Archief - Pop-up bij openen Firefox

Telkens wanneer ik Firefox open krijg ik een doorschijnende pop-up van searchdiscovered.com, en hij gaat niet weg.
Hier een screenshot
ImageShack® - Online Photo and Video Hosting

Deze programma's heb ik al laten scannen zonder succes:
Avast
Windows Defender
cwshredder
SuperAntiSpyware
Malwarebyte's Anti-Malware
StopZilla

Hier een log van HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:42:47, on 28/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programs\Internet Download Manager\idman.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
D:\Programs\Internet Download Manager\IEMonitor.exe
D:\Security\Stopzilla\STOPzilla.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Users\Erwin\Downloads\HijackThis.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programs\Internet Download Manager\IDMIECC.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll (file missing)
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISPMonitor] D:\Users\Erwin\Downloads\isp.exe
O4 - HKCU\..\Run: [IDMan] D:\Programs\Internet Download Manager\idman.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Security\SuperAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download alle links met IDM - D:\Programs\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download met IDM - D:\Programs\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Security\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Programs\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12039 bytes

Hier een log van Combofix

ComboFix 11-08-28.01 - Erwin 28/08/2011 20:07:46.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.4094.2241 [GMT 2:00]
Gestart vanuit: D:\Users\Erwin\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Erwin\AppData\Roaming\inst.exe
C:\Users\Erwin\AppData\Roaming\pcouffin.sys
C:\Windows\iun6002.exe


(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-28 ))))))))))))))))))))))))))))))


