Mijn HP-printer PSC 1417 heeft problemen. Niet alleen dat ik er niet mee kan scannen, maar bij opstarten van PC komen er popups. Dit heb ik wel vaker gehad. In Msconfig kan ik niets vinden dat hier op duidt. Het advies is een HJT te plaatsen:
Logfile of HijackThis v1.99.1
Scan saved at 10:25:05, on 14-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Verjaardagen] C:\Program Files\Verjaardagen\Verjaardagen.exe auto
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: RegVac.lnk = C:\Program Files\RegVac\regvac.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159339342187
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: ,ˆ‹
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Zo zie ik zelf o.a. dat er nog steeds Symantec software op zit. Wellicht nog meer dat er niet thuis hoort?

voor je symantec te verwijderen.

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument

en even dieper graven.
Download [b:f08b1565bd]Combofix[/b:f08b1565bd] naar je Bureaublad.[list:f08b1565bd]
Dubbelklik [b:f08b1565bd]Combofix.exe[/b:f08b1565bd]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:f08b1565bd]NIET[/b:f08b1565bd] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f08b1565bd]
Wanneer de fix voltooid is en na herstart, zal de log [b:f08b1565bd]combofix.txt[/b:f08b1565bd] openen.
[i:f08b1565bd]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:f08b1565bd]

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.


Juisterr

Deze adviezen van Juisterr had ik al eens eerder zien langs komen.Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:03, on 15-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Verjaardagen] C:\Program Files\Verjaardagen\Verjaardagen.exe auto
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159339342187
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: ,ˆ‹
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

en Combofix:
Frans - 06-11-15 9:33:59,90 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Frans\Bureaublad"

