Archief - Pop Up's!

TsD · 20 feb 2010

Hallo,

Heb sinds vandaag dus last van pop up's die af en toe zomaar verschijnen (dus niet als ik surf) Als ik in taakbeheer ga kijken zie ik dan MS0.exe en MS1.exe staan tussen de processen, geen idee of dit hier iets mee te maken heeft? Had deze afgesloten en gescant met Avast Antivirus en Ad-Aware, en dacht ervan af te zijn maar helaas...

Hierbij dus mijn Hijack This logje :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:31, on 20/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\Last.fm\LastFM.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rrofobacagayus] rundll32.exe "C:\Users\Remco\AppData\Local\nciciz.dll",Startup
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Users\Remco\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Remco\AppData\Local\Temp\Ms1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9986 bytes

Mvg,

Juisterr · 21 feb 2010

Download LopSD naar je Bureaublad

Kies Optie N en Enter
Klik OK bij het informatie venter
Kies Optie 2 (Fix + Hosts), en Enter
Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord

Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren”
Note:LopSD wordt door sommige virusscanners als virus gezien,deactiveer daarom je scanner

TsD · 21 feb 2010

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
BIOS : Ver 1.00 BIOS A04 PARTTBL"
USER : Remco ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:287 Go (Free:171 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
F:\ (Local Disk) - FAT32 - Total:931 Go (Free:754 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( zo 21/02/2010|16:34 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

Verwijderd ! - C:\Users\Remco\AppData\Local\Temp\nsk8FF0.tmp
Verwijderd ! - C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\Cookies\[email protected][1].txt
-
[ Hosts bestand ] .. Hersteld !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Beschrijving van mappen in Local

[25/02/2009|12:47] C:\Users\Remco\AppData\Local\Adobe
[04/07/2009|15:02] C:\Users\Remco\AppData\Local\Ahead
[14/01/2009|17:01] C:\Users\Remco\AppData\Local\Apple
[29/12/2009|22:07] C:\Users\Remco\AppData\Local\Apple Computer
[14/01/2009|15:27] C:\Users\Remco\AppData\Local\Application Data
[14/01/2009|15:32] C:\Users\Remco\AppData\Local\ATI
[18/01/2009|19:13] C:\Users\Remco\AppData\Local\Autodesk
[19/02/2010|18:03] C:\Users\Remco\AppData\Local\d3d9caps.dat
[14/01/2009|15:33] C:\Users\Remco\AppData\Local\DataSafeOnline
[21/02/2010|13:27] C:\Users\Remco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/01/2009|20:11] C:\Users\Remco\AppData\Local\DNA
[26/12/2009|23:50] C:\Users\Remco\AppData\Local\GDIPFONTCACHEV1.DAT
[14/01/2009|15:27] C:\Users\Remco\AppData\Local\Geschiedenis
[14/01/2009|19:16] C:\Users\Remco\AppData\Local\Google
[21/02/2010|09:56] C:\Users\Remco\AppData\Local\IconCache.db
[21/02/2010|12:44] C:\Users\Remco\AppData\Local\Last.fm
[03/08/2009|15:23] C:\Users\Remco\AppData\Local\MediaDirect
[12/11/2009|21:39] C:\Users\Remco\AppData\Local\Microsoft
[14/01/2009|15:54] C:\Users\Remco\AppData\Local\Mozilla
[01/01/2010|12:37] C:\Users\Remco\AppData\Local\Native Instruments
[21/01/2008|03:24] C:\Users\Remco\AppData\Local\nciciz.dll
[21/01/2009|17:47] C:\Users\Remco\AppData\Local\Oblivion
[15/01/2009|22:16] C:\Users\Remco\AppData\Local\Powercinema
[13/03/2009|19:30] C:\Users\Remco\AppData\Local\PunkBuster
[14/01/2009|15:59] C:\Users\Remco\AppData\Local\Stardock_Corporation
[14/01/2009|16:13] C:\Users\Remco\AppData\Local\SupportSoft
[21/02/2010|16:35] C:\Users\Remco\AppData\Local\Temp
[14/01/2009|15:27] C:\Users\Remco\AppData\Local\Temporary Internet Files
[15/01/2009|11:34] C:\Users\Remco\AppData\Local\VirtualStore
[5|bestand(en)] C:\Users\Remco\AppData\Local\bytes
[26|map(pen)] C:\Users\Remco\AppData\Local\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\Windows\Tasks

