coupon drop down - Privacy en beveiliging

zondag 4 november 2012 23:27

Acties:

0 Henk 'm!

Anoniem: 481484

Topicstarter

Ik krijg konstand een drop down van u heeft een ipad/iphone gewonnen. Deze krijg ik als ik op een linkje klik in een webpagina, en krijg deze niet verwijderd.

HTML:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="text/javascript">if (top !== self) top.location.replace(self.location.href);</script>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Internet onderzoek: continue</title>
    <link href="css/style.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" ></script>

    <script src="js/script.js"></script>
    <script type="text/javascript">
        var subid="28782628"
        var image_link = "images/default.htm";
        var server_name = "default.htm";
    </script>
    <style type="text/css">
<!--
#footer
{ 
    position: relative; 
    width:700px;
}

#footer-content 
{
    position: absolute;
    bottom: 0;
    padding-top: 100px;
    margin-top:100px;
    }
.style3 {
    color: #333333;
    font-size: 25px;
    letter-spacing:-1px;
    line-height:20px;
    text-transform:capitalize;
    font-weight: bold;
}
-->
-->
    </style>
</head>
<body>
<div class="wrapper_survey">
<div class="survey_inner">
        <div class="header_section">    
            <div class="logo">
            <table width="500" border="0">
  <tr>
    <td width="64"><img src="images/netherlands.png" width="48" height="38" /></td>
    <td width="426">  
            <span class="style3">continue onderzoek</span></td>
  </tr>
</table>
   
         </div>
          <h1 class="jdate"></h1>
            <div class="clear"></div>
        </div>
    <div class="survey_text">
            <p>
            U bent in de <strong>regio   
            Leek</strong>  uitgekozen om deel te nemen aan deze 30-seconden enquête.     </p>
      <p>Na afloop krijgt u de kans om een <strong>Apple ® iPad2 of een iPhone 4S</strong> op te eisen.  </p>
      <p>Klik gewoon op <strong>START NU</strong> om met de 30-seconden enquête te beginnen en om je geschenk op te eisen:</p>
<div class="link">
                <img class="start_link" src="images/btn_startnow.jpg"/>
                </noscript>
      </div>
  </div>
        
<div class="questions">
            <div id="question1" class="question">
                <h1 class="question_number">Vraag 1/3</h1>
                <div class="question_text">Bent u een man of vrouw? 
                    <div class="answers">
                        <a onclick="$('#in_q1').val('male'); nextQuestion(2)">Man</a>
                        <a onclick="$('#in_q1').val('female'); nextQuestion(2)">Vrouww</a>
                    </div>
                </div>
            </div><!-- question -->
            
            <div id="question2" class="question">
                <h1 class="question_number">Vraag 2/3</h1>
                <div class="question_text">Hoe vaak bezoekt u deze website? 
                    <div class="answers">
                        <a onclick="$('#in_q2').val('Definitely'); nextQuestion(3)">Een keer per week</a>
                        <a onclick="$('#in_q2').val('Somewhat'); nextQuestion(3)">Meerdere keren per week</a>
                        <a onclick="$('#in_q2').val('Not at All'); nextQuestion(3)">zelden</a>
                    </div>
                </div>
            </div><!-- question -->
            
            <div id="question3" class="question">
                <h1 class="question_number">Vraag 3/3</h1>
                <div class="question_text">Zult u deze site opnieuw bezoeken?
                    <div class="answers">
                        <a onclick="$('#in_q3').val('Many');  nextQuestion(4)">Ja</a>
                        <a onclick="$('#in_q3').val('A Few'); nextQuestion(4)">Nee</a>
                        <a onclick="$('#in_q3').val('None');  nextQuestion(4)">Weet niet</a>
                    </div>  
                </div>
            </div><!-- question -->
            
            <div id="question4" class="question">
                <div class="loader">
                    <p>Antwoorden worden verstuurd</p>
                    <img src="images/loader.gif"/>
                </div>  
            </div><!-- question -->
            
            <div id="question5" class="question">
                <div class="prize_text">
                    <strong>Hartelijk dank voor uw antwoorden. Kies een beschikbaar geschenk:</strong>
                </div>
                <div class="prize_boxes">
                    
