Vraag & Antwoord

Beveiliging & privacy

Popups door HP-software?

Anoniem
juisterr
13 antwoorden
  • Mijn HP-printer PSC 1417 heeft problemen. Niet alleen dat ik er niet mee kan scannen, maar bij opstarten van PC komen er popups. Dit heb ik wel vaker gehad. In Msconfig kan ik niets vinden dat hier op duidt. Het advies is een HJT te plaatsen:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:25:05, on 14-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [Verjaardagen] C:\Program Files\Verjaardagen\Verjaardagen.exe auto
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: RegVac.lnk = C:\Program Files\RegVac\regvac.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159339342187
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O20 - AppInit_DLLs: ,ˆ‹
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

    Zo zie ik zelf o.a. dat er nog steeds Symantec software op zit. Wellicht nog meer dat er niet thuis hoort?
    Anoniem
    Anoniem
  • voor je symantec te verwijderen.

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument

    en even dieper graven.
    Download [b:f08b1565bd]Combofix[/b:f08b1565bd] naar je Bureaublad.[list:f08b1565bd]
    Dubbelklik [b:f08b1565bd]Combofix.exe[/b:f08b1565bd]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:f08b1565bd]NIET[/b:f08b1565bd] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f08b1565bd]
    Wanneer de fix voltooid is en na herstart, zal de log [b:f08b1565bd]combofix.txt[/b:f08b1565bd] openen.
    [i:f08b1565bd]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:f08b1565bd]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.


    Juisterr
    Anoniem
    Anoniem
  • Deze adviezen van Juisterr had ik al eens eerder zien langs komen.Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:25:03, on 15-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~2\MAILWA~1.EXE
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [Verjaardagen] C:\Program Files\Verjaardagen\Verjaardagen.exe auto
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159339342187
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O20 - AppInit_DLLs: ,ˆ‹
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

    en Combofix:
    Frans - 06-11-15 9:33:59,90 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Frans\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