((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


2006-11-12 14:07 995,328 –a—— C:\WINDOWS\beeldv32.exe
2006-11-10 15:02 545 –a—— C:\WINDOWS\UC.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\RAR.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\PKZIP.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\PKUNZIP.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\NOCLOSE.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\LHA.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\ARJ.PIF
2006-10-17 13:33 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 180,736 ——— C:\WINDOWS\system32\ieui.dll
2006-10-17 13:05 206,336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:01 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:58 61,952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 ——— C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 09:30 ——– d——– C:\Program Files\Mozilla Firefox
2006-11-15 09:23 ——– d——– C:\Documents and Settings\Frans\Application Data\MailWasherPro
2006-11-15 09:18 ——– d——– C:\Program Files\Symantec Technical Support
2006-11-14 15:56 ——– d——– C:\Program Files\Common Files\ACD Systems
2006-11-14 15:54 ——– d——– C:\Program Files\Celestia
2006-11-13 21:23 ——– d——– C:\Program Files\Verjaardagen
2006-11-13 11:57 ——– d——– C:\Documents and Settings\Frans\Application Data\Image Zone Express
2006-11-13 11:56 589 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_UI.log
2006-11-13 11:56 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_PROTOCOL.log
2006-11-13 11:56 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_API.log
2006-11-13 10:56 ——– d——– C:\Program Files\Common Files\Sonic Shared
2006-11-13 10:56 ——– d——– C:\Program Files\Common Files
2006-11-13 10:55 ——– d——– C:\Program Files\Common Files\HP
2006-11-12 19:48 834 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_UI.log
2006-11-12 19:46 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_PROTOCOL.log
2006-11-12 19:46 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_API.log
2006-11-12 16:57 ——– d——– C:\Program Files\Hewlett-Packard
2006-11-10 14:49 ——– d——– C:\Program Files\Spyware Doctor
2006-11-10 14:46 ——– d——– C:\Program Files\OpenOffice.org 2.0
2006-11-10 11:15 ——– d——– C:\Program Files\Yahoo!
2006-11-09 18:41 ——– d—s—- C:\Documents and Settings\Frans\Application Data\Microsoft
2006-11-09 15:31 ——– d——– C:\Program Files\Hitman Pro
2006-11-09 14:52 ——– d——– C:\Program Files\ESET
2006-11-09 14:39 ——– d——– C:\Program Files\SpywareBlaster
2006-11-08 19:51 ——– d——– C:\Documents and Settings\Frans\Application Data\OpenOffice.org2
2006-11-08 11:28 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Works
2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Office
2006-11-08 11:26 ——– d——– C:\Program Files\Common Files\DESIGNER
2006-11-08 11:25 ——– d——– C:\Program Files\Common Files\System
2006-11-08 09:40 ——– d——– C:\Program Files\Java
2006-11-07 09:14 ——– d——– C:\Program Files\UltraVNC
2006-11-06 21:49 79232 –a—— C:\Documents and Settings\Frans\Application Data\GDIPFONTCACHEV1.DAT
2006-11-03 08:57 ——– d——– C:\Program Files\WinZip
2006-11-03 08:57 ——– d——– C:\Program Files\PhotoDeluxe 2.0
2006-11-01 14:56 ——– d——– C:\Program Files\Internet Explorer
2006-10-22 09:47 ——– d——– C:\Program Files\Foxit Software
2006-10-17 13:33 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:00 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-10-17 12:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:23 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-10-15 19:53 ——– d——– C:\Program Files\A1Click Ultra PC Cleaner
2006-10-15 19:35 ——– d——– C:\Program Files\RegVac
2006-10-15 17:15 ——– d——– C:\Documents and Settings\Frans\Application Data\VUPlayer
2006-10-15 12:23 ——– d——– C:\Program Files\KeyPass
2006-10-15 12:03 ——– d——– C:\Documents and Settings\Frans\Application Data\WinPatrol
2006-10-15 12:02 ——– d——– C:\Program Files\BillP Studios
2006-10-15 11:57 ——– d——– C:\Program Files\FreshDevices
2006-10-09 12:57 ——– d——– C:\Program Files\Easy Rolodex 2.1
2006-10-09 10:34 ——– d——– C:\Program Files\Easy Rolodex 3.0
2006-10-09 10:10 ——– d——– C:\Program Files\Zabaware
2006-10-07 15:13 ——– d——– C:\Program Files\GalleryPlayer
2006-10-07 15:13 ——– d——– C:\Program Files\Gadwin Systems
2006-10-07 13:42 ——– d——– C:\Program Files\Motherboard Monitor 5
2006-10-07 09:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-07 09:18 ——– d——– C:\Program Files\ToniArts
2006-10-06 11:45 ——– d——– C:\Program Files\WashAndGo
2006-10-06 10:14 ——– d——– C:\Program Files\Karen's Power Tools
2006-10-03 18:39 ——– d——– C:\Program Files\Colorfolder
2006-10-02 16:12 98096 –a—— C:\Documents and Settings\Frans\Application Data\Update_HP_RedboxHprblog_HPSU.log
2006-10-02 16:05 ——– d——– C:\Program Files\HP
2006-09-30 12:32 ——– d——– C:\Program Files\Winamp
2006-09-26 09:23 ——– d——– C:\Program Files\ewido anti-spyware 4.0
2006-09-25 12:28 ——– d——– C:\Program Files\SpeedFan
2006-09-25 12:28 ——– d——– C:\Program Files\SereneScreen
2006-09-25 12:26 ——– d——– C:\Documents and Settings\Frans\Application Data\SiteAdvisor
2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
2006-09-06 17:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
2006-08-15 09:50 352256 –a—— C:\WINDOWS\system32\IJL151.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MailWasher"="C:\\PROGRA~1\\MAILWA~2\\MAILWA~1.EXE"
"Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"Verjaardagen"="C:\\Program Files\\Verjaardagen\\Verjaardagen.exe auto"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
"backup"="C:\\WINDOWS\\pss\\Snelstart HP Image Zone.lnkCommon Startup"
"location"="Common Startup"
"item"="Snelstart HP Image Zone"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Wireless Client Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\Wireless Client Manager.lnkCommon Startup"
"location"="Common Startup"
"item"="Wireless Client Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Frans^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Frans\\Menu Start\\Programma's\\Opstarten\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CopernicDesktopSearch"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuria]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuria"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nuria\\Nuria.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verjaardagen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrintScreen"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WashAndGo - Cleanup of old Backupfiles]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="checker"
"hkey"="HKCU"
"command"="C:\\Program Files\\WashAndgo\\checker.exe /check"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinVNC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EventSystem"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-15 9:35:12.18
C:\ComboFix.txt … 06-11-15 09:35
C:\ComboFix2.txt … 06-08-15 16:31
(einde)
De exe van Symantec (via IE) van 4,6 Mb deed niks, althans niet dat ik zag.De Combofix pas na intikken Y en Enter.In HJT is Symantec nog te vinden, alleen heb ik daar waarschijnlijk geen last van. Wèl van de Hp mal-functies! Alvast dank voor de inspectie.

