvan ook de mail-box 'leeggemaakt' is.

                  Ik heb in de tussentijd zelf bezig geweest om van het probleem af te komen.

                  1.
                  Een nieuw profiel gemaakt (onder een ander account de oude directory-structuur renamen, en dan opnieuw inloggen). Dit hielp niet.

                  2.
                  Conbofix heb ik ook al een keer gedraaid. Ook geen verbetering.

                  3.
                  Op internet las ik dat combinatie ZoneAlarm en McAfee soms problemen geeft. McAfee heb ik daarom verwijderd en ik heb AVG 'draaien'. Sindsdien (30-dec) is probleem niet meer opgetreden. Wat betreft de mail, ik overweeg naar Thunderbird over te stappen.

                  Ik weet dus niet of ik de oorzaak heb te pakken, maar het ziet er wel hoopvol uit.

                  Alvast een vraagje bij Hijack-log: kan ik de volgende regel verwijderen?
                  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
                  Volgens is dit nog een overblijfsel van Norton.

                  Alvast bedankt voor je reactie.
                  Rob

                  Hierbij de gevraagde logjes:

                  Logfile of HijackThis v1.99.1
                  Scan saved at 19:49:06, on 6-1-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Analog Devices\Core\smax4pnp.exe
                  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                  C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\WINDOWS\system32\dla\tfswctrl.exe
                  C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\ScanPanel\ScnPanel.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\igfxsrvc.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\WINDOWS\explorer.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\Documents and Settings\Els - Rob\Mijn documenten\system updates\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
                  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                  O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                  O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
                  O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
                  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
                  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
                  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


                  ComboFix 08-01-06.1 - Els - Rob 2008-01-05 18:51:34.3 - NTFSx86
                  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\Els - Rob\Bureaublad\ComboFix.exe
                  * Nieuw herstelpunt werd aangemaakt
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
                  .

