Mededeling

Collapse
No announcement yet.

Ads Served By Dcads Pop-ups!!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Ads Served By Dcads Pop-ups!!

    Ik krijg terug van die heel vervelende pop-ups met als titels :
    ADS SERVED BY DCADS, kan er iemand zien via de log of er iets mis is met mijn pc? Dank bij voorbaat.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:48:35, on 19-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sander\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    --
    End of file - 8026 bytes

  • #2
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      combofix log

      ComboFix 08-01-18.5 - Eric 2008-01-19 13:59:47.2 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Eric\Bureaublad\ComboFix.exe
      Command switches used :: and Settings\Eric\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))
      .

      2008-01-19 13:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-13 22:32 . 2008-01-13 22:32 <DIR> d-------- C:\WINDOWS\Twain32
      2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Reference
      2008-01-13 22:10 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
      2008-01-13 11:42 . 2008-01-13 11:43 <DIR> d-------- C:\Program Files\XoftSpySE
      2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- C:\Program Files\ING
      2008-01-11 22:35 . 2008-01-11 22:35 153 --a------ C:\WINDOWS\wininit.ini
      2008-01-10 21:39 . 2008-01-10 21:41 <DIR> d-------- C:\RVAXO
      2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-06 16:32 . 2008-01-06 17:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
      2008-01-06 16:18 . 2008-01-06 21:46 <DIR> d-------- C:\Program Files\Atari
      2008-01-01 14:01 . 2008-01-01 14:01 <DIR> d-------- C:\Program Files\MSXML 4.0
      2007-12-31 21:43 . 2008-01-19 14:00 61,036 --a------ C:\logfile
      2007-12-31 21:36 . 2007-12-31 21:36 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
      2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Common Files\Kodak
      2007-12-31 21:35 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2007-12-31 21:35 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2007-12-31 21:32 . 2007-12-31 21:36 <DIR> d-------- C:\Program Files\Kodak
      2007-12-31 21:30 . 2007-12-31 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
      2007-12-31 16:15 . 2007-12-31 16:15 <DIR> d-------- C:\team17
      2007-12-31 14:05 . 2007-12-31 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
      2007-12-31 10:40 . 2008-01-11 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-30 12:50 . 2008-01-10 22:06 599,373 --a------ C:\WINDOWS\system32\RVAXO.bat
      2007-12-30 12:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2007-12-21 21:34 . 2007-12-21 21:34 <DIR> d-------- C:\Program Files\TryMedia
      2007-12-21 21:13 . 2007-12-31 14:03 <DIR> d-------- C:\Downloads

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-16 00:42 --------- d-----w C:\Program Files\Photo_Resizer
      2008-01-11 21:35 --------- d-----w C:\Program Files\VVSN
      2008-01-11 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-11 20:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-06 21:06 --------- d-----w C:\Documents and Settings\Sander\Application Data\Azureus
      2008-01-06 16:09 --------- d-----w C:\Program Files\Infogrames
      2008-01-06 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-01 09:56 --------- d-----w C:\Program Files\KetnetKick
      2007-12-31 11:28 --------- d-----w C:\Program Files\Java
      2007-12-31 09:40 --------- d-----w C:\Program Files\Lavasoft
      2007-12-31 09:40 --------- d-----w C:\Documents and Settings\Eric\Application Data\Lavasoft
      2007-12-31 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\PferdeHof
      2007-12-29 18:24 --------- d-----w C:\Program Files\Azureus
      2007-12-24 15:27 --------- d-----w C:\Program Files\eMule
      2007-12-22 09:44 --------- d-----w C:\Program Files\LimeWire
      2007-12-21 20:00 --------- d-----w C:\Documents and Settings\Sander\Application Data\LimeWire
      2007-12-17 19:27 --------- d-----w C:\Program Files\RadioXpi
      2007-12-16 10:20 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\VanDale
      2007-12-14 19:08 --------- d-----w C:\Program Files\Cheat Engine
      2007-11-30 18:18 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\TIJD
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33 892928]
      "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
      "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 18:36 90112]
      "SoundMan"="SOUNDMAN.EXE" [2002-09-11 17:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
      "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 13:20 512000]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
      "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2005-03-10 12:44 114800]
      "HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [2003-04-04 09:42 614400]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-30 19:28 185632]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      C:\Documents and Settings\Sander\Menu Start\Programma's\Opstarten\
      Deer Hunter 2005 Registration.lnk - C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE [2004-08-27 21:30:18]
      PowerReg Scheduler V3.exe [2008-01-06 16:17:41]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
      BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 14:50:42]
      Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
      NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2005-06-20 17:27:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "AllowLegacyWebView"= 1 (0x1)
      "AllowUnhashedWebView"= 1 (0x1)

      R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf29132-7d99-11dc-be21-0011678b34b1}]
      \Shell\AutoRun\command - G:\AutoTransfer.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-11-20 08:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-18 20:09:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      "2008-01-19 12:51:34 C:\WINDOWS\Tasks\XoftSpySE 2.job"
      - C:\Program Files\XoftSpySE\XoftSpy.exe
      "2008-01-13 10:42:26 C:\WINDOWS\Tasks\XoftSpySE.job"
      - C:\Program Files\XoftSpySE\XoftSpy.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-19 14:08:30
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???gxO??V??gxO??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????gzO??2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

      scannen van verborgen bestanden ...

