Vervelende pop ups

Je gebruikt nog een oudere versie van hijackthis.

Download het hijackthis programma van http://www.trendsecure.com/portal/en...?page=download
Installeer het programma in de default directory.

Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)

Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe
  Volg de instructies, aanvaard de disclaimer door Yes te klikken.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats dit log in je volgende post samen met een nieuw HijackThis log.

Dag Steggel, merci voor je snelle reactie

ok defender is uitgeschakeld
en hier zijn de logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
C:\Program Files\SurfRight\Caretaker\AntispamService.exe
C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/index.html?ref=0709
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181823283628
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pieleman.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amesco-nv.be
O17 - HKLM\Software\..\Telephony: DomainName = amesco-nv.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amesco-nv.be
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxwuvw - byxwuvw.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Intel(R) AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - http://www.free4uwallpapers.org/3D/3D-123.jpg

--
End of file - 11315 bytes


ComboFix 08-02-20.2 - rudi 2008-02-20 13:12:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.339 [GMT 1:00]
Running from: C:\Documents and Settings\rudi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\axpchuxo.dll
C:\WINDOWS\system32\bvjtfghs.dll
C:\WINDOWS\system32\fftqijll.dll
C:\WINDOWS\system32\grlxwhwt.dll
C:\WINDOWS\system32\ioqosifl.ini
C:\WINDOWS\system32\lfljrchd.ini
C:\WINDOWS\system32\lljiqtff.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mykxmxun.ini
C:\WINDOWS\system32\nuxmxkym.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\qnehsnsv.dll
C:\WINDOWS\system32\twhwxlrg.ini
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\xewitqbk.dll
C:\WINDOWS\system32\xrvbnlar.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 13:16 . 2008-02-20 13:16 118,784 --a------ C:\WINDOWS\system32\chg.exe
2008-02-20 09:19 . 2008-02-20 09:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight
2008-02-19 17:11 . 2008-02-19 17:11 <DIR> d-------- C:\Documents and Settings\rudi\Application Data\Lavasoft
2008-02-19 17:09 . 2008-02-19 17:09 40,448 --a------ C:\WINDOWS\system32\byxwuvw.Vdll__DELETE_ON_REBOOT
2008-02-19 16:47 . 2008-02-19 16:47 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-19 16:47 . 2008-02-19 16:47 <DIR> d-------- C:\Documents and Settings\rudi\Application Data\PC Tools
2008-02-19 16:47 . 2008-02-20 07:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-19 16:47 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-19 16:47 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-19 16:47 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-19 16:47 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-19 16:46 . 2008-02-19 16:46 <DIR> d-------- C:\Program Files\Webroot
2008-02-19 16:46 . 2008-02-19 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-19 16:46 . 2008-02-19 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-19 16:46 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-19 16:46 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-19 16:46 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-19 16:46 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-02-19 16:46 . 2008-02-19 16:46 164 --a------ C:\install.dat
2008-02-19 16:45 . 2008-02-19 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 16:45 . 2008-02-19 16:45 <DIR> d-------- C:\Documents and Settings\rudi\Application Data\Webroot
2008-02-19 16:45 . 2008-02-19 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 16:44 . 2008-02-19 16:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-19 16:44 . 2008-02-19 16:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-19 16:44 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-19 16:43 . 2008-02-19 16:43 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-02-19 16:42 . 2008-02-19 17:11 <DIR> d-------- C:\Program Files\ESET
2008-02-19 16:42 . 2008-02-19 16:42 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-19 16:42 . 2008-02-19 16:42 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-02-19 16:42 . 2008-02-19 16:42 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-19 16:40 . 2008-02-19 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-19 16:39 . 2008-02-19 16:41 <DIR> d-------- C:\Temp
2008-02-19 16:35 . 2008-02-19 16:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-19 16:35 . 2008-02-19 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
2008-02-19 13:20 . 2008-02-19 13:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-02-19 13:19 . 2008-02-20 08:02 <DIR> d-------- C:\Program Files\Hitman Pro
2008-02-15 09:23 . 2008-02-15 09:24 21 --------- C:\WINDOWS\WB.ini
2008-02-15 09:20 . 2008-02-15 09:58 3,880 --a------ C:\WINDOWS\langorig.ini
2008-02-15 09:18 . 2008-02-15 09:18 <DIR> d-------- C:\Program Files\Stardock
2008-02-15 09:18 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-15 09:18 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-01-29 08:22 . 2008-01-29 08:22 <DIR> d-------- C:\Program Files\Passware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 12:11 --------- d-----w C:\Documents and Settings\rudi\Application Data\SolidDocuments
2008-02-20 12:11 --------- d-----w C:\Documents and Settings\rudi\Application Data\Skype
2008-02-20 12:09 --------- d-----w C:\Program Files\BitComet
2008-02-19 18:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2008-02-06 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-28 12:34 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 02:09 --------- d-----w C:\Program Files\TopDesk
2008-01-04 10:48 --------- d-----w C:\Program Files\Google
2008-01-04 10:33 --------- d-----w C:\Program Files\Shareaza
2008-01-04 10:32 --------- d-----w C:\Program Files\Soulseek
2008-01-04 10:26 --------- d-----w C:\Program Files\Hidden Expedition - Titanic NL
2008-01-04 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-04 10:25 --------- d-----w C:\Program Files\Picasa2
2008-01-04 10:25 --------- d-----w C:\Program Files\Autodesk
2008-01-04 10:25 --------- d-----w C:\Program Files\Atomic RAR Password Recovery
2008-01-04 10:13 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-04-27 11:58 96,568 ----a-w C:\Documents and Settings\rudi\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 03:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 11:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 11:50 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 11:47 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16:26 16250880 C:\WINDOWS\RTHDCPL.exe]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 23:02 131072]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-01-10 05:21 404288]
"SDMSSplash"="C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 09:53 86016]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01 525824]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 21:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 23:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 19:42 888832]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-09 10:32 7618560]
"nwiz"="nwiz.exe" [2006-06-09 10:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-09 10:32 86016]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2006-02-28 03:00 143360]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-01-10 19:48 492792]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 03:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwuvw]
byxwuvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-04-07 05:00 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2006-06-07 20:26 40448 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-30 03:51]
R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-07 05:46]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2006-02-28 03:00]
R2 atchksrv;Intel(R) AMT System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-01-10 05:21]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 03:51]
R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-01-10 19:48]
R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-01-10 19:47]
R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-01-10 19:47]
R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-01-10 19:48]
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-12-06 13:12]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 17:26]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 12:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 07:03:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 13:16:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Completion time: 2008-02-20 13:18:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 12:18:44
.
2008-02-20 06:52:27 --- E O F ---