[21/02/2010 16:35][--ah-----] C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[21/02/2010 09:58][--ah-----] C:\Windows\tasks\SA.DAT
[21/02/2010 09:56][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Beschrijving van mappen in C:\ProgramData

[01/04/2009|17:15] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[01/01/2010|12:22] C:\ProgramData\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
[14/04/2009|17:16] C:\ProgramData\Adobe
[02/03/2009|21:16] C:\ProgramData\AppData
[14/01/2009|17:00] C:\ProgramData\Apple
[14/01/2009|17:02] C:\ProgramData\Apple Computer
[14/01/2009|15:23] C:\ProgramData\Application Data
[14/01/2009|15:32] C:\ProgramData\ATI
[21/01/2009|11:51] C:\ProgramData\Autodesk
[14/01/2009|15:23] C:\ProgramData\Bureaublad
[17/01/2009|16:40] C:\ProgramData\Creative
[15/01/2009|22:16] C:\ProgramData\CyberLink
[18/01/2009|19:08] C:\ProgramData\DAEMON Tools Lite
[14/01/2009|16:15] C:\ProgramData\Dell
[14/01/2009|15:23] C:\ProgramData\Documenten
[14/01/2009|15:23] C:\ProgramData\Favorieten
[23/02/2009|22:37] C:\ProgramData\FLEXnet
[16/08/2009|18:08] C:\ProgramData\FreeDownloadManager.ORG
[13/03/2009|19:26] C:\ProgramData\id Software
[10/01/2009|14:19] C:\ProgramData\InstallShield
[14/01/2009|18:58] C:\ProgramData\Last.fm
[15/01/2009|20:10] C:\ProgramData\Lavasoft
[14/01/2009|16:08] C:\ProgramData\McAfee
[14/01/2009|15:23] C:\ProgramData\Menu Start
[20/02/2009|16:37] C:\ProgramData\Microsoft
[16/08/2009|18:00] C:\ProgramData\NCH Swift Sound
[10/01/2009|14:32] C:\ProgramData\PC-Doctor
[10/01/2009|14:32] C:\ProgramData\PCDr
[24/06/2009|19:58] C:\ProgramData\Roxio
[14/01/2009|15:23] C:\ProgramData\Sjablonen
[10/01/2009|14:21] C:\ProgramData\Sonic
[15/01/2009|10:48] C:\ProgramData\Soulseek
[10/01/2009|14:32] C:\ProgramData\SupportSoft
[02/05/2009|15:45] C:\ProgramData\Syncrosoft
[10/01/2009|14:23] C:\ProgramData\Uninstall
[05/02/2009|11:09] C:\ProgramData\WindowsSearch
[0|bestand(en)] C:\ProgramData\bytes
[38|map(pen)] C:\ProgramData\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files

