Ga naar inhoud

politievirus

haike24
 Delen

Aanbevolen berichten

haike24 Groentje

haike24

Geplaatst:
Geplaatst:

hallo allemaal,

ik heb gisteren kennisgemaakt met het (belgische) politievirus (ukash)

na allerlei scans,

eset online

en enkele malen malwarebytes wil iik weten of mijn pc terug vrij is van het virus, daar ik nu nog in de veilige modus zit.

dus wanneer is het veilig om terug op te starten in normale modus

hieronder mailware logje

Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400

www.malwarebytes.org

Databaseversie: v2012.10.12.07

Windows Vista Service Pack 2 x86 NTFS (Veilige modus/netwerkmogelijkheden)

Internet Explorer 9.0.8112.16421

Fsc Renew :: PC_VAN_FSCRENEW [administrator]

Realtime bescherming: Uitgeschakeld

13-10-2012 8:33:13

mbam-log-2012-10-13 (08-33-13).txt

Scantype: Flash-scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: Register | Bestanden en mappen | P2P

Objecten gescand: 145346

Verstreken tijd: 3 minuut/minuten, 3 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

hieronder het hijack this logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:44:18, on 13-10-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Fsc Renew\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

R3 - URLSearchHook: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Extreme Security - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0ECDDAE-6CED-4074-8F5D-15368F135EE5}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D7B778-AAEB-4C84-891F-A24A71F11E2B}: NameServer = 8.26.56.26,156.154.70.22

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe

--

End of file - 8964 bytes

bij voorbaat dank

katia

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

R3 - URLSearchHook: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: ZoneAlarm Extreme Security - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Start daarna de PC opnieuw op in normale modus. Dan zou het vervelende scherm van het politievirus moeten verdwenen zijn. Maak dan - in normale modus - nog een nieuw logje met HijackThis en hang dit - ter controle - in je volgende bericht.

Link naar reactie
Delen op andere sites
haike24 Groentje

haike24

Geplaatst:
  • Auteur
Geplaatst:
Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

R3 - URLSearchHook: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: ZoneAlarm Extreme Security - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: ZoneAlarm Extreme Security Toolbar - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\ZoneAlarm_Extreme_Security\prxtbZone.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Start daarna de PC opnieuw op in normale modus. Dan zou het vervelende scherm van het politievirus moeten verdwenen zijn. Maak dan - in normale modus - nog een nieuw logje met HijackThis en hang dit - ter controle - in je volgende bericht.

bedankt Kape,

dit is mijn vervolg file van hijackthis in de normale modus

zou je hier ook naar willen kijken BVD katia

Logfile of HijackThis v1.99.1

Scan saved at 13:56:57, on 13-10-2012

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0ECDDAE-6CED-4074-8F5D-15368F135EE5}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D7B778-AAEB-4C84-891F-A24A71F11E2B}: NameServer = 8.26.56.26,156.154.70.22

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
haike24 Groentje

haike24

Geplaatst:
  • Auteur
Geplaatst:
Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

nogmaals bedankt,

hieronder mijn logje van combofix

ComboFix 12-10-14.03 - Fsc Renew 14-10-2012 12:39:45.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1919.1040 [GMT 2:00]

Gestart vanuit: c:\users\Fsc Renew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRORCB8Q\ComboFix.exe

AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\animbigN.bmp

c:\windows\animsmalN.bmp

c:\windows\IsUn0413.exe

c:\windows\security\Database\tmp.edb

c:\windows\system32\DEBUG.log

c:\windows\system32\drivers\358897b5db95f52.sys

c:\windows\system32\muzapp.exe

c:\windows\system32\rnaph.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nvsvc

-------\Legacy_358897b5db95f52

-------\Service_358897b5db95f52

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))

.

.

2012-10-14 10:48 . 2012-10-14 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-13 17:51 . 2012-10-13 17:56 -------- d-----w- c:\users\Fsc Renew\AppData\Local\Spoon

2012-10-13 17:51 . 2012-10-13 17:51 -------- d-----w- c:\users\Fsc Renew\AppData\Local\Xenocode

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\Malwarebytes

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\programdata\Malwarebytes

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-12 20:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-12 19:34 . 2012-10-12 19:34 -------- d-----w- c:\program files\ESET

2012-10-12 18:11 . 2012-10-12 20:14 -------- d-----w- c:\programdata\qqeibkctojzjwzt

2012-10-12 15:25 . 2012-10-12 15:26 -------- d-----w- c:\program files\iLivid

2012-10-10 20:30 . 2012-10-10 20:30 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\eType

2012-09-25 09:01 . 2012-05-29 15:27 31584 ----a-w- c:\windows\system32\TURegOpt.exe

2012-09-25 09:01 . 2012-05-29 15:27 21344 ----a-w- c:\windows\system32\authuitu.dll