    2006-11-12 14:07 995,328 –a—— C:\WINDOWS\beeldv32.exe
    2006-11-10 15:02 545 –a—— C:\WINDOWS\UC.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\RAR.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\PKZIP.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\PKUNZIP.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\NOCLOSE.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\LHA.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\ARJ.PIF
    2006-10-17 13:33 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-10-17 13:33 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-17 13:33 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-10-17 13:33 180,736 ——— C:\WINDOWS\system32\ieui.dll
    2006-10-17 13:05 206,336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 13:01 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-10-17 12:58 61,952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12,288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 266,752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:27 380,928 ——— C:\WINDOWS\system32\ieapfltr.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-15 09:30 ——– d——– C:\Program Files\Mozilla Firefox
    2006-11-15 09:23 ——– d——– C:\Documents and Settings\Frans\Application Data\MailWasherPro
    2006-11-15 09:18 ——– d——– C:\Program Files\Symantec Technical Support
    2006-11-14 15:56 ——– d——– C:\Program Files\Common Files\ACD Systems
    2006-11-14 15:54 ——– d——– C:\Program Files\Celestia
    2006-11-13 21:23 ——– d——– C:\Program Files\Verjaardagen
    2006-11-13 11:57 ——– d——– C:\Documents and Settings\Frans\Application Data\Image Zone Express
    2006-11-13 11:56 589 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_UI.log
    2006-11-13 11:56 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_PROTOCOL.log
    2006-11-13 11:56 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_API.log
    2006-11-13 10:56 ——– d——– C:\Program Files\Common Files\Sonic Shared
    2006-11-13 10:56 ——– d——– C:\Program Files\Common Files
    2006-11-13 10:55 ——– d——– C:\Program Files\Common Files\HP
    2006-11-12 19:48 834 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_UI.log
    2006-11-12 19:46 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_PROTOCOL.log
    2006-11-12 19:46 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_API.log
    2006-11-12 16:57 ——– d——– C:\Program Files\Hewlett-Packard
    2006-11-10 14:49 ——– d——– C:\Program Files\Spyware Doctor
    2006-11-10 14:46 ——– d——– C:\Program Files\OpenOffice.org 2.0
    2006-11-10 11:15 ——– d——– C:\Program Files\Yahoo!
    2006-11-09 18:41 ——– d—s—- C:\Documents and Settings\Frans\Application Data\Microsoft
    2006-11-09 15:31 ——– d——– C:\Program Files\Hitman Pro
    2006-11-09 14:52 ——– d——– C:\Program Files\ESET
    2006-11-09 14:39 ——– d——– C:\Program Files\SpywareBlaster
    2006-11-08 19:51 ——– d——– C:\Documents and Settings\Frans\Application Data\OpenOffice.org2
    2006-11-08 11:28 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Works
    2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Office
    2006-11-08 11:26 ——– d——– C:\Program Files\Common Files\DESIGNER
    2006-11-08 11:25 ——– d——– C:\Program Files\Common Files\System
    2006-11-08 09:40 ——– d——– C:\Program Files\Java
    2006-11-07 09:14 ——– d——– C:\Program Files\UltraVNC
    2006-11-06 21:49 79232 –a—— C:\Documents and Settings\Frans\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-03 08:57 ——– d——– C:\Program Files\WinZip
    2006-11-03 08:57 ——– d——– C:\Program Files\PhotoDeluxe 2.0
    2006-11-01 14:56 ——– d——– C:\Program Files\Internet Explorer
    2006-10-22 09:47 ——– d——– C:\Program Files\Foxit Software
    2006-10-17 13:33 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-10-17 13:33 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-10-17 13:33 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-10-17 13:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 13:01 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-10-17 13:01 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-10-17 13:01 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-10-17 13:01 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-10-17 13:01 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-10-17 13:00 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-10-17 13:00 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-10-17 13:00 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-10-17 12:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:23 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-10-15 19:53 ——– d——– C:\Program Files\A1Click Ultra PC Cleaner
    2006-10-15 19:35 ——– d——– C:\Program Files\RegVac
    2006-10-15 17:15 ——– d——– C:\Documents and Settings\Frans\Application Data\VUPlayer
    2006-10-15 12:23 ——– d——– C:\Program Files\KeyPass
    2006-10-15 12:03 ——– d——– C:\Documents and Settings\Frans\Application Data\WinPatrol
    2006-10-15 12:02 ——– d——– C:\Program Files\BillP Studios
    2006-10-15 11:57 ——– d——– C:\Program Files\FreshDevices
    2006-10-09 12:57 ——– d——– C:\Program Files\Easy Rolodex 2.1
    2006-10-09 10:34 ——– d——– C:\Program Files\Easy Rolodex 3.0
    2006-10-09 10:10 ——– d——– C:\Program Files\Zabaware
    2006-10-07 15:13 ——– d——– C:\Program Files\GalleryPlayer
    2006-10-07 15:13 ——– d——– C:\Program Files\Gadwin Systems
    2006-10-07 13:42 ——– d——– C:\Program Files\Motherboard Monitor 5
    2006-10-07 09:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-07 09:18 ——– d——– C:\Program Files\ToniArts
    2006-10-06 11:45 ——– d——– C:\Program Files\WashAndGo
    2006-10-06 10:14 ——– d——– C:\Program Files\Karen's Power Tools
    2006-10-03 18:39 ——– d——– C:\Program Files\Colorfolder
    2006-10-02 16:12 98096 –a—— C:\Documents and Settings\Frans\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2006-10-02 16:05 ——– d——– C:\Program Files\HP
    2006-09-30 12:32 ——– d——– C:\Program Files\Winamp
    2006-09-26 09:23 ——– d——– C:\Program Files\ewido anti-spyware 4.0
    2006-09-25 12:28 ——– d——– C:\Program Files\SpeedFan
    2006-09-25 12:28 ——– d——– C:\Program Files\SereneScreen
    2006-09-25 12:26 ——– d——– C:\Documents and Settings\Frans\Application Data\SiteAdvisor
    2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
    2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-09-06 17:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
    2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
    2006-08-15 09:50 352256 –a—— C:\WINDOWS\system32\IJL151.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MailWasher"="C:\\PROGRA~1\\MAILWA~2\\MAILWA~1.EXE"
    "Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
    "Verjaardagen"="C:\\Program Files\\Verjaardagen\\Verjaardagen.exe auto"
    "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
    "backup"="C:\\WINDOWS\\pss\\Snelstart HP Image Zone.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Snelstart HP Image Zone"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
    "item"="WinZip Quick Pick"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Wireless Client Manager.lnk]
    "backup"="C:\\WINDOWS\\pss\\Wireless Client Manager.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Wireless Client Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Frans^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0.lnk]
    "path"="C:\\Documents and Settings\\Frans\\Menu Start\\Programma's\\Opstarten\\OpenOffice.org 2.0.lnk"
    "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
    "item"="OpenOffice.org 2.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Mixer"
    "hkey"="HKLM"
    "command"="Mixer.exe /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mHotkey"
    "hkey"="HKLM"
    "command"="mHotkey.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CopernicDesktopSearch"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeRAM XP Pro"
    "hkey"="HKCU"
    "command"="\"\\FreeRAM XP Pro.exe\" -win"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
    "item"="???
    ?"
    "hkey"="HKCU"
    "command"="???
    ?"
    "inimapping"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NBJ"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuria]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Nuria"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Nuria\\Nuria.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PicasaMediaDetector"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verjaardagen]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrintScreen"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WashAndGo - Cleanup of old Backupfiles]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="checker"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\WashAndgo\\checker.exe /check"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WinVNC"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "EventSystem"=dword:00000003