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\NavLogon.dll
      .
      Voltooingstijd: 2008-01-19 14:10:25
      ComboFix2.txt 2008-01-10 21:09:11
      .
      2008-01-09 13:17:16 --- E O F ---

      bedankt.

      Comment


      • #4
        hijack this log na de combofix

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 14:15:15, on 19-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\VIAudioi\SBADeck\ADeck.exe
        C:\WINDOWS\system32\LVCOMSX.EXE
        C:\Program Files\Logitech\Video\LogiTray.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        C:\Program Files\Nikon\NkView6\NkvMon.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
        C:\Program Files\Logitech\Video\FxSvr2.exe
        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
        O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sander\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
        O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
        O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

        --
        End of file - 7788 bytes

        mvg - Eric

        Comment


        • #5
          Zijn er nog problemen?

          Comment


          • #6
            problemen....

            Beste Marckie, voor het ogenblik krijg ik die pop-ups niet meer.

            Dank u.

            Comment


            • #7
              te vroeg gejuigd...

              Helaas zijn die pop-ups er weer, terug met als titel ads served by dacds.

              Sorry voor het ongemak....

              Comment


              • #8
                Post een nieuwe log van Combofix en een nieuwe hijackthislog.
                Je moet wel Combofix eerst opnieuw downloaden. (oude versie weggooien)

                Comment


                • #9
                  log combofix

                  ComboFix 08-01-18.5 - Eric 2008-01-20 15:25:17.3 - NTFSx86
                  Gestart vanuit: C:\Documents and Settings\Eric\Bureaublad\ComboFix.exe

                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
                  .

                  2008-01-19 13:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                  2008-01-13 22:32 . 2008-01-13 22:32 <DIR> d-------- C:\WINDOWS\Twain32
                  2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Reference
                  2008-01-13 22:10 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
                  2008-01-13 11:42 . 2008-01-13 11:43 <DIR> d-------- C:\Program Files\XoftSpySE
                  2008-01-12 13:51 . 2008-01-12 13:51 <DIR> d-------- C:\Program Files\ING
                  2008-01-11 22:35 . 2008-01-11 22:35 153 --a------ C:\WINDOWS\wininit.ini
                  2008-01-10 21:39 . 2008-01-10 21:41 <DIR> d-------- C:\RVAXO
                  2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-01-06 16:32 . 2008-01-06 17:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
                  2008-01-06 16:18 . 2008-01-06 21:46 <DIR> d-------- C:\Program Files\Atari
                  2008-01-01 14:01 . 2008-01-01 14:01 <DIR> d-------- C:\Program Files\MSXML 4.0
                  2007-12-31 21:43 . 2008-01-20 15:06 65,360 --a------ C:\logfile
                  2007-12-31 21:36 . 2007-12-31 21:36 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
                  2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Common Files\Kodak
                  2007-12-31 21:35 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
                  2007-12-31 21:35 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
                  2007-12-31 21:32 . 2007-12-31 21:36 <DIR> d-------- C:\Program Files\Kodak
                  2007-12-31 21:30 . 2007-12-31 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
                  2007-12-31 16:15 . 2007-12-31 16:15 <DIR> d-------- C:\team17
                  2007-12-31 14:05 . 2007-12-31 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
                  2007-12-31 10:40 . 2008-01-11 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2007-12-30 12:50 . 2008-01-10 22:06 599,373 --a------ C:\WINDOWS\system32\RVAXO.bat
                  2007-12-30 12:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
                  2007-12-21 21:34 . 2007-12-21 21:34 <DIR> d-------- C:\Program Files\TryMedia
                  2007-12-21 21:13 . 2007-12-31 14:03 <DIR> d-------- C:\Downloads