2012-09-25 09:00 . 2012-09-25 09:01 -------- d-----w- c:\program files\TuneUp Utilities 2012

2012-09-25 08:58 . 2012-09-25 08:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-09-25 06:57 . 2012-09-25 09:00 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\TuneUp Software

2012-09-25 06:56 . 2012-09-25 08:59 -------- d-----w- c:\program files\TuneUp Utilities 2013

2012-09-25 06:55 . 2012-09-25 09:00 -------- d-----w- c:\programdata\TuneUp Software

2012-09-25 06:55 . 2012-09-25 07:08 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-09-24 14:30 . 2012-09-24 14:30 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\RecoolTec

2012-09-24 14:25 . 2012-09-25 07:27 -------- d-----w- c:\program files\AviSynth 2.5

2012-09-24 14:25 . 2011-04-12 19:43 219136 ----a-w- c:\windows\system32\frvSource.ax

2012-09-24 14:25 . 2012-09-24 14:25 -------- d-----w- c:\program files\Recool SWF to HTML5 Converter

2012-09-24 14:20 . 2012-09-24 14:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-09-19 09:12 . 2012-09-19 09:13 -------- d-----w- c:\users\Fsc Renew\copy-movieClip-with-bitmapData-CS3

2012-09-17 06:17 . 2012-10-05 18:27 -------- d-----w- c:\windows\system32\WNLT

2012-09-17 06:17 . 2012-10-01 11:39 -------- d-----w- c:\windows\system32\ARFC

2012-09-17 06:17 . 2012-09-13 13:26 1006448 ----a-w- c:\windows\system32\dmwu.exe

2012-09-17 06:17 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll

2012-09-17 06:17 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-09-17 06:17 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-09-17 06:17 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll

2012-09-17 06:17 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll

2012-09-17 06:17 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll

2012-09-14 18:39 . 2012-09-14 18:39 -------- d-----w- c:\users\Fsc Renew\ultimatefontpack

2012-09-14 15:22 . 2012-09-14 15:22 -------- d-----w- c:\users\Fsc Renew\walt_disney

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-17 06:41 . 2012-04-13 11:48 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-17 06:41 . 2011-10-27 06:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]

"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]

.

c:\users\Fsc Renew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Spoon.net Console.lnk - c:\users\Fsc Renew\AppData\Local\Spoon\3.33.3.7\Spoon-Console.exe [2012-10-13 6930128]

Spoon.net Sandbox Manager 3.33.lnk - c:\users\Fsc Renew\AppData\Local\Spoon\3.33.3.7\Spoon-Sandbox-Native.exe [2012-10-13 348920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"Facebook Update"="c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED

"MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - AVGTP

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - TUNEUPUTILITIESDRV

*Deregistered* - eeCtrl

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000Core.job

- c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 10:00]

.

2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000UA.job

- c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 10:00]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:33]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:33]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000Core.job

- c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-01 05:00]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000UA.job

- c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-01 05:00]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://www.google.be/

mStart Page = hxxp://www.telenet.be

mWindow Title = Telenet Internet

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

TCP: Interfaces\{B0ECDDAE-6CED-4074-8F5D-15368F135EE5}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F2D7B778-AAEB-4C84-891F-A24A71F11E2B}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-86husiji3w - c:\users\Fsc Renew\86husiji3w.exe

AddRemove-Adobe_a68eec966ce913ddaa63251dc82ed31 - c:\program files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-14 14:52

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7fcf96b7-6c6a-4da8-b78c-8cde8189c2f5}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:10020054

"Dhcpv6State"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b0ecddae-6ced-4074-8f5d-15368f135ee5}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:125cd998

"Dhcpv6State"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c4a86fc8-d1e6-4919-8fc8-7373d07b741c}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0e000000

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f2d7b778-aaeb-4c84-891f-a24a71f11e2b}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0d001d92

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0e001422

"Dhcpv6State"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1696)

c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\ANIWConnService.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

c:\windows\system32\dmwu.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-14 15:00:29 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-14 13:00

.

Pre-Run: 29.652.844.544 bytes beschikbaar

Post-Run: 29.298.008.064 bytes beschikbaar

.