2011-08-28 18:13:50 . 2011-08-28 18:13:50 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-08-28 15:15:48 . 1995-01-29 22:00:00 92208 ----a-w- C:\Windows\SysWow64\WING.DLL
2011-08-28 15:15:48 . 1994-09-20 22:00:00 12800 ----a-w- C:\Windows\SysWow64\WING32.DLL
2011-08-28 09:38:21 . 2011-08-28 09:38:21 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-08-28 09:38:20 . 2011-08-28 18:16:10 -------- d-----w- C:\ProgramData\STOPzilla!
2011-08-28 09:34:22 . 2011-08-28 09:34:22 -------- d-----w- C:\Users\Erwin\AppData\Roaming\SUPERAntiSpyware.com
2011-08-28 09:33:49 . 2011-08-28 10:11:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-28 09:33:49 . 2011-08-28 09:33:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-25 15:58:20 . 2011-08-25 15:58:20 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-08-25 15:58:20 . 2011-08-25 15:58:20 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-08-25 15:58:20 . 2011-08-25 15:58:20 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 99792 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 456144 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 398800 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-08-25 15:58:18 . 2011-08-25 15:58:18 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-08-25 15:58:16 . 2011-08-25 15:58:16 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-08-25 15:58:16 . 2011-08-25 15:58:16 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-08-25 15:58:16 . 2011-08-25 15:58:16 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-08-24 07:03:35 . 2011-07-09 05:26:20 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-08-24 07:03:35 . 2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-19 18:02:29 . 2011-08-28 10:11:34 -------- d-----w- C:\Program Files (x86)\Megaupload
2011-08-11 04:49:00 . 2011-06-15 10:02:23 212992 ----a-w- C:\Windows\system32\odbctrac.dll
2011-08-11 04:49:00 . 2011-06-15 10:02:23 163840 ----a-w- C:\Windows\system32\odbccp32.dll
2011-08-11 04:49:00 . 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\system32\odbccu32.dll
2011-08-11 04:49:00 . 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\system32\odbccr32.dll
2011-08-11 04:49:00 . 2011-06-15 09:59:53 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2011-08-11 04:49:00 . 2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-08-11 04:49:00 . 2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-08-11 04:49:00 . 2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-08-11 04:49:00 . 2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-08-11 04:49:00 . 2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-08-11 04:49:00 . 2011-06-15 08:54:35 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-07 12:02:59 . 2011-06-02 09:03:58 92264 ----a-w- C:\Windows\system32\RCoInst64.dll
2011-08-07 12:00:20 . 2005-11-13 21:19:18 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-07 11:56:37 . 2011-08-07 11:56:37 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-07 11:40:41 . 2011-08-28 10:19:25 -------- d-----w- C:\Users\UpdatusUser
2011-08-07 11:39:15 . 2011-07-23 18:57:00 980072 ----a-w- C:\Windows\system32\nvvsvc.exe
2011-08-07 11:39:15 . 2011-07-23 18:57:00 836200 ----a-w- C:\Windows\system32\easyupdatusapiu64.dll
2011-08-07 11:39:15 . 2011-07-23 18:57:00 61544 ----a-w- C:\Windows\system32\nvshext.dll
2011-08-07 11:39:15 . 2011-07-23 18:57:00 6136936 ----a-w- C:\Windows\system32\nvcpl.dll
2011-08-07 11:39:15 . 2011-07-23 18:57:00 3021416 ----a-w- C:\Windows\system32\nvsvc64.dll
2011-08-07 11:39:15 . 2011-07-23 18:57:00 117864 ----a-w- C:\Windows\system32\nvmctray.dll
2011-08-05 07:40:27 . 2011-08-05 07:40:27 -------- d-----w- C:\Windows\nl
2011-08-05 07:36:52 . 2011-08-05 07:36:52 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\718696791cc534201\MeshBetaRemover.exe
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-26 14:52:44 . 2010-02-25 11:21:31 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-26 14:52:44 . 2010-02-25 11:17:50 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-08-26 14:51:28 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-08-12 04:10:01 . 2011-08-26 08:00:32 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0626EBC2-07C6-4FCB-994E-200FAF090FD6}\mpengine.dll
2011-08-05 07:38:16 . 2010-06-24 09:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-23 05:41:06 . 2011-07-23 05:41:06 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-07-18 19:31:24 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex9
2011-07-18 19:24:59 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex7
2011-07-18 19:22:26 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex6
2011-07-18 19:15:38 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex4
2011-07-18 19:12:25 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex3
2011-07-18 19:06:02 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex1
2011-07-18 19:02:55 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex8
2011-07-18 19:02:55 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex5
2011-07-18 19:02:55 . 2010-02-25 11:17:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex2
2011-07-16 04:26:00 . 2011-08-11 04:48:50 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-06 15:14:42 . 2011-07-18 13:25:25 145008 ----a-w- C:\Windows\system32\drivers\idmwfp.sys
2011-07-04 11:43:53 . 2010-08-25 15:24:38 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:43:51 . 2010-08-25 15:24:38 199304 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2011-07-04 11:43:42 . 2011-01-20 13:26:41 253888 ----a-w- C:\Windows\system32\aswBoot.exe
2011-07-04 11:36:56 . 2011-06-29 11:45:04 600920 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-07-04 11:36:54 . 2010-08-25 15:25:08 288088 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-07-04 11:35:28 . 2010-08-25 15:25:05 45400 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-07-04 11:32:35 . 2010-08-25 15:25:06 31064 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-07-04 11:32:24 . 2010-08-25 15:25:01 64856 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32:14 . 2010-08-25 15:25:08 22360 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-06-19 07:01:23 . 2011-06-19 07:01:23 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 . 2011-07-13 07:28:54 3137536 ----a-w- C:\Windows\system32\win32k.sys
2011-06-02 10:58:28 . 2011-06-02 10:58:28 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
2011-06-02 10:58:28 . 2011-06-02 10:58:28 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]
"ISPMonitor"="D:\Users\Erwin\Downloads\isp.exe" [2011-02-08 20:56:22 418304]
"IDMan"="D:\Programs\Internet Download Manager\idman.exe" [2011-07-18 06:11:22 3405208]
"SUPERAntiSpyware"="D:\Security\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 21:37:36 5471104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 15:46:10 1159168]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 09:26:54 114688]
"AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 05:58:34 611712]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2007-06-29 04:24:52 286720]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 10:59:52 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R0 is3srv;is3srv;C:\Windows\SySWOW64\drivers\is3srv64.sys [2011-06-02 10:58:28 74768]
R2 ATE_PROCMON;ATE_PROCMON;D:\Security\Anti Trojan Elite\ATEPMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 20:52:13 136176]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x]
R3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [x]
R3 DroidCam;DroidCam Virtual Audio;C:\Windows\system32\drivers\droidcam.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-21 18:09:06 1038088]
R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 20:52:13 136176]
R3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 06:51:28 16392]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S0 szkg5;szkg5;C:\Windows\SySWOW64\DRIVERS\szkg64.sys [2011-06-02 10:58:28 74768]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;D:\Security\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;D:\Security\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;D:\Security\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [x]
S2 ISPMonitorSrv;ISP Monitor;C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe [2008-06-09 22:06:30 36864]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 20:23:02 223088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-23 18:57:00 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-07-26 15:07:24 379496]
S2 TomTomHOMEService;TomTomHOMEService;D:\Programs\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 12:30:08 92592]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 00:43:00 14648]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