volgens mij zit je met een worm.

Doe onderstaande tool eerst, start dan opnieuw op en doe dan nogmaals de combofix.
plaats beide logjes.

Download en installeer [b:34ca49eaf3]AVG Anti-Spyware[/b:34ca49eaf3].[list:34ca49eaf3]
Na de installatie, open AVG Anti-Spyware:
* onder "[b:34ca49eaf3]Status[/b:34ca49eaf3]", klik op [b:34ca49eaf3]Change state[/b:34ca49eaf3] naast "Resident shield". (wijzig van active naar [b:34ca49eaf3]inactive[/b:34ca49eaf3]!)
* onder "[b:34ca49eaf3]Update[/b:34ca49eaf3]", klik op de [b:34ca49eaf3]Start update[/b:34ca49eaf3] knop.
* onder "[b:34ca49eaf3]Scanner[/b:34ca49eaf3]", tab "Settings":[list:34ca49eaf3]- onder "How to act?", klik op "[u:34ca49eaf3]Recommended actions[/u:34ca49eaf3]" en selecteer [b:34ca49eaf3]Quarantine[/b:34ca49eaf3]. ([b:34ca49eaf3]ZEER BELANGRIJK![/b:34ca49eaf3])
* onder "Reports", selecteer [b:34ca49eaf3]Automatically generate report after every scan[/b:34ca49eaf3] en [u:34ca49eaf3]verwijder[/u:34ca49eaf3] het vinkje bij [b:34ca49eaf3]Only if threats were found[/b:34ca49eaf3][/list:u:34ca49eaf3]
Sluit AVG Anti-Spyware. Laat het [b:34ca49eaf3]nog niet[/b:34ca49eaf3] scannen.[/list:u:34ca49eaf3]

Start op in veilige modus

Start [b:34ca49eaf3]AVG Anti-Spyware[/b:34ca49eaf3].[list:34ca49eaf3]* Klik op [b:34ca49eaf3]Scan[/b:34ca49eaf3] en kies [b:34ca49eaf3]Complete System Scan[/b:34ca49eaf3].
Na de scan; volg onderstaande instructies :

mogelijk is niet alles naar wens verlopen: na ongeveer 400.000 ietems gescand te hebben kon ik na Äpply all Actions"niet meer zorgen dat Set all elements op Quarantaine stond. Hierbij een rapport:
VG Anti-Spyware - Scan Report
———————————————————

+ Created at: 20:32:12 15-11-2006

+ Scan result:



:mozilla.95:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.238:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.239:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.235:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.45:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.94:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.197:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.210:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.66:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.67:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.68:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.69:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.10:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.11:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.12:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.13:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.14:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.7:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.8:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.9:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Frans\Cookies\frans@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.202:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.104:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.228:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.196:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.198:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.124:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.125:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.


::Report end

Ik heb dus twee maal gescand: de eerste keer een stuk of 20 dingen, die nu ongezien gedeleted zijn, de tweede keer een onestat cookie.
Ik hoop dat dit een aanwijzing kan geven?