                    <div class="prize_box" style="margin-left: 0px;">
                        <h1 class="prize_title">Visa<sup>®</sup> Gift Card</h1>
                        <div class="prize"><img src="images/giftcard-grayed.gif" border="0"/></div>
                        <div class="prizeleft">Resterende hoeveelheid:  <span>0</span></div>
                        <div class="prize_select">Niet beschikbaar</div>
                    </div>
                    
                    <div class="prize_box middle">
                        <h1 class="prize_title">Apple iPhone 4S<sup>®</sup></h1>
                        <div class="prize"><a HREF="javascript:void(0)"onclick="window.open('http://globalvisitorsurvey.com/survy-neth/select-iphne.php?trimmedKeyword=continue','linkname','height=750, width=1100,scrollbars=yes,resizable=1')"><img src="images/prize_iphone.jpg" border="0"/></a></div>
                        <div class="prizeleft">Resterende hoeveelheid:  <span>4</span></div>
                        <div class="prize_select"><a HREF="javascript:void(0)"onclick="window.open('http://globalvisitorsurvey.com/survy-neth/select-iphne.php?trimmedKeyword=continue','linkname','height=750, width=1100,scrollbars=yes,resizable=1')"><img src="images/btn_select.jpg" border="0"/></a></div>
                    </div>
                    
                    <div class="prize_box">
                        <h1 class="prize_title">Apple iPad 2<sup>®</sup></h1>
                        <div class="prize"><a HREF="javascript:void(0)"onclick="window.open('http://globalvisitorsurvey.com/survy-neth/select-ipd.php?trimmedKeyword=continue','linkname','height=750, width=1100,scrollbars=yes,resizable=1')"><img src="images/prize_ipad.jpg" border="0"/></a></div>
                        <div class="prizeleft">Resterende hoeveelheid:  <span>2</span></div>
                        <div class="prize_select"><a HREF="javascript:void(0)"onclick="window.open('http://globalvisitorsurvey.com/survy-neth/select-ipd.php?trimmedKeyword=continue','linkname','height=750, width=1100,scrollbars=yes,resizable=1')"><img src="images/btn_select.jpg" border="0"/></a></div>
                    </div>      
                </div>
            </div><!-- question -->
            
            <div id="question6" class="question" style="margin-top:-20px;">
                <div id='prize_flippy'>
                    <p>You selected the <span></span></p>
                    <img id='prize_img' src=''>
                </div>
        
            
            <div id="question7" class="question">
                <div class="loader">
                    <p>Submitting Responses</p>
                    <img src="images/loader.gif"/>
                </div>
            </div>
            
            <div id="question8" class="question">
                <iframe name="frameblock" id='iframe1' scrolling="no" frameborder="0"  border="0" width="1200" height="1000" allowTransparency="yes" style="border:none;"></iframe>
            </div>
        </div>
            <!-- questions -->
  </div><!--form_inner-->
</div>
<!--wrapper-->
</div>

<center>
<div id="footer"><br />
<br />
  <p align="center" style="font-size: 11px; color: #A8A8A8;"> <strong></strong>© 2012 Alle rechten voorbehouden<br />
    <br />
  </p>
  </div>
</center>


<script type='text/javascript'>alert('U bent willekeurig uitgekozen om  aan onze nationale enquête van 30 seconden deel te nemen. Reageer nu en u kunt misschien een iPad 2 of een iPhone 4S opeisen.');</script>


<!--wrapper-->

</body>
</html>

wat kan ik hier aan doen?
heb al verschillende programma's geprobeerd, maar het lukt niet. en deze programma's zijn malwarebytes, popup killers.

mvg beike2012

[ Voor 0% gewijzigd door F_J_K op 05-11-2012 09:28 . Reden: code tags ]

maandag 5 november 2012 09:31

Acties:

0 Henk 'm!

F_J_K

Moderator CSA/PB

Front verplichte underscores

Welkom op GoT!

Ik ben zo vrij geweest de code tussen UBB-tags te zetten zodat het veel beter leesbaar is. Maar: de code is minder belangrijk dan de situatie eromheen. Geef ajb daar meer informatie over:
* Welk OS?
* Welke browser?
* Gebeurt het ook in andere browsers?
* Zijn er niet-verwachte add-ons actief in de browser?
* Kom je verdachte processen tegen als je bijv Hijackthis (http://sourceforge.net/projects/hjt/) draait?

