Hello,

Sinds een aantal dagen krijg ik steeds van de irritante winfixer pop-ups. Dit heeft naar verluid te maken met spyware? Ik heb zelf al een aantal scans uitgevoerd, maar steeds zonder resultaat. Kunnen jullie me hier aub mee helpen? Alvast erg bedankt! Ik heb hieronder de Hijackthis log geplakt.

Logfile of HijackThis v1.99.1
Scan saved at 10:31:38 AM, on 11/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\WinPwdHelper.exe
C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Sametime Client\CONNECT.exe
C:\WINDOWS\System32\ipe3lvje.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\winfast.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Sametime Client\activmon.srv
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Notes5\pgnotes5.exe
C:\Program Files\Notes5\nlnotes.exe
C:\Program Files\Notes5\naldaemn.EXE
C:\Program Files\Notes5\nwrdaemn.EXE
C:\Program Files\Notes5\nupdate.EXE
C:\Program Files\Notes5\namgr.EXE
C:\Program Files\Notes5\nhldaemn.EXE
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for ibprocman[1].zip\IBProcMan.exe
C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 2 for ibprocman[1].zip\IBProcMan.exe
C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 3 for ibprocman[1].zip\IBProcMan.exe
C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/rgs/AWE/pages/pg/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/rgs/AWE/pages/pg/default.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.pg.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\APHELPER.DLL
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\rqrsr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ESD3Agent] C:\Program Files\Marimba\Addons\EsdAgent.exe
O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKLM\..\Run: [Sametime Connect] C:\Program Files\Sametime Client\CONNECT.exe
O4 - HKLM\..\Run: [ipe3lvje] C:\WINDOWS\System32\ipe3lvje.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - Startup: SEWP Username.lnk = C:\WINDOWS\system32\UserName.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{426EAD51-E0F4-4BA1-AA7B-9F7DDC558662}: Domain = eu.pg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll cahooknt.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrsr - C:\WINDOWS\System32\rqrsr.dll
O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\Program Files\Iomega\System32\ActivityDisk.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\System32\WinPwdHelper.exe
O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe

C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 3 for ibprocman[1].zip\IBProcMan.exe
C:\Documents and Settings\tt4428\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

ik merk dat je verschillende programma's vanuit de zip in een temp directory start

hijackthis maakt backups van je veranderingen voor als je een keer verkeerd doe
maak een map in je c:\ aan met hijack en pak daar de zip uit
wat IBProcMan doet weet ik niet, maar hier heb je er 3 van gestart