                  2008-01-05 18:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                  2008-01-01 20:50 . 2008-01-01 20:50 <DIR> d-------- C:\Program Files\CCleaner
                  2008-01-01 20:18 . 2008-01-01 20:18 <DIR> d-------- C:\Documents and Settings\Els - Rob\Contacts
                  2008-01-01 16:50 . 2008-01-01 17:48 <DIR> d-------- C:\Documents and Settings\Joost\Application Data\AVG7
                  2007-12-31 20:22 . 2008-01-04 18:32 <DIR> d-------- C:\Documents and Settings\AWC JC\Application Data\AVG7
                  2007-12-30 23:12 . 2007-12-30 23:12 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Lavasoft
                  2007-12-30 22:58 . 2007-12-30 22:58 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AdobeUM
                  2007-12-30 22:28 . 2008-01-04 17:41 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\AVG7
                  2007-12-30 20:14 . 2008-01-05 11:09 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AVG7
                  2007-12-30 20:09 . 2007-12-30 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                  2007-12-30 20:08 . 2007-12-30 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                  2007-12-30 20:08 . 2007-12-30 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
                  2007-12-30 19:36 . 2007-12-30 19:36 <DIR> d---s---- C:\Documents and Settings\Els - Rob\UserData
                  2007-12-30 19:27 . 2007-12-30 19:27 <DIR> d-------- C:\WINDOWS\McAfee.com
                  2007-12-30 19:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                  2007-12-30 19:13 . 2007-12-30 19:15 <DIR> d-------- C:\Program Files\Java
                  2007-12-30 19:12 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\Common Files\Java
                  2007-12-30 19:04 . 2007-12-30 19:04 <DIR> d-------- C:\Documents and Settings\Els - Rob\DoctorWeb
                  2007-12-30 15:25 . 2007-12-30 15:25 <DIR> d-------- C:\Temp\NT On access error
                  2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Sjablonen
                  2007-12-30 15:24 . 2008-01-05 18:37 <DIR> dr-h----- C:\Documents and Settings\Els - Rob\Onlangs geopend
                  2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Netwerkprinteromgeving
                  2007-12-30 15:24 . 2008-01-05 12:34 <DIR> dr------- C:\Documents and Settings\Els - Rob\Mijn documenten
                  2007-12-30 15:24 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els - Rob\Menu Start
                  2007-12-30 15:24 . 2008-01-04 19:32 <DIR> dr------- C:\Documents and Settings\Els - Rob\Favorieten
                  2007-12-30 15:24 . 2008-01-05 18:49 <DIR> d-------- C:\Documents and Settings\Els - Rob\Bureaublad
                  2007-12-30 15:24 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Symantec
                  2007-12-30 15:24 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Jasc Software Inc
                  2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Sjablonen
                  2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr-h----- C:\Documents and Settings\Els-Rob\Onlangs geopend
                  2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Netwerkprinteromgeving
                  2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Mijn documenten
                  2007-12-30 15:20 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob\Menu Start
                  2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Favorieten
                  2007-12-30 15:20 . 2007-12-30 20:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Bureaublad
                  2007-12-30 15:20 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Symantec
                  2007-12-30 15:20 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Jasc Software Inc
                  2007-12-30 14:27 . 2007-12-30 14:28 <DIR> d-------- C:\RVAXO
                  2007-12-30 14:25 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
                  2007-12-30 14:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
                  2007-12-30 14:23 . 2007-12-30 14:23 <DIR> d-------- C:\Program Files\SpeedFan
                  2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Sjablonen
                  2007-12-29 10:38 . 2007-12-30 15:01 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old3\Onlangs geopend
                  2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Netwerkprinteromgeving
                  2007-12-29 10:38 . 2007-12-30 14:15 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Mijn documenten
                  2007-12-29 10:38 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Menu Start
                  2007-12-29 10:38 . 2007-12-29 18:49 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Favorieten
                  2007-12-29 10:38 . 2007-12-30 14:25 <DIR> d-------- C:\Documents and Settings\Els-Rob old3\Bureaublad
                  2007-12-29 09:38 . 2007-12-29 09:38 <DIR> d-------- C:\Temp\backup
                  2007-12-28 18:24 . 2007-12-28 18:24 <DIR> d---s---- C:\Documents and Settings\Els-Rob old2\UserData
                  2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Sjablonen
                  2007-12-28 18:03 . 2007-12-28 20:05 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old2\Onlangs geopend
                  2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Netwerkprinteromgeving
                  2007-12-28 18:03 . 2007-12-29 10:56 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Mijn documenten
                  2007-12-28 18:03 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Menu Start
                  2007-12-28 18:03 . 2007-12-28 20:09 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Favorieten
                  2007-12-28 18:03 . 2007-12-28 20:23 <DIR> d-------- C:\Documents and Settings\Els-Rob old2\Bureaublad
                  2007-12-28 11:40 . 2007-12-28 11:41 <DIR> d-------- C:\Temp\mail-bck
                  2007-12-24 18:45 . 2008-01-04 18:43 <DIR> dr-h----- C:\Documents and Settings\AWC JC\Onlangs geopend
                  2007-12-24 16:52 . 2007-12-24 16:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Apple Computer
                  2007-12-24 16:52 . 2007-12-24 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                  2007-12-24 16:52 . 2007-12-24 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
                  2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Program Files\ZoneAlarmSB
                  2007-12-14 16:52 . 2007-01-28 10:16 143,253 --a------ C:\WINDOWS\hpdj3840.hi2
                  2007-12-14 16:52 . 2007-01-28 10:16 10,755 --a------ C:\WINDOWS\hpdj3840.bu2

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-06 17:55 15,628,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                  2008-01-04 23:01 152,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
                  2007-12-30 20:42 --------- d-----w C:\Program Files\Network Associates
                  2007-12-30 13:27 --------- d-----w C:\Program Files\Google
                  2007-12-30 09:14 32,407,741 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
                  2007-12-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2007-12-23 21:25 --------- d-----w C:\Program Files\Hitman Pro
                  2007-12-23 21:20 --------- d-----w C:\Program Files\DBX Backup
                  2007-12-23 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2007-12-14 15:53 --------- d-----w C:\Program Files\HP
                  2007-12-14 15:53 --------- d-----w C:\Program Files\Hewlett-Packard
                  2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
                  2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
                  2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
                  2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                  2007-11-01 15:25 36,864 ----a-w C:\WINDOWS\system32\EGameEncrypt.dll
                  2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                  2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                  2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                  2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
                  2007-10-25 09:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
                  2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
                  2007-10-25 09:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
                  2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
                  2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
                  2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
                  2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
                  2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
                  2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
                  2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
                  2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
                  2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
                  2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
                  2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
                  2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
                  2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
                  2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
                  2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
                  2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
                  2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
                  2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
                  "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
                  "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
                  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 13:17 180269]
                  "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
                  "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-04-06 13:26 37888]
                  "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]
                  "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
                  "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
                  "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
                  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
                  "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 21:28 49152]
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
                  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
                  "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 01:17 172032]
                  "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 09:24 579072]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
                  "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
                  "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
                  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 20:09 219136]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
                  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54]
                  ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2006-01-08 12:32:45]


