Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Winfixer pop-up Hoe te verwijderen?

smeenk
2 antwoorden
  • Hello,

    Sinds een aantal dagen krijg ik steeds van de irritante winfixer pop-ups. Dit heeft naar verluid te maken met spyware? Ik heb zelf al een aantal scans uitgevoerd, maar steeds zonder resultaat. Kunnen jullie me hier aub mee helpen? Alvast erg bedankt! Ik heb hieronder de Hijackthis log geplakt.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:31:38 AM, on 11/17/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\WinPwdHelper.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\Program Files\CyberArmor\casvc.exe
    C:\PROGRA~1\CYBERA~1\pcs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Sametime Client\CONNECT.exe
    C:\WINDOWS\System32\ipe3lvje.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\winfast.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Sametime Client\activmon.srv
    C:\Program Files\Plextor\PlexTool.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Notes5\pgnotes5.exe
    C:\Program Files\Notes5
    lnotes.exe
    C:\Program Files\Notes5
    aldaemn.EXE
    C:\Program Files\Notes5
    wrdaemn.EXE
    C:\Program Files\Notes5
    update.EXE
    C:\Program Files\Notes5
    amgr.EXE
    C:\Program Files\Notes5
    hldaemn.EXE
    C:\PROGRA~1\CYBERA~1\pcshelp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for ibprocman[1].zip\IBProcMan.exe
    C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 2 for ibprocman[1].zip\IBProcMan.exe
    C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 3 for ibprocman[1].zip\IBProcMan.exe
    C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com
    gs/AWE/pages/pg/default.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com
    gs/AWE/pages/pg/default.asp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.pg.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\APHELPER.DLL
    O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\rqrsr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ESD3Agent] C:\Program Files\Marimba\Addons\EsdAgent.exe
    O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKLM\..\Run: [Sametime Connect] C:\Program Files\Sametime Client\CONNECT.exe
    O4 - HKLM\..\Run: [ipe3lvje] C:\WINDOWS\System32\ipe3lvje.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - Startup: SEWP Username.lnk = C:\WINDOWS\system32\UserName.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{426EAD51-E0F4-4BA1-AA7B-9F7DDC558662}: Domain = eu.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
    O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll cahooknt.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: rqrsr - C:\WINDOWS\System32\rqrsr.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\Program Files\Iomega\System32\ActivityDisk.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\System32\WinPwdHelper.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
  • C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 3 for ibprocman[1].zip\IBProcMan.exe
    C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    ik merk dat je verschillende programma's vanuit de zip in een temp directory start

    hijackthis maakt backups van je veranderingen voor als je een keer verkeerd doe
    maak een map in je c:\ aan met hijack en pak daar de zip uit
    wat IBProcMan doet weet ik niet, maar hier heb je er 3 van gestart

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.