[14/04/2009|17:13] C:\Program Files\Adobe
[23/02/2009|16:22] C:\Program Files\Adobe Media Player
[04/07/2009|10:34] C:\Program Files\Ahead
[14/01/2009|16:11] C:\Program Files\Alwil Software
[14/01/2009|17:01] C:\Program Files\Apple Software Update
[10/01/2009|14:11] C:\Program Files\ATI Technologies
[18/01/2009|13:16] C:\Program Files\Audacity
[18/01/2009|19:20] C:\Program Files\AutoCAD 2008
[18/01/2009|19:11] C:\Program Files\Autodesk
[27/12/2009|00:09] C:\Program Files\AVSMedia
[21/01/2009|17:33] C:\Program Files\Bethesda Softworks
[15/01/2009|20:11] C:\Program Files\BitTorrent
[01/04/2009|17:04] C:\Program Files\Bonjour
[01/01/2010|12:13] C:\Program Files\Common Files
[27/12/2009|00:06] C:\Program Files\Corel
[10/01/2009|14:17] C:\Program Files\Creative
[10/01/2009|14:16] C:\Program Files\Creative Live! Cam
[10/01/2009|14:30] C:\Program Files\CyberLink
[18/01/2009|19:08] C:\Program Files\DAEMON Tools Lite
[10/01/2009|14:33] C:\Program Files\Dell
[29/07/2009|09:30] C:\Program Files\Dell DataSafe Online
[10/01/2009|14:32] C:\Program Files\Dell Support Center
[10/01/2009|14:19] C:\Program Files\Dell Video Chat
[10/01/2009|14:17] C:\Program Files\Dell Webcam
[10/01/2009|22:37] C:\Program Files\DellTPad
[15/01/2009|20:11] C:\Program Files\DNA
[26/01/2009|17:02] C:\Program Files\EPSON
[15/08/2008|12:45] C:\Program Files\EZHOME
[16/08/2009|18:09] C:\Program Files\Free Download Manager
[03/08/2009|15:23] C:\Program Files\GCH Guitar academy
[15/01/2009|20:16] C:\Program Files\GIMP-2.0
[14/01/2009|19:14] C:\Program Files\Google
[20/10/2009|17:25] C:\Program Files\Guitar Pro 5
[02/05/2009|22:01] C:\Program Files\IDT
[27/12/2009|00:06] C:\Program Files\InstallShield Installation Information
[02/05/2009|22:14] C:\Program Files\Intel
[16/10/2009|14:58] C:\Program Files\Internet Explorer
[01/04/2009|17:14] C:\Program Files\iPod
[01/04/2009|17:15] C:\Program Files\iTunes
[10/01/2009|14:03] C:\Program Files\Java
[17/04/2009|17:16] C:\Program Files\Last.fm
[15/01/2009|20:08] C:\Program Files\Lavasoft
[10/11/2009|17:39] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[18/01/2009|19:11] C:\Program Files\Microsoft Office
[11/06/2009|21:48] C:\Program Files\Microsoft Works
[20/01/2009|11:34] C:\Program Files\Mio Technology
[21/01/2008|03:35] C:\Program Files\Movie Maker
[19/02/2010|23:29] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[01/01/2010|12:26] C:\Program Files\Native Instruments
[17/08/2009|17:46] C:\Program Files\NCH Swift Sound
[15/08/2008|12:45] C:\Program Files\PLUG
[21/04/2009|18:34] C:\Program Files\Power Tab Software
[01/04/2009|17:13] C:\Program Files\QuickTime
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[15/01/2009|10:47] C:\Program Files\SoulseekNS
[17/08/2009|18:35] C:\Program Files\Steinberg
[17/08/2009|18:33] C:\Program Files\Syncrosoft
[08/03/2009|20:55] C:\Program Files\Teamspeak2_RC2
[20/08/2009|21:32] C:\Program Files\Toontrack
[07/09/2009|16:50] C:\Program Files\Transcribe!
[20/02/2010|16:51] C:\Program Files\Trend Micro
[26/04/2009|20:14] C:\Program Files\ubisoft
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[22/01/2009|14:37] C:\Program Files\Valve
[14/01/2009|23:26] C:\Program Files\VideoLAN
[02/05/2009|21:58] C:\Program Files\Vista Anti-Lag
[10/01/2009|14:04] C:\Program Files\WIDCOMM
[14/01/2009|18:00] C:\Program Files\Winamp
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[14/01/2009|16:45] C:\Program Files\Windows Live
[14/01/2009|16:44] C:\Program Files\Windows Live SkyDrive
[10/01/2009|22:30] C:\Program Files\Windows Mail
[26/12/2009|22:57] C:\Program Files\Windows Media Components
[15/08/2009|15:51] C:\Program Files\Windows Media Player
[14/01/2009|15:23] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[14/01/2009|21:11] C:\Program Files\WinRAR
[15/01/2009|10:36] C:\Program Files\XP Codec Pack
[02/05/2009|13:27] C:\Program Files\ZOOM
[0|bestand(en)] C:\Program Files\bytes
[87|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[14/04/2009|17:10] C:\Program Files\Common Files\Adobe
[23/02/2009|16:17] C:\Program Files\Common Files\Adobe AIR
[04/07/2009|10:34] C:\Program Files\Common Files\Ahead
[01/04/2009|17:14] C:\Program Files\Common Files\Apple
[18/01/2009|19:20] C:\Program Files\Common Files\Autodesk Shared
[27/12/2009|00:10] C:\Program Files\Common Files\AVSMedia
[18/01/2009|19:11] C:\Program Files\Common Files\Designer
[01/01/2010|12:13] C:\Program Files\Common Files\Digidesign
[18/01/2009|19:12] C:\Program Files\Common Files\InstallShield
[10/01/2009|14:02] C:\Program Files\Common Files\Java
[23/02/2009|23:20] C:\Program Files\Common Files\Macrovision Shared
[26/12/2009|22:53] C:\Program Files\Common Files\microsoft shared
[01/01/2010|12:26] C:\Program Files\Common Files\Native Instruments
[10/01/2009|14:17] C:\Program Files\Common Files\Reallusion
[04/07/2009|10:29] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[15/03/2009|19:28] C:\Program Files\Common Files\Steam
[10/01/2009|14:32] C:\Program Files\Common Files\supportsoft
[21/01/2008|03:35] C:\Program Files\Common Files\System
[14/01/2009|16:42] C:\Program Files\Common Files\Windows Live
[15/01/2009|20:08] C:\Program Files\Common Files\Wise Installation Wizard
[0|bestand(en)] C:\Program Files\Common Files\bytes
[24|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 81 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE

--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-21 16:35:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\Remco\AppData\Local\Temp\fla16E.tmp 97968 bytes
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\Users\Remco\AppData\Local\Temp\Temp1_womanwalked.zip\PJ Harvey & John Parish - A Woman A Man Walked By\10. Cracks In The Canvas.mp3
C:\Users\Remco\AppData\Roaming\BitTorrent\Virtual Dj Pro V6.0.1 + Crack [blaze69].torrent
C:\Users\Remco\AppData\Roaming\Microsoft\Windows\Recent\Crack the Skye.lnk
C:\Users\Remco\Downloads\AVS.Video.Editor_v3.1.1.93-FP\AVS Video Editor v3.1.1.93\Crack
C:\Users\Remco\Downloads\AVS.Video.Editor_v3.1.1.93-FP\AVS Video Editor v3.1.1.93\Crack\AVSAudioEditor.exe
C:\Users\Remco\Downloads\AVS.Video.Editor_v3.1.1.93-FP\AVS Video Editor v3.1.1.93\Crack\AVSVideoEditor.exe
C:\Users\Remco\Downloads\AVS.Video.Editor_v3.1.1.93-FP\AVS Video Editor v3.1.1.93\Crack\licence.reg
C:\Users\Remco\Downloads\AVS.Video.Editor_v3.1.1.93-FP\AVS Video Editor v3.1.1.93\Crack\RESURRECTiON.nfo

[F:26437][D:873]-> C:\Users\Remco\AppData\Local\Temp
[F:482][D:1]-> C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\Cookies
[F:16867][D:12]-> C:\Users\Remco\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:713][D:68]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - zo 21/02/2010|16:48 - Option : [2]

--------------------\\ Scan voltooid om 16:48:48
[ UAC => 1 ]

Resultaten van de log

Juisterr · 26 feb 2010

Mag ik een HijackThis logje ter controle en vertel gelijk even hoe het nu gaat.