                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2007-12-31 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                  "2008-01-05 10:09:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                  - C:\Program Files\Windows Defender\MpCmdRun.exe
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-06 18:55:49
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  --------------------- DLLs Loaded Under Running Processes ---------------------

                  PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
                  -> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
                  .
                  Voltooingstijd: 2008-01-06 18:56:37
                  ComboFix-quarantined-files.txt 2008-01-06 17:56:32
                  ComboFix2.txt 2007-10-19 17:48:35
                  ComboFix3.txt 2007-05-05 16:39:52
                  .
                  2007-12-28 11:32:04 --- E O F ---
                    • Citaat

                    Comment

                    • #6
                      Hallo Juisterr,

                      Bedankt voor je reactie. De eerdere Hijack-log heb ik gemaakt onder het account Els-Rob, waarvan ook de mail-box 'leeggemaakt' is.

                      Ik ben in de tussentijd zelf bezig geweest om van het probleem af te komen.

                      1.
                      Een nieuw profiel gemaakt (onder een ander account de oude directory-structuur renamen, en dan opnieuw inloggen). Dit hielp niet.

                      2.
                      Conbofix heb ik ook al een keer gedraaid. Ook geen verbetering.

                      3.
                      Op internet las ik dat combinatie ZoneAlarm en McAfee soms problemen geeft. McAfee heb ik daarom verwijderd en ik heb AVG 'draaien'. Sindsdien (30-dec) is probleem niet meer opgetreden. Wat betreft de mail, ik overweeg naar Thunderbird over te stappen.

                      Ik weet dus niet of ik de oorzaak heb te pakken, maar het ziet er wel hoopvol uit.

                      Alvast een vraagje bij Hijack-log: kan ik de volgende regel verwijderen?
                      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
                      Volgens is dit nog een overblijfsel van Norton.

                      Alvast bedankt voor je reactie.
                      Rob

                      Hierbij de gevraagde logjes:

                      Logfile of HijackThis v1.99.1
                      Scan saved at 19:49:06, on 6-1-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Windows Defender\MsMpEng.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Analog Devices\Core\smax4pnp.exe
                      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                      C:\WINDOWS\system32\dla\tfswctrl.exe
                      C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
                      C:\WINDOWS\system32\hkcmd.exe
                      C:\WINDOWS\system32\igfxpers.exe
                      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\ScanPanel\ScnPanel.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\igfxsrvc.exe
                      C:\Program Files\Windows Defender\MSASCui.exe
                      C:\WINDOWS\explorer.exe
                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                      C:\Documents and Settings\Els - Rob\Mijn documenten\system updates\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
                      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                      O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
                      O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
                      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                      O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
                      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
                      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


                      ComboFix 08-01-06.1 - Els - Rob 2008-01-05 18:51:34.3 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Els - Rob\Bureaublad\ComboFix.exe
                      * Nieuw herstelpunt werd aangemaakt
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
                      .