Moet volgens mij nu al beter zijn.

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O20 - Winlogon Notify: byxwuvw - byxwuvw.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download Java Runtime Environment (JRE) 6u4.

• Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
• Klik op de "Download" knop aan de rechterkant.
• In het uitklapmenu rechts naast Platform, selecteer Windows
• Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
• De pagina zal herladen.
• Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

ok dat is gebeurd .... is het nu in orde of moeten er nog stappen ondernomen worden?

doe nog het volgende:

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Zijn de popups nu verdwenen?

ok is ook gebeurd

en denk dat het in orde is moest het niet zo zijn dan laat ik het nog even weten

maar voor de rest hartelijk bedankt voor de hulp want het was een zeer vervelend iets

Merci

Nog 1 vraagje ik wilde bij smiley central terug mijn smileys installeren maar het wil niet lukken ik krijg de melding "Your security settings do not allow websites to use ActiveX controls installed on your computer. This page may not display correctly. Click here for options."
en als ik der op klik dan komt er alleen maar "informatie"

kan ik dat ergens aanpassen in mijn security settings of ligt de oorzaak ergens anders ?

Grts

Het lijkt erop dat je de engelse versie van IE hebt.

Klik in IE op Tools > Internet Options > Security en klik dan op de button "Custom"
scroll naar beneden en wijzig de setting voor "Run ActiveX controls and plug ins" naar enable.

De boodschap blijft komen en ik heb bij security alles nagekeken ivm active x en alles oftewel enabled of prompt aangevinkt en het probleem blijft..?

ik had hitmanpro derop staan die heb ik deraf gegooid om te zien of het één van de onderdelen was die voor problemen zorgde maar na het opnieuw opstarten van de pc blijft het probleem zich voordoen

Een gelijk probleem heb ik hier gevonden. Helaas is het programma niet beschikbaar. Die site waarnaar wordt verwezen heeft dat programma niet meer.

Ik kan je hier niet verder mee helpen.

Ik heb nog even gekeken naar smiley central maar dat installeert een toolbar in Internet Explorer met o.a. MyWebSearch en die wordt nog steeds gezien als malware.

Het is wel leuk die smileys, maar is wel iets waar je eigenlijk niet aan moet beginnen. Lees de Licentieovereenkomst ook eens door.

Zo´n bedrijf moet toch ergens zijn inkomsten vandaan halen? Gratis bestaat daar niet.

Maar als je echt die Smileys wilt, kijk dan op die site bij "Nog steeds problemen" aan de rechterzijde, daar wordt een andere download aangeboden.

ok dan komt het er niet meer op
bedankt voor de hulp