TsD · 26 feb 2010

Alvast even zeggen dat -toen ik een Hijack This scan aan het doen was- ik de melding van Hijack This kreeg dat hij geen toegang kreeg tot de hosts file.

Hier is alvast mijn logje :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:09, on 20/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Last.fm\LastFM.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rrofobacagayus] rundll32.exe "C:\Users\Remco\AppData\Local\nciciz.dll",Startup
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Users\Remco\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Remco\AppData\Local\Temp\Ms1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10159 bytes

Nu kreeg ik enkele dagen sporadisch een melding van mijn virusscanner (Avast) en het ging hier over ms1.exe, bij het opstarten kreeg ik ze sowieso. Verwijderen met Avast lukt tijdelijk (?) maar +- 15 minuten later komt de melding terug. Zolang ik deze blijf verwijderen heb ik geen last van pop up's wel. Vandaag heb ik de melding niet gehad, geen pop up's maar bij het opstarten kreeg ik een foutmelding van een bepaalde dll (ncizis.dll, als ik het goed heb? niet 100% zeker, zal straks eens rebooten en het opschrijven anders?)

Als ik gewoon scan met Avast of Ad-aware vinden ze niks speciaal, al zitten rondkijken voor 'gekke' mappen maar niks tegen gekomen, dus nog niks verwijdert of wat dan ook dat die foutmelding kon veroorzaken...

Alvast bedankt voor de moeite!

Juisterr · 26 feb 2010

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord

TsD · 26 feb 2010

Voila, bij deze :

ComboFix 10-02-26.01 - Remco 26/02/2010 19:58:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3066.1697 [GMT 1:00]
Gestart vanuit: c:\users\Remco\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-300020477-217694769-1142071004-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Remco\AppData\Local\nciciz.dll
c:\windows\UA000106.DLL

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))))
.

2010-02-26 19:11 . 2010-02-26 19:15 -------- d-----w- c:\users\Remco\AppData\Local\temp
2010-02-26 19:11 . 2010-02-26 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-21 15:34 . 2010-02-21 15:48 -------- d-----w- C:\Lop SD
2010-02-21 15:23 . 2010-02-21 15:23 1215 ----a-w- c:\windows\unins000.dat
2010-02-21 15:23 . 2010-02-21 15:23 -------- d-----w- c:\users\Remco\AppData\Roaming\Flatcast
2010-02-21 15:23 . 2010-02-21 15:23 695578 ----a-w- c:\windows\unins000.exe
2010-02-21 15:23 . 2009-09-21 10:00 1447328 ----a-w- c:\users\Remco\AppData\Roaming\Flatcast\NpFv522.dll
2010-02-20 15:51 . 2010-02-20 15:51 -------- d-----w- c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 18:53 . 2009-01-10 13:06 1076 ----a-w- c:\windows\bthservsdp.dat
2010-02-26 16:31 . 2009-01-20 20:32 5430 ----a-w- c:\users\Remco\AppData\Roaming\wklnhst.dat
2010-02-25 16:57 . 2009-01-14 22:26 6944 ----a-w- c:\users\Remco\AppData\Local\d3d9caps.dat
2010-02-23 19:09 . 2009-01-15 19:11 -------- d-----w- c:\users\Remco\AppData\Roaming\BitTorrent
2010-02-23 18:29 . 2009-09-07 15:50 -------- d-----w- c:\program files\Transcribe!
2010-02-17 17:05 . 2009-07-29 08:25 8653312 ----a-w- c:\users\Remco\AppData\Roaming\DataSafeDotNet.exe
2010-02-17 17:05 . 2009-07-29 08:25 8653312 ----a-w- c:\users\Remco\AppData\Roaming\DataSafeDotNet.exe
2010-01-24 12:41 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat
2010-01-24 12:41 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat
2010-01-10 20:49 . 2009-01-14 17:00 -------- d-----w- c:\users\Remco\AppData\Roaming\Winamp
2010-01-01 11:26 . 2009-07-12 10:55 -------- d-----w- c:\program files\Native Instruments
2010-01-01 11:26 . 2009-07-12 10:56 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-01-01 11:22 . 2010-01-01 11:22 -------- dc-h--w- c:\programdata\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-01-01 11:13 . 2010-01-01 11:13 -------- d-----w- c:\program files\Common Files\Digidesign
2009-12-26 22:50 . 2009-01-14 14:28 109920 ----a-w- c:\users\Remco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-23 23:05 . 2009-12-23 23:05 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-03-28 23:16 . 2009-08-16 17:52 875144 ----a-w- c:\program files\EZX Cocktail Installer.msi
2006-03-28 22:59 . 2009-08-16 17:51 2270240 ----a-w- c:\program files\EZdrummer Installer.msi
2006-03-28 02:28 . 2009-08-16 17:52 1478196 ----a-w- c:\program files\PLUG.cab
2009-12-14 17:16 . 2009-01-14 15:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-10 13:17 . 2009-01-10 13:17 74 --sh--r- c:\windows\CT4CET.bin
2009-01-10 21:23 . 2009-01-10 21:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]