                      2008-01-05 18:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                      2008-01-01 20:50 . 2008-01-01 20:50 <DIR> d-------- C:\Program Files\CCleaner
                      2008-01-01 20:18 . 2008-01-01 20:18 <DIR> d-------- C:\Documents and Settings\Els - Rob\Contacts
                      2008-01-01 16:50 . 2008-01-01 17:48 <DIR> d-------- C:\Documents and Settings\Joost\Application Data\AVG7
                      2007-12-31 20:22 . 2008-01-04 18:32 <DIR> d-------- C:\Documents and Settings\AWC JC\Application Data\AVG7
                      2007-12-30 23:12 . 2007-12-30 23:12 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Lavasoft
                      2007-12-30 22:58 . 2007-12-30 22:58 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AdobeUM
                      2007-12-30 22:28 . 2008-01-04 17:41 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\AVG7
                      2007-12-30 20:14 . 2008-01-05 11:09 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\AVG7
                      2007-12-30 20:09 . 2007-12-30 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                      2007-12-30 20:08 . 2007-12-30 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2007-12-30 20:08 . 2007-12-30 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
                      2007-12-30 19:36 . 2007-12-30 19:36 <DIR> d---s---- C:\Documents and Settings\Els - Rob\UserData
                      2007-12-30 19:27 . 2007-12-30 19:27 <DIR> d-------- C:\WINDOWS\McAfee.com
                      2007-12-30 19:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                      2007-12-30 19:13 . 2007-12-30 19:15 <DIR> d-------- C:\Program Files\Java
                      2007-12-30 19:12 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\Common Files\Java
                      2007-12-30 19:04 . 2007-12-30 19:04 <DIR> d-------- C:\Documents and Settings\Els - Rob\DoctorWeb
                      2007-12-30 15:25 . 2007-12-30 15:25 <DIR> d-------- C:\Temp\NT On access error
                      2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Sjablonen
                      2007-12-30 15:24 . 2008-01-05 18:37 <DIR> dr-h----- C:\Documents and Settings\Els - Rob\Onlangs geopend
                      2007-12-30 15:24 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els - Rob\Netwerkprinteromgeving
                      2007-12-30 15:24 . 2008-01-05 12:34 <DIR> dr------- C:\Documents and Settings\Els - Rob\Mijn documenten
                      2007-12-30 15:24 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els - Rob\Menu Start
                      2007-12-30 15:24 . 2008-01-04 19:32 <DIR> dr------- C:\Documents and Settings\Els - Rob\Favorieten
                      2007-12-30 15:24 . 2008-01-05 18:49 <DIR> d-------- C:\Documents and Settings\Els - Rob\Bureaublad
                      2007-12-30 15:24 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Symantec
                      2007-12-30 15:24 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els - Rob\Application Data\Jasc Software Inc
                      2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Sjablonen
                      2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr-h----- C:\Documents and Settings\Els-Rob\Onlangs geopend
                      2007-12-30 15:20 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob\Netwerkprinteromgeving
                      2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Mijn documenten
                      2007-12-30 15:20 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob\Menu Start
                      2007-12-30 15:20 . 2007-12-30 15:21 <DIR> dr------- C:\Documents and Settings\Els-Rob\Favorieten
                      2007-12-30 15:20 . 2007-12-30 20:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Bureaublad
                      2007-12-30 15:20 . 2005-09-21 23:03 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Symantec
                      2007-12-30 15:20 . 2005-09-21 23:02 <DIR> d-------- C:\Documents and Settings\Els-Rob\Application Data\Jasc Software Inc
                      2007-12-30 14:27 . 2007-12-30 14:28 <DIR> d-------- C:\RVAXO
                      2007-12-30 14:25 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
                      2007-12-30 14:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
                      2007-12-30 14:23 . 2007-12-30 14:23 <DIR> d-------- C:\Program Files\SpeedFan
                      2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Sjablonen
                      2007-12-29 10:38 . 2007-12-30 15:01 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old3\Onlangs geopend
                      2007-12-29 10:38 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old3\Netwerkprinteromgeving
                      2007-12-29 10:38 . 2007-12-30 14:15 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Mijn documenten
                      2007-12-29 10:38 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Menu Start
                      2007-12-29 10:38 . 2007-12-29 18:49 <DIR> dr------- C:\Documents and Settings\Els-Rob old3\Favorieten
                      2007-12-29 10:38 . 2007-12-30 14:25 <DIR> d-------- C:\Documents and Settings\Els-Rob old3\Bureaublad
                      2007-12-29 09:38 . 2007-12-29 09:38 <DIR> d-------- C:\Temp\backup
                      2007-12-28 18:24 . 2007-12-28 18:24 <DIR> d---s---- C:\Documents and Settings\Els-Rob old2\UserData
                      2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Sjablonen
                      2007-12-28 18:03 . 2007-12-28 20:05 <DIR> dr-h----- C:\Documents and Settings\Els-Rob old2\Onlangs geopend
                      2007-12-28 18:03 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Els-Rob old2\Netwerkprinteromgeving
                      2007-12-28 18:03 . 2007-12-29 10:56 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Mijn documenten
                      2007-12-28 18:03 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Menu Start
                      2007-12-28 18:03 . 2007-12-28 20:09 <DIR> dr------- C:\Documents and Settings\Els-Rob old2\Favorieten
                      2007-12-28 18:03 . 2007-12-28 20:23 <DIR> d-------- C:\Documents and Settings\Els-Rob old2\Bureaublad
                      2007-12-28 11:40 . 2007-12-28 11:41 <DIR> d-------- C:\Temp\mail-bck
                      2007-12-24 18:45 . 2008-01-04 18:43 <DIR> dr-h----- C:\Documents and Settings\AWC JC\Onlangs geopend
                      2007-12-24 16:52 . 2007-12-24 16:52 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Apple Computer
                      2007-12-24 16:52 . 2007-12-24 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                      2007-12-24 16:52 . 2007-12-24 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
                      2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Program Files\ZoneAlarmSB
                      2007-12-14 16:52 . 2007-01-28 10:16 143,253 --a------ C:\WINDOWS\hpdj3840.hi2
                      2007-12-14 16:52 . 2007-01-28 10:16 10,755 --a------ C:\WINDOWS\hpdj3840.bu2