En had je ook als gevraagd nogmaals de combofix gedaan???

zo nee doe die dan nogmaals en plaats het logje aub.

Juisterr

hier:
Frans - 06-11-16 11:56:01,53 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\Combofix & Hijackthis"

((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


2006-11-15 18:57 3,968 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-12 14:07 995,328 –a—— C:\WINDOWS\beeldv32.exe
2006-11-10 15:02 545 –a—— C:\WINDOWS\UC.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\RAR.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\PKZIP.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\PKUNZIP.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\NOCLOSE.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\LHA.PIF
2006-11-10 15:02 545 –a—— C:\WINDOWS\ARJ.PIF
2006-10-17 13:33 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 180,736 ——— C:\WINDOWS\system32\ieui.dll
2006-10-17 13:05 206,336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:01 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:58 61,952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 ——— C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-16 11:54 ——– d——– C:\Program Files\Mozilla Firefox
2006-11-16 11:33 ——– d——– C:\Documents and Settings\Frans\Application Data\MailWasherPro
2006-11-16 09:28 ——– d——– C:\Documents and Settings\Frans\Application Data\Image Zone Express
2006-11-15 18:57 ——– d——– C:\Program Files\Grisoft
2006-11-15 11:07 ——– d——– C:\Documents and Settings\Frans\Application Data\FastStone
2006-11-15 09:59 ——– d——– C:\Program Files\HP
2006-11-14 15:56 ——– d——– C:\Program Files\Common Files\ACD Systems
2006-11-13 21:23 ——– d——– C:\Program Files\Verjaardagen
2006-11-13 11:56 589 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_UI.log
2006-11-13 11:56 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_PROTOCOL.log
2006-11-13 11:56 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_API.log
2006-11-13 10:56 ——– d——– C:\Program Files\Common Files\Sonic Shared
2006-11-13 10:56 ——– d——– C:\Program Files\Common Files
2006-11-13 10:55 ——– d——– C:\Program Files\Common Files\HP
2006-11-12 19:48 834 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_UI.log
2006-11-12 19:46 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_PROTOCOL.log
2006-11-12 19:46 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_API.log
2006-11-12 16:57 ——– d——– C:\Program Files\Hewlett-Packard
2006-11-10 11:15 ——– d——– C:\Program Files\Yahoo!
2006-11-09 18:41 ——– d—s—- C:\Documents and Settings\Frans\Application Data\Microsoft
2006-11-09 15:31 ——– d——– C:\Program Files\Hitman Pro
2006-11-09 14:52 ——– d——– C:\Program Files\ESET
2006-11-09 14:39 ——– d——– C:\Program Files\SpywareBlaster
2006-11-08 19:51 ——– d——– C:\Documents and Settings\Frans\Application Data\OpenOffice.org2
2006-11-08 11:28 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Works
2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Office
2006-11-08 11:26 ——– d——– C:\Program Files\Common Files\DESIGNER
2006-11-08 11:25 ——– d——– C:\Program Files\Common Files\System
2006-11-08 09:40 ——– d——– C:\Program Files\Java
2006-11-07 09:14 ——– d——– C:\Program Files\UltraVNC
2006-11-06 21:49 79232 –a—— C:\Documents and Settings\Frans\Application Data\GDIPFONTCACHEV1.DAT
2006-11-03 08:57 ——– d——– C:\Program Files\WinZip
2006-11-03 08:57 ——– d——– C:\Program Files\PhotoDeluxe 2.0
2006-11-01 14:56 ——– d——– C:\Program Files\Internet Explorer
2006-10-22 09:47 ——– d——– C:\Program Files\Foxit Software
2006-10-17 13:33 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:00 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-10-17 12:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:23 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-10-15 19:53 ——– d——– C:\Program Files\A1Click Ultra PC Cleaner
2006-10-15 19:35 ——– d——– C:\Program Files\RegVac
2006-10-15 17:15 ——– d——– C:\Documents and Settings\Frans\Application Data\VUPlayer
2006-10-15 12:03 ——– d——– C:\Documents and Settings\Frans\Application Data\WinPatrol
2006-10-15 12:02 ——– d——– C:\Program Files\BillP Studios
2006-10-09 12:57 ——– d——– C:\Program Files\Easy Rolodex 2.1
2006-10-09 10:34 ——– d——– C:\Program Files\Easy Rolodex 3.0
2006-10-09 10:10 ——– d——– C:\Program Files\Zabaware
2006-10-07 15:13 ——– d——– C:\Program Files\Gadwin Systems
2006-10-07 13:42 ——– d——– C:\Program Files\Motherboard Monitor 5
2006-10-07 09:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-06 11:45 ——– d——– C:\Program Files\WashAndGo
2006-10-03 18:39 ——– d——– C:\Program Files\Colorfolder
2006-10-02 16:12 98096 –a—— C:\Documents and Settings\Frans\Application Data\Update_HP_RedboxHprblog_HPSU.log
2006-09-30 12:32 ——– d——– C:\Program Files\Winamp
2006-09-25 12:26 ——– d——– C:\Documents and Settings\Frans\Application Data\SiteAdvisor
2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
2006-09-06 17:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MailWasher"="C:\\PROGRA~1\\MAILWA~2\\MAILWA~1.EXE"
"Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"Verjaardagen"="C:\\Program Files\\Verjaardagen\\Verjaardagen.exe auto"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
"backup"="C:\\WINDOWS\\pss\\Snelstart HP Image Zone.lnkCommon Startup"
"location"="Common Startup"
"item"="Snelstart HP Image Zone"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Wireless Client Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\Wireless Client Manager.lnkCommon Startup"
"location"="Common Startup"
"item"="Wireless Client Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Frans^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Frans\\Menu Start\\Programma's\\Opstarten\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CopernicDesktopSearch"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuria]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuria"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nuria\\Nuria.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verjaardagen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrintScreen"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WashAndGo - Cleanup of old Backupfiles]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="checker"
"hkey"="HKCU"
"command"="C:\\Program Files\\WashAndgo\\checker.exe /check"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinVNC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EventSystem"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-16 11:57:11.07
C:\ComboFix.txt … 06-11-16 11:57
C:\ComboFix2.txt … 06-11-15 09:35
C:\ComboFix3.txt … 06-08-15 16:31