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-19 13:19 --------- d-----w C:\Program Files\Infogrames
                  2008-01-16 00:42 --------- d-----w C:\Program Files\Photo_Resizer
                  2008-01-11 21:35 --------- d-----w C:\Program Files\VVSN
                  2008-01-11 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-01-11 20:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                  2008-01-06 21:06 --------- d-----w C:\Documents and Settings\Sander\Application Data\Azureus
                  2008-01-06 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-01-01 09:56 --------- d-----w C:\Program Files\KetnetKick
                  2007-12-31 11:28 --------- d-----w C:\Program Files\Java
                  2007-12-31 09:40 --------- d-----w C:\Program Files\Lavasoft
                  2007-12-31 09:40 --------- d-----w C:\Documents and Settings\Eric\Application Data\Lavasoft
                  2007-12-31 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                  2007-12-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\PferdeHof
                  2007-12-29 18:24 --------- d-----w C:\Program Files\Azureus
                  2007-12-24 15:27 --------- d-----w C:\Program Files\eMule
                  2007-12-22 09:44 --------- d-----w C:\Program Files\LimeWire
                  2007-12-21 20:00 --------- d-----w C:\Documents and Settings\Sander\Application Data\LimeWire
                  2007-12-17 19:27 --------- d-----w C:\Program Files\RadioXpi
                  2007-12-16 10:20 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\VanDale
                  2007-12-14 19:08 --------- d-----w C:\Program Files\Cheat Engine
                  2007-11-30 18:18 --------- d-----w C:\Documents and Settings\Laurianne\Application Data\TIJD
                  2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                  2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                  2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
                  "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
                  "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33 892928]
                  "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
                  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 18:36 90112]
                  "SoundMan"="SOUNDMAN.EXE" [2002-09-11 17:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
                  "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 13:20 512000]
                  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
                  "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
                  "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
                  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
                  "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2005-03-10 12:44 114800]
                  "HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [2003-04-04 09:42 614400]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-30 19:28 185632]
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
                  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

                  C:\Documents and Settings\Sander\Menu Start\Programma's\Opstarten\
                  Deer Hunter 2005 Registration.lnk - C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE [2004-08-27 21:30:18]
                  PowerReg Scheduler V3.exe [2008-01-06 16:17:41]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
                  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 14:50:42]
                  Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14]
                  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
                  NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2005-06-20 17:27:26]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                  "AllowLegacyWebView"= 1 (0x1)
                  "AllowUnhashedWebView"= 1 (0x1)

                  R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
                  R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf29132-7d99-11dc-be21-0011678b34b1}]
                  \Shell\AutoRun\command - G:\AutoTransfer.exe

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2007-11-20 08:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                  "2008-01-20 12:09:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                  - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                  "2008-01-20 13:56:51 C:\WINDOWS\Tasks\XoftSpySE 2.job"
                  - C:\Program Files\XoftSpySE\XoftSpy.exe
                  "2008-01-13 10:42:26 C:\WINDOWS\Tasks\XoftSpySE.job"
                  - C:\Program Files\XoftSpySE\XoftSpy.exe
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-20 15:32:38
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                  MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???gxO??V??gxO??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????gzO??2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
                  HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                  MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  --------------------- DLLs Loaded Under Running Processes ---------------------

                  PROCESS: C:\WINDOWS\system32\winlogon.exe
                  -> C:\WINDOWS\system32\NavLogon.dll

                  PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
                  -> C:\Program Files\WinRAR\rarext.dll
                  .
                  Voltooingstijd: 2008-01-20 15:37:42
                  ComboFix2.txt 2008-01-19 13:10:26
                  ComboFix3.txt 2008-01-10 21:09:11
                  .
                  2008-01-09 13:17:16 --- E O F ---

                  Comment


                  • #10
                    hijack this log na de combofix

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 15:44:21, on 20-1-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
                    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
                    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Logitech\iTouch\iTouch.exe
                    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
                    C:\WINDOWS\SOUNDMAN.EXE
                    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
                    C:\WINDOWS\system32\LVCOMSX.EXE
                    C:\Program Files\Logitech\Video\LogiTray.exe
                    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
                    C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\MSN Messenger\MsnMsgr.Exe
                    C:\Program Files\Logitech\Video\FxSvr2.exe
                    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                    C:\Program Files\Nikon\NkView6\NkvMon.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\WINDOWS\explorer.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
                    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
                    O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
                    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sander\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
                    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
                    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
                    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

                    --
                    End of file - 7899 bytes
                    bedankt....

                    Comment


                    • #11
                      Wanneer en waar krijg je deze popups?

                      Comment


                      • #12
                        pop-ups

                        nu ben ik terug een tijdje aan het surfen en eigenaardig genoeg krijg ik ze niet meer. Ik ga erop letten wanneer ik ze juist krijg. Hou je wel op de hoogte hoor.
                        Bedankt voor je hulp.

                        Comment


                        • #13
                          Graag gedaan.
                          Je logjes zien er wat mij betreft goed uit.
                          Een popupje kan links of rechts altijd eens te voorschijn komen, hoeft daarom nog niet noodzakelijk malware gerelateerd te zijn.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X