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-11-15 9:35:12.18
    C:\ComboFix.txt … 06-11-15 09:35
    C:\ComboFix2.txt … 06-08-15 16:31
    (einde)
    De exe van Symantec (via IE) van 4,6 Mb deed niks, althans niet dat ik zag.De Combofix pas na intikken Y en Enter.In HJT is Symantec nog te vinden, alleen heb ik daar waarschijnlijk geen last van. Wèl van de Hp mal-functies! Alvast dank voor de inspectie.
    Anoniem
    Anoniem
  • volgens mij zit je met een worm.

    Doe onderstaande tool eerst, start dan opnieuw op en doe dan nogmaals de combofix.
    plaats beide logjes.

    Download en installeer [b:34ca49eaf3]AVG Anti-Spyware[/b:34ca49eaf3].[list:34ca49eaf3]
    Na de installatie, open AVG Anti-Spyware:
    * onder "[b:34ca49eaf3]Status[/b:34ca49eaf3]", klik op [b:34ca49eaf3]Change state[/b:34ca49eaf3] naast "Resident shield". (wijzig van active naar [b:34ca49eaf3]inactive[/b:34ca49eaf3]!)
    * onder "[b:34ca49eaf3]Update[/b:34ca49eaf3]", klik op de [b:34ca49eaf3]Start update[/b:34ca49eaf3] knop.
    * onder "[b:34ca49eaf3]Scanner[/b:34ca49eaf3]", tab "Settings":[list:34ca49eaf3]- onder "How to act?", klik op "[u:34ca49eaf3]Recommended actions[/u:34ca49eaf3]" en selecteer [b:34ca49eaf3]Quarantine[/b:34ca49eaf3]. ([b:34ca49eaf3]ZEER BELANGRIJK![/b:34ca49eaf3])
    * onder "Reports", selecteer [b:34ca49eaf3]Automatically generate report after every scan[/b:34ca49eaf3] en [u:34ca49eaf3]verwijder[/u:34ca49eaf3] het vinkje bij [b:34ca49eaf3]Only if threats were found[/b:34ca49eaf3][/list:u:34ca49eaf3]
    Sluit AVG Anti-Spyware. Laat het [b:34ca49eaf3]nog niet[/b:34ca49eaf3] scannen.[/list:u:34ca49eaf3]

    Start op in veilige modus

    Start [b:34ca49eaf3]AVG Anti-Spyware[/b:34ca49eaf3].[list:34ca49eaf3]* Klik op [b:34ca49eaf3]Scan[/b:34ca49eaf3] en kies [b:34ca49eaf3]Complete System Scan[/b:34ca49eaf3].
    Na de scan; volg onderstaande instructies :
    Anoniem
    Anoniem
  • mogelijk is niet alles naar wens verlopen: na ongeveer 400.000 ietems gescand te hebben kon ik na Äpply all Actions"niet meer zorgen dat Set all elements op Quarantaine stond. Hierbij een rapport:
    VG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 20:32:12 15-11-2006

    + Scan result:



    :mozilla.95:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.96:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.238:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.239:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.235:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.45:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.94:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.97:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.98:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.99:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.185:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.197:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.210:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.66:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.67:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.68:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.69:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.10:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.11:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.12:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.13:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.14:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.7:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.8:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.9:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents and Settings\Frans\Cookies\frans@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.202:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.101:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.104:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.105:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.228:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.196:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.198:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.124:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.125:C:\Documents and Settings\Frans\Application Data\Mozilla\Firefox\Profiles\5ekgpe8t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.


    ::Report end

    Ik heb dus twee maal gescand: de eerste keer een stuk of 20 dingen, die nu ongezien gedeleted zijn, de tweede keer een onestat cookie.
    Ik hoop dat dit een aanwijzing kan geven?
    Anoniem
    Anoniem
  • En had je ook als gevraagd nogmaals de combofix gedaan???

    zo nee doe die dan nogmaals en plaats het logje aub.