'Multiple exclamation marks,' he went on, shaking his head, 'are a sure sign of a diseased mind' (Terry Pratchett, Eric)

maandag 5 november 2012 14:30

Acties:

0 Henk 'm!

Anoniem: 481484

Topicstarter

neem mij niet kwalijk, het gebeurt in firefox als ik een link aanklik voor meer informatie. bijv mediamarkt en ik wil iets weten dan klik ik op de gekleurde link. dan krijg ik niet de informatie die ik zoek, maar het coupon drop down. het schijnt heel lastig te verwijderen te zijn. hebben meer mensen last van.
gebruik windows 7. heb de pc gescand met hijjackthis en de informatie staat in een log bestand.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:14, on 5-11-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\blackwidow\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\A-Soft.net\A-POPUPKILLER\A-POPUPKILLER.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\blackwidow\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\blackwidow\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: AD Killer A-Soft.net - {F51F152E-DAF0-44EA-8ED7-2382E771596B} - C:\PROGRA~2\A-Soft.net\A-POPUPKILLER\APOPUPKILLER.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Best Antivirus Agent] C:/Program Files (x86)/Best Antivirus/BestAntivirusAgent.exe
O4 - HKLM\..\Run: [Best Antivirus] C:/Program Files (x86)/Best Antivirus/BestAntivirus.exe
O4 - HKLM\..\Run: [Best Antivirus Updater] C:/Program Files (x86)/Best Antivirus/BestAntivirusUpdater.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [A-PopupKiller] C:\PROGRA~2\A-Soft.net\A-POPUPKILLER\A-POPUPKILLER.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\blackwidow\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Best Antivirus.lnk = C:\Program Files (x86)\Best Antivirus\BestAntivirus.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Programs Manager Service (CPMService) - Unknown owner - C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13873 bytes

hoop dat dit meer informatie geeft.

mvg beike2012

maandag 5 november 2012 17:42

Acties:

0 Henk 'm!

photofreak

De volgende programma's en key's vind ik verdacht
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O4 - HKLM\..\Run: [Best Antivirus Agent] C:/Program Files (x86)/Best Antivirus/BestAntivirusAgent.exe
O4 - HKLM\..\Run: [Best Antivirus] C:/Program Files (x86)/Best Antivirus/BestAntivirus.exe
O4 - HKLM\..\Run: [Best Antivirus Updater] C:/Program Files (x86)/Best Antivirus/BestAntivirusUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f (User 'SYSTEM')

Geen idee wat Best Antivirus is en of Ad Aware niet gewoon de pop-ups veroorzaakt.

kortom, een programma dat bij de installatie van bijvoorbeeld utorrent ofzo binnen kan komen en nu waarschijnlijk ook als add-on in firefox draait.

Wil je kijken of er een add-on aanwezig is die die pop-ups zou kunnen geven in Firefox?
Firefox >> Extra >> Add-ons

Overigens draai je een lekke versie van Adobe Flash Player, waarvoor al geruime tijd een patch is en waarvoor ook een openbare exploit beschikbaar is: http://www.metasploit.com...wser/adobe_flash_otf_font

dinsdag 6 november 2012 12:46

Acties:

0 Henk 'm!

LnC

The offending line...

Wat hierboven al vermeld werd. Die Bestantivirusagent.exe sprong er bij mij al gelijk uit. Scan voor de zekerheid je systeem eens met ADWCleaner. Dit programma haalt (uit eigen ervaring) veel toolbars en andere trojan meuk uit je systeem.

Let wel, na de scan van ADWCleaner druk je op delete. Zorg ervoor dat je dan geen belangrijke dingen hebt openstaan, want daarna boot de pc gelijk (Niet schrikken dus, is normaal

). Eenmaal opnieuw geboot, krijg je een .txt bestandje met wat er allemaal verholpen / delete is.

Post die log dan ook even hier als je besluit om ADWCleaner te draaien. Ben benieuwd wat er allemaal uitkomt.