Inhoud van de 'Gedeelde Taken' map

2011-08-28 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 20:52:17 . 2010-05-08 20:52:13]

2011-08-27 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 20:52:17 . 2010-05-08 20:52:13]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43:42 134384 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50:32 22408 ----a-w- D:\Programs\Internet Download Manager\IDMShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 05:08:56 11860072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download alle links met IDM - D:\Programs\Internet Download Manager\IEGetAll.htm
IE: Download met IDM - D:\Programs\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

- - - - ORPHANS VERWIJDERD - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-CoreAAC Audio Decoder - C:\Windows\system32\CoreAAC-uninstall.exe
AddRemove-ISPMonitor - C:\Windows\iun6002.exe





Iemand een idee wat ik kan doen ?
Dit probleem komt ook alleen maar voor bij Firefox, Internet explorer kan ik normaal gebruiken.


Alvast bedankt.

Ik kan helemaal niet terug vinden dat je Firefox gebruikt ?

Raar, ik gebruik firefox al jaren.

Gezien de drakkar op je profielfoto, maak je gebruik van FireViking? dan even pc herstarten en 't is opgelost, is helaas mijn schuld.

Bram

ps: meer informatie omtrent FireViking, de updates, en akkefietjes zoals dit vind je op de facebookpagina: http://www.facebook.com/pages/FireViking/141390895952996

Hey Bram,
Ik gebruik inderdaad fireviking maar de pc herstarten heeft niets opgelost.

Ondertussen heb ik met Mozbackup een restore van firefox gedaan, en voorlopig is de pop-up verdwenen.

kawadude zei:

Hey Bram,
Ik gebruik inderdaad fireviking maar de pc herstarten heeft niets opgelost.

Ondertussen heb ik met Mozbackup een restore van firefox gedaan, en voorlopig is de pop-up verdwenen.

Klik om te vergroten...

wel, hoogst waarschijnlijk is je DNS niet aangepast,

als je http://b12e.be probeert te openen, wat zie je dan? als je een webpagina ziet ben je terug kwetsbaar voor het probleem, als je een foutmelding krijgt (pagina kan niet geladen worden) dan is het opgelost.

Ik heb m'n hosting niet kunnen betalen waardoor er een landingpage kwam op het nieuwsgedeelte dat je startpagina hijackte. heb de DNS aangepast en normaal gezien is deze intussen geupdated.

als je nog een webpagina ziet, draai dan cmd.exe als administrator, en typ dan het volgende:

ipconfig /flushdns

dat zou je dns cache moeten leegmaken en dan is het opgelost.

zoiezo was Fireviking de oorzaak van het probleem.

Als ik de webpagina open dan krijg ik een foutmelding.
Dus dan zal het probleem opgelost zijn.

Bedankt voor de reactie.


@ mod
Hier mag een slotje op.