    Juisterr
    Anoniem
    Anoniem
  • hier:
    Frans - 06-11-16 11:56:01,53 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Frans\Bureaublad\F.J.Stols\kleine programma's\schoonmaak\Combofix & Hijackthis"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


    2006-11-15 18:57 3,968 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-11-12 14:07 995,328 –a—— C:\WINDOWS\beeldv32.exe
    2006-11-10 15:02 545 –a—— C:\WINDOWS\UC.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\RAR.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\PKZIP.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\PKUNZIP.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\NOCLOSE.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\LHA.PIF
    2006-11-10 15:02 545 –a—— C:\WINDOWS\ARJ.PIF
    2006-10-17 13:33 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-10-17 13:33 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-17 13:33 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-10-17 13:33 180,736 ——— C:\WINDOWS\system32\ieui.dll
    2006-10-17 13:05 206,336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 13:01 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-10-17 12:58 61,952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12,288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 266,752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:27 380,928 ——— C:\WINDOWS\system32\ieapfltr.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-16 11:54 ——– d——– C:\Program Files\Mozilla Firefox
    2006-11-16 11:33 ——– d——– C:\Documents and Settings\Frans\Application Data\MailWasherPro
    2006-11-16 09:28 ——– d——– C:\Documents and Settings\Frans\Application Data\Image Zone Express
    2006-11-15 18:57 ——– d——– C:\Program Files\Grisoft
    2006-11-15 11:07 ——– d——– C:\Documents and Settings\Frans\Application Data\FastStone
    2006-11-15 09:59 ——– d——– C:\Program Files\HP
    2006-11-14 15:56 ——– d——– C:\Program Files\Common Files\ACD Systems
    2006-11-13 21:23 ——– d——– C:\Program Files\Verjaardagen
    2006-11-13 11:56 589 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_UI.log
    2006-11-13 11:56 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_PROTOCOL.log
    2006-11-13 11:56 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163411908_API.log
    2006-11-13 10:56 ——– d——– C:\Program Files\Common Files\Sonic Shared
    2006-11-13 10:56 ——– d——– C:\Program Files\Common Files
    2006-11-13 10:55 ——– d——– C:\Program Files\Common Files\HP
    2006-11-12 19:48 834 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_UI.log
    2006-11-12 19:46 450 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_PROTOCOL.log
    2006-11-12 19:46 0 –a—— C:\Documents and Settings\Frans\Application Data\Hewlett-PackardHP PSC 1400 series1163347183_API.log
    2006-11-12 16:57 ——– d——– C:\Program Files\Hewlett-Packard
    2006-11-10 11:15 ——– d——– C:\Program Files\Yahoo!
    2006-11-09 18:41 ——– d—s—- C:\Documents and Settings\Frans\Application Data\Microsoft
    2006-11-09 15:31 ——– d——– C:\Program Files\Hitman Pro
    2006-11-09 14:52 ——– d——– C:\Program Files\ESET
    2006-11-09 14:39 ——– d——– C:\Program Files\SpywareBlaster
    2006-11-08 19:51 ——– d——– C:\Documents and Settings\Frans\Application Data\OpenOffice.org2
    2006-11-08 11:28 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Works
    2006-11-08 11:26 ——– d——– C:\Program Files\Microsoft Office
    2006-11-08 11:26 ——– d——– C:\Program Files\Common Files\DESIGNER
    2006-11-08 11:25 ——– d——– C:\Program Files\Common Files\System
    2006-11-08 09:40 ——– d——– C:\Program Files\Java
    2006-11-07 09:14 ——– d——– C:\Program Files\UltraVNC
    2006-11-06 21:49 79232 –a—— C:\Documents and Settings\Frans\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-03 08:57 ——– d——– C:\Program Files\WinZip
    2006-11-03 08:57 ——– d——– C:\Program Files\PhotoDeluxe 2.0
    2006-11-01 14:56 ——– d——– C:\Program Files\Internet Explorer
    2006-10-22 09:47 ——– d——– C:\Program Files\Foxit Software
    2006-10-17 13:33 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-10-17 13:33 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-10-17 13:33 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-10-17 13:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 13:01 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-10-17 13:01 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-10-17 13:01 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-10-17 13:01 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-10-17 13:01 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-10-17 13:00 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-10-17 13:00 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-10-17 13:00 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-10-17 12:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:23 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-10-15 19:53 ——– d——– C:\Program Files\A1Click Ultra PC Cleaner
    2006-10-15 19:35 ——– d——– C:\Program Files\RegVac
    2006-10-15 17:15 ——– d——– C:\Documents and Settings\Frans\Application Data\VUPlayer
    2006-10-15 12:03 ——– d——– C:\Documents and Settings\Frans\Application Data\WinPatrol
    2006-10-15 12:02 ——– d——– C:\Program Files\BillP Studios
    2006-10-09 12:57 ——– d——– C:\Program Files\Easy Rolodex 2.1
    2006-10-09 10:34 ——– d——– C:\Program Files\Easy Rolodex 3.0
    2006-10-09 10:10 ——– d——– C:\Program Files\Zabaware
    2006-10-07 15:13 ——– d——– C:\Program Files\Gadwin Systems
    2006-10-07 13:42 ——– d——– C:\Program Files\Motherboard Monitor 5
    2006-10-07 09:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-06 11:45 ——– d——– C:\Program Files\WashAndGo
    2006-10-03 18:39 ——– d——– C:\Program Files\Colorfolder
    2006-10-02 16:12 98096 –a—— C:\Documents and Settings\Frans\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2006-09-30 12:32 ——– d——– C:\Program Files\Winamp
    2006-09-25 12:26 ——– d——– C:\Documents and Settings\Frans\Application Data\SiteAdvisor
    2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
    2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-09-06 17:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
    2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MailWasher"="C:\\PROGRA~1\\MAILWA~2\\MAILWA~1.EXE"
    "Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
    "Verjaardagen"="C:\\Program Files\\Verjaardagen\\Verjaardagen.exe auto"
    "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
    "backup"="C:\\WINDOWS\\pss\\Snelstart HP Image Zone.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Snelstart HP Image Zone"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
    "item"="WinZip Quick Pick"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Wireless Client Manager.lnk]
    "backup"="C:\\WINDOWS\\pss\\Wireless Client Manager.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Wireless Client Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Frans^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0.lnk]
    "path"="C:\\Documents and Settings\\Frans\\Menu Start\\Programma's\\Opstarten\\OpenOffice.org 2.0.lnk"
    "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
    "item"="OpenOffice.org 2.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Mixer"
    "hkey"="HKLM"
    "command"="Mixer.exe /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mHotkey"
    "hkey"="HKLM"
    "command"="mHotkey.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CopernicDesktopSearch"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeRAM XP Pro"
    "hkey"="HKCU"
    "command"="\"\\FreeRAM XP Pro.exe\" -win"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
    "item"="???
    ?"
    "hkey"="HKCU"
    "command"="???
    ?"
    "inimapping"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NBJ"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuria]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Nuria"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Nuria\\Nuria.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PicasaMediaDetector"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verjaardagen]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrintScreen"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WashAndGo - Cleanup of old Backupfiles]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="checker"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\WashAndgo\\checker.exe /check"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WinVNC"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "EventSystem"=dword:00000003