c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-03 08:44 323392 ----a-w- c:\users\Remco\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 14:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 18:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-08-15 21:03 4812664 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14/01/2009 16:11 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [2/05/2009 22:01 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14/01/2009 16:11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14/01/2009 16:11 53328]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 22:09 155648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [10/01/2009 14:04 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [10/01/2009 22:37 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [10/01/2009 22:37 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [26/06/2008 5:30 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [10/01/2009 22:37 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [10/01/2009 22:37 277440]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [18/01/2009 18:56 717296]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/01/2009 14:13 30192]
S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [2/05/2009 18:29 18432]
S3 ZMS2TC51TAudioSrv;ZOOM S2t C5.11t Audio Driver Service;c:\windows\System32\drivers\zms2c5au.sys [28/02/2008 5:15 81792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=6090110
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download alles met Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download met Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download selectie met Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video met Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\b2clsixo.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npbittorrent.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NpFv522.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv522.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Remco\AppData\Roaming\Flatcast\NpFv522.dll
FF - plugin: c:\users\Remco\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Rrofobacagayus - c:\users\Remco\AppData\Local\nciciz.dll
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AUninstaller.exe
AddRemove-Native Instruments - Rig Kontrol 3 Driver - c:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-26 20:15
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2010-02-26 20:18:28
ComboFix-quarantined-files.txt 2010-02-26 19:18

Pre-Run: 187.911.651.328 bytes beschikbaar
Post-Run: 191.254.724.608 bytes beschikbaar

- - End Of File - - FBC35B92DDA30B0610D2A53A7C74336F

TsD · 26 feb 2010

Net een reboot gedaan, geen meldingen van .dll's, geen waarschuwingen van Avast, geen pop up's...ik zou bijna durven zeggen dat het opgelost is!

Een hele dikke merci Juisterrr! 1 (virtuele) pint voor u!

Laat maar iets weten moest je iets in de log vinden

Mr Sinister · 26 feb 2010

ik heb hetzelfde probleem als remco maar die combofix is niet compatibel met x64

Juisterr · 1 mrt 2010

Graag gedaan hoor Tsd.

@Mr Sinister, inderdaad dat zal niet gaan werken. Je kan beter even een eigen topic plaatsen.

Archief - Pop Up's!

TsD

Legacy Member

Juisterr

Legacy Member

TsD

Legacy Member

Juisterr

Legacy Member

TsD

Legacy Member

Juisterr

Legacy Member

TsD

Legacy Member

TsD

Legacy Member

Mr Sinister

Legacy Member

Juisterr

Legacy Member