Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

combofix log

ComboFix 08-01-18.5 - Eric 2008-01-19 13:59:47.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eric\Bureaublad\ComboFix.exe
Command switches used :: and Settings\Eric\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))
.

2008-01-19 13:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 22:32 . 2008-01-13 22:32 <DIR> d-------- C:\WINDOWS\Twain32
2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Reference
2008-01-13 22:10 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
2008-01-13 11:42 . 2008-01-13 11:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- C:\Program Files\ING
2008-01-11 22:35 . 2008-01-11 22:35 153 --a------ C:\WINDOWS\wininit.ini
2008-01-10 21:39 . 2008-01-10 21:41 <DIR> d-------- C:\RVAXO
2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 16:32 . 2008-01-06 17:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-01-06 16:18 . 2008-01-06 21:46 <DIR> d-------- C:\Program Files\Atari
2008-01-01 14:01 . 2008-01-01 14:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-31 21:43 . 2008-01-19 14:00 61,036 --a------ C:\logfile
2007-12-31 21:36 . 2007-12-31 21:36 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-31 21:35 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-31 21:35 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-31 21:32 . 2007-12-31 21:36 <DIR> d-------- C:\Program Files\Kodak
2007-12-31 21:30 . 2007-12-31 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-31 16:15 . 2007-12-31 16:15 <DIR> d-------- C:\team17
2007-12-31 14:05 . 2007-12-31 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-31 10:40 . 2008-01-11 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 12:50 . 2008-01-10 22:06 599,373 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-30 12:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-21 21:34 . 2007-12-21 21:34 <DIR> d-------- C:\Program Files\TryMedia
2007-12-21 21:13 . 2007-12-31 14:03 <DIR> d-------- C:\Downloads

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 00:42 --------- d-----w C:\Program Files\Photo_Resizer
2008-01-11 21:35 --------- d-----w C:\Program Files\VVSN
2008-01-11 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 20:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 21:06 --------- d-----w C:\Documents and Settings\Sander\Application Data\Azureus
2008-01-06 16:09 --------- d-----w C:\Program Files\Infogrames
2008-01-06 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 09:56 --------- d-----w C:\Program Files\KetnetKick
2007-12-31 11:28 --------- d-----w C:\Program Files\Java
2007-12-31 09:40 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:40 --------- d-----w C:\Documents and Settings\Eric\Application Data\Lavasoft
2007-12-31 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\PferdeHof
2007-12-29 18:24 --------- d-----w C:\Program Files\Azureus
2007-12-24 15:27 --------- d-----w C:\Program Files\eMule
2007-12-22 09:44 --------- d-----w C:\Program Files\LimeWire
2007-12-21 20:00 --------- d-----w C:\Documents and Settings\Sander\Application Data\LimeWire
2007-12-17 19:27 --------- d-----w C:\Program Files\RadioXpi
2007-12-16 10:20 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\VanDale
2007-12-14 19:08 --------- d-----w C:\Program Files\Cheat Engine
2007-11-30 18:18 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\TIJD
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33 892928]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 18:36 90112]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 17:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 13:20 512000]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2005-03-10 12:44 114800]
"HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [2003-04-04 09:42 614400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-30 19:28 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\Sander\Menu Start\Programma's\Opstarten\
Deer Hunter 2005 Registration.lnk - C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE [2004-08-27 21:30:18]
PowerReg Scheduler V3.exe [2008-01-06 16:17:41]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 14:50:42]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2005-06-20 17:27:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf29132-7d99-11dc-be21-0011678b34b1}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

.
Inhoud van de 'Gedeelde Taken' map
"2007-11-20 08:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 20:09:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-19 12:51:34 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-13 10:42:26 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:08:30
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???gxO??V??gxO??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????gzO??2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scannen van verborgen bestanden ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Voltooingstijd: 2008-01-19 14:10:25
ComboFix2.txt 2008-01-10 21:09:11
.
2008-01-09 13:17:16 --- E O F ---

bedankt.

hijack this log na de combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:15, on 19-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sander\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7788 bytes

mvg - Eric

Zijn er nog problemen?

problemen....

Beste Marckie, voor het ogenblik krijg ik die pop-ups niet meer.

Dank u.

te vroeg gejuigd...

Helaas zijn die pop-ups er weer, terug met als titel ads served by dacds.

Sorry voor het ongemak....

Post een nieuwe log van Combofix en een nieuwe hijackthislog.
Je moet wel Combofix eerst opnieuw downloaden. (oude versie weggooien)

log combofix

ComboFix 08-01-18.5 - Eric 2008-01-20 15:25:17.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eric\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.