al met al lijkt het hierboven een lang verhaal; ik vroeg me af of iemand nog een suggestie heeft: popups die redelijkerwijs met HP-software te maken hebben?

Popups door HP? misschien vragen om updates?

Kan je eens zo'n popups in een printscreen plaatsen?

het goede nieuws is dat ik sinds gisteren alle popups kwijt ben, ook die van een verzoek om een testpagina van de printer HP PSC1417 te maken. Het heeft wel te maken met de "image-zone"(zonder n) van HP. Ergens kwam ik bij MS een middeltje tegen om in uitvoeren>msconfig>algemeen wat vinkjes weg te halen, en later weer terug te plaatsen.Een wat angstige actie, maar het hielp. Eén van de popups waar ik last van had was: "fatal execution Engine Error (0x7927baca) met het bekende rode gevaarskruis. Dit verscheen ook bij de scan-procedure, hoewel die wel bleek te lukken. Ik moet trouwens nog leren hoé je een klein plaatje in een tekst als hier inlast. Maar in ieder geval heel veel dank voor alle tijd en aandacht.

inmiddels bijgeschoold via een ander forum
[img:c94b84e601]http://img224.imageshack.us/img224/1350/nr003vd4.th.jpg[/img:c94b84e601]

probeer je HP een opnieuw te installeren. Die is volgens mij niet helemaal goed geinstalleerd.

Dat had ik al een half dozijn keren gedaan, dat was ook het advies van de HP-leverancier (Medion): installeren zònder aangesloten printer, en pas later aansluiten na herstart, enz.enz.Hielp allemaal niks.Maar nogmaals: de pop-ups zijn nu weg.Volgende printer een ander merk.