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-06 17:55 15,628,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                      2008-01-04 23:01 152,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
                      2007-12-30 20:42 --------- d-----w C:\Program Files\Network Associates
                      2007-12-30 13:27 --------- d-----w C:\Program Files\Google
                      2007-12-30 09:14 32,407,741 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
                      2007-12-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2007-12-23 21:25 --------- d-----w C:\Program Files\Hitman Pro
                      2007-12-23 21:20 --------- d-----w C:\Program Files\DBX Backup
                      2007-12-23 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2007-12-14 15:53 --------- d-----w C:\Program Files\HP
                      2007-12-14 15:53 --------- d-----w C:\Program Files\Hewlett-Packard
                      2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
                      2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
                      2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
                      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                      2007-11-01 15:25 36,864 ----a-w C:\WINDOWS\system32\EGameEncrypt.dll
                      2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                      2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll
                      2007-10-25 09:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
                      2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-10-25 09:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
                      2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
                      2007-10-11 06:14 662,528 ------w C:\WINDOWS\system32\dllcache\wininet.dll
                      2007-10-11 06:14 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
                      2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
                      2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
                      2007-10-11 06:14 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
                      2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
                      2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
                      2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
                      2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
                      2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
                      2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
                      2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
                      2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
                      2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
                      2007-10-11 06:14 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
                      2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
                      2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
                      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
                      "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
                      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 13:17 180269]
                      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
                      "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-04-06 13:26 37888]
                      "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]
                      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
                      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
                      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
                      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
                      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 21:28 49152]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
                      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
                      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 01:17 172032]
                      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 09:24 579072]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
                      "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 12:33 23040]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
                      "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 20:09 219136]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
                      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54]
                      ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2006-01-08 12:32:45]


                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-12-31 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      "2008-01-05 10:09:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                      - C:\Program Files\Windows Defender\MpCmdRun.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-06 18:55:49
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      --------------------- DLLs Loaded Under Running Processes ---------------------

                      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
                      -> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
                      .
                      Voltooingstijd: 2008-01-06 18:56:37
                      ComboFix-quarantined-files.txt 2008-01-06 17:56:32
                      ComboFix2.txt 2007-10-19 17:48:35
                      ComboFix3.txt 2007-05-05 16:39:52
                      .
                      2007-12-28 11:32:04 --- E O F ---
                        • Citaat

                        Comment

                        • #7
                          Schakel volgende achtergebleven Symantec service uit
                          Restjes van Symante, maar die kunnen conflicteren met je avg

                          * Ga naar start > uitvoeren > typ services.msc en enter

                          * Ga in de lijst van services die opent, op zoek naar volgende service:
                          planner voor automatische liveupdate

                          * Doe er rechtermuisklik op > kies "eigenschappen"

                          * In het venstertje dat opent, klik (indien aanklikbaar) op "stoppen", en bij "opstarttype", selecteer "uitgeschakeld".

                          * Klik dan onderaan op knopje Toepassen/ok

                          * en die hetzelfde voor deze :
                          symantec core lc

                          * toepassen/ok

                          nog bedankt voor je antwoord.

                          Windows 10 opstarten in Veilige Modus
                            • Citaat

                            Comment

                            • #8
                              Hallo Juisterr,

                              Bedankt voor je reactie.

                              De laatste 'vuiltjes' zijn verwijderd. Van mij mag je deze discussie / vraag afsluiten.

                              Groeten,
                              Rob
                                • Citaat

                                Comment

                                Vorige template Volgende
                                Sorry, you are not authorized to view this page
                                Working...
                                X
                                😀
                                🥰
                                🤢
                                😎
                                😡
                                👍
                                👎