2008-01-19 13:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 22:32 . 2008-01-13 22:32 <DIR> d-------- C:\WINDOWS\Twain32
2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Reference
2008-01-13 22:10 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
2008-01-13 11:42 . 2008-01-13 11:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- C:\Program Files\ING
2008-01-11 22:35 . 2008-01-11 22:35 153 --a------ C:\WINDOWS\wininit.ini
2008-01-10 21:39 . 2008-01-10 21:41 <DIR> d-------- C:\RVAXO
2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 16:32 . 2008-01-06 17:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-01-06 16:18 . 2008-01-06 21:46 <DIR> d-------- C:\Program Files\Atari
2008-01-01 14:01 . 2008-01-01 14:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-31 21:43 . 2008-01-20 15:06 65,360 --a------ C:\logfile
2007-12-31 21:36 . 2007-12-31 21:36 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-31 21:35 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-31 21:35 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-31 21:32 . 2007-12-31 21:36 <DIR> d-------- C:\Program Files\Kodak
2007-12-31 21:30 . 2007-12-31 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-31 16:15 . 2007-12-31 16:15 <DIR> d-------- C:\team17
2007-12-31 14:05 . 2007-12-31 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-31 10:40 . 2008-01-11 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 12:50 . 2008-01-10 22:06 599,373 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-30 12:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-21 21:34 . 2007-12-21 21:34 <DIR> d-------- C:\Program Files\TryMedia
2007-12-21 21:13 . 2007-12-31 14:03 <DIR> d-------- C:\Downloads

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:19 --------- d-----w C:\Program Files\Infogrames
2008-01-16 00:42 --------- d-----w C:\Program Files\Photo_Resizer
2008-01-11 21:35 --------- d-----w C:\Program Files\VVSN
2008-01-11 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 20:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 21:06 --------- d-----w C:\Documents and Settings\Sander\Application Data\Azureus
2008-01-06 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 09:56 --------- d-----w C:\Program Files\KetnetKick
2007-12-31 11:28 --------- d-----w C:\Program Files\Java
2007-12-31 09:40 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:40 --------- d-----w C:\Documents and Settings\Eric\Application Data\Lavasoft
2007-12-31 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\PferdeHof
2007-12-29 18:24 --------- d-----w C:\Program Files\Azureus
2007-12-24 15:27 --------- d-----w C:\Program Files\eMule
2007-12-22 09:44 --------- d-----w C:\Program Files\LimeWire
2007-12-21 20:00 --------- d-----w C:\Documents and Settings\Sander\Application Data\LimeWire
2007-12-17 19:27 --------- d-----w C:\Program Files\RadioXpi
2007-12-16 10:20 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\VanDale
2007-12-14 19:08 --------- d-----w C:\Program Files\Cheat Engine
2007-11-30 18:18 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\TIJD
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33 892928]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 18:36 90112]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 17:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 13:20 512000]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2005-03-10 12:44 114800]
"HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [2003-04-04 09:42 614400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-30 19:28 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\Sander\Menu Start\Programma's\Opstarten\
Deer Hunter 2005 Registration.lnk - C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE [2004-08-27 21:30:18]
PowerReg Scheduler V3.exe [2008-01-06 16:17:41]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 14:50:42]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2005-06-20 17:27:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf29132-7d99-11dc-be21-0011678b34b1}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

.
Inhoud van de 'Gedeelde Taken' map
"2007-11-20 08:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 12:09:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-20 13:56:51 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-13 10:42:26 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 15:32:38
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???gxO??V??gxO??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????gzO??2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
Voltooingstijd: 2008-01-20 15:37:42
ComboFix2.txt 2008-01-19 13:10:26
ComboFix3.txt 2008-01-10 21:09:11
.
2008-01-09 13:17:16 --- E O F ---

hijack this log na de combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:21, on 20-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sander\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7899 bytes
bedankt....

Wanneer en waar krijg je deze popups?

pop-ups

nu ben ik terug een tijdje aan het surfen en eigenaardig genoeg krijg ik ze niet meer. Ik ga erop letten wanneer ik ze juist krijg. Hou je wel op de hoogte hoor.
Bedankt voor je hulp.

Graag gedaan.
Je logjes zien er wat mij betreft goed uit.
Een popupje kan links of rechts altijd eens te voorschijn komen, hoeft daarom nog niet noodzakelijk malware gerelateerd te zijn.