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-11-16 11:57:11.07
    C:\ComboFix.txt … 06-11-16 11:57
    C:\ComboFix2.txt … 06-11-15 09:35
    C:\ComboFix3.txt … 06-08-15 16:31
    Anoniem
    Anoniem
  • al met al lijkt het hierboven een lang verhaal; ik vroeg me af of iemand nog een suggestie heeft: popups die redelijkerwijs met HP-software te maken hebben?
    Anoniem
    Anoniem
  • Popups door HP? misschien vragen om updates?

    Kan je eens zo'n popups in een printscreen plaatsen?
    Anoniem
    Anoniem
  • het goede nieuws is dat ik sinds gisteren alle popups kwijt ben, ook die van een verzoek om een testpagina van de printer HP PSC1417 te maken. Het heeft wel te maken met de "image-zone"(zonder n) van HP. Ergens kwam ik bij MS een middeltje tegen om in uitvoeren>msconfig>algemeen wat vinkjes weg te halen, en later weer terug te plaatsen.Een wat angstige actie, maar het hielp. Eén van de popups waar ik last van had was: "fatal execution Engine Error (0x7927baca) met het bekende rode gevaarskruis. Dit verscheen ook bij de scan-procedure, hoewel die wel bleek te lukken. Ik moet trouwens nog leren hoé je een klein plaatje in een tekst als hier inlast. Maar in ieder geval heel veel dank voor alle tijd en aandacht.
    Anoniem
    Anoniem
  • inmiddels bijgeschoold via een ander forum
    [img:c94b84e601]http://img224.imageshack.us/img224/1350/nr003vd4.th.jpg[/img:c94b84e601]
    Anoniem
    Anoniem
  • probeer je HP een opnieuw te installeren. Die is volgens mij niet helemaal goed geinstalleerd.
    Anoniem
    Anoniem
  • Dat had ik al een half dozijn keren gedaan, dat was ook het advies van de HP-leverancier (Medion): installeren zònder aangesloten printer, en pas later aansluiten na herstart, enz.enz.Hielp allemaal niks.Maar nogmaals: de pop-ups zijn nu weg.Volgende printer een ander merk.
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!