- - End Of File - - 89EBF77CCE7C11844D7D70B76F429F15

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\qqeibkctojzjwzt

c:\program files\iLivid

c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
haike24 Groentje

haike24

Geplaatst:
  • Auteur
Geplaatst:
Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\qqeibkctojzjwzt

c:\program files\iLivid

c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

hallo kape

hieronder het combofix bestand na dat ik je uitleg hierboven uitgevoerd heb

ComboFix 12-10-14.03 - Fsc Renew 14-10-2012 16:28:36.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1919.1094 [GMT 2:00]

Gestart vanuit: c:\users\Fsc Renew\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Fsc Renew\Desktop\CFScript.txt

AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\iLivid

c:\program files\iLivid\script.qscript

c:\program files\iLivid\script1.81.qscript

c:\program files\iLivid\VLC\activex\README.TXT

c:\program files\iLivid\VLC\activex\test.html

c:\program files\iLivid\VLC\AUTHORS.txt

c:\program files\iLivid\VLC\COPYING.txt

c:\program files\iLivid\VLC\http\.hosts

c:\program files\iLivid\VLC\http\dialogs\.hosts

c:\program files\iLivid\VLC\http\dialogs\browse

c:\program files\iLivid\VLC\http\dialogs\footer

c:\program files\iLivid\VLC\http\dialogs\input

c:\program files\iLivid\VLC\http\dialogs\main

c:\program files\iLivid\VLC\http\dialogs\mosaic

c:\program files\iLivid\VLC\http\dialogs\playlist

c:\program files\iLivid\VLC\http\dialogs\sout

c:\program files\iLivid\VLC\http\dialogs\vlm

c:\program files\iLivid\VLC\http\flash.html

c:\program files\iLivid\VLC\http\iehacks.css

c:\program files\iLivid\VLC\http\images\delete.png

c:\program files\iLivid\VLC\http\images\delete_small.png

c:\program files\iLivid\VLC\http\images\eject.png

c:\program files\iLivid\VLC\http\images\empty.png

c:\program files\iLivid\VLC\http\images\fullscreen.png

c:\program files\iLivid\VLC\http\images\help.png

c:\program files\iLivid\VLC\http\images\info.png

c:\program files\iLivid\VLC\http\images\loop.png

c:\program files\iLivid\VLC\http\images\minus.png

c:\program files\iLivid\VLC\http\images\next.png

c:\program files\iLivid\VLC\http\images\pause.png

c:\program files\iLivid\VLC\http\images\play.png

c:\program files\iLivid\VLC\http\images\playlist.png

c:\program files\iLivid\VLC\http\images\playlist_small.png

c:\program files\iLivid\VLC\http\images\plus.png

c:\program files\iLivid\VLC\http\images\prev.png

c:\program files\iLivid\VLC\http\images\refresh.png

c:\program files\iLivid\VLC\http\images\repeat.png

c:\program files\iLivid\VLC\http\images\sd.png

c:\program files\iLivid\VLC\http\images\shuffle.png

c:\program files\iLivid\VLC\http\images\slider_bar.png

c:\program files\iLivid\VLC\http\images\slider_left.png

c:\program files\iLivid\VLC\http\images\slider_point.png

c:\program files\iLivid\VLC\http\images\slider_right.png

c:\program files\iLivid\VLC\http\images\slow.png

c:\program files\iLivid\VLC\http\images\snapshot.png

c:\program files\iLivid\VLC\http\images\sort.png

c:\program files\iLivid\VLC\http\images\sout.png

c:\program files\iLivid\VLC\http\images\speaker.png

c:\program files\iLivid\VLC\http\images\speaker_mute.png

c:\program files\iLivid\VLC\http\images\stop.png

c:\program files\iLivid\VLC\http\images\vlc16x16.png

c:\program files\iLivid\VLC\http\images\volume_down.png

c:\program files\iLivid\VLC\http\images\volume_up.png

c:\program files\iLivid\VLC\http\images\white.png

c:\program files\iLivid\VLC\http\images\white_cross_small.png

c:\program files\iLivid\VLC\http\index.html

c:\program files\iLivid\VLC\http\mosaic.html

c:\program files\iLivid\VLC\http\requests\browse.xml

c:\program files\iLivid\VLC\http\requests\playlist.xml

c:\program files\iLivid\VLC\http\requests\readme.txt

c:\program files\iLivid\VLC\http\requests\status.xml

c:\program files\iLivid\VLC\http\requests\vlm.xml

c:\program files\iLivid\VLC\http\requests\vlm_cmd.xml

c:\program files\iLivid\VLC\http\style.css

c:\program files\iLivid\VLC\http\vlm.html

c:\program files\iLivid\VLC\http\vlm_export.html

c:\program files\iLivid\VLC\languages\bengali.nsh

c:\program files\iLivid\VLC\languages\brazilian_portuguese.nsh

c:\program files\iLivid\VLC\languages\bulgarian.nsh

c:\program files\iLivid\VLC\languages\catalan.nsh

c:\program files\iLivid\VLC\languages\danish.nsh

c:\program files\iLivid\VLC\languages\declaration.nsh

c:\program files\iLivid\VLC\languages\dutch.nsh

c:\program files\iLivid\VLC\languages\english.nsh

c:\program files\iLivid\VLC\languages\estonian.nsh

c:\program files\iLivid\VLC\languages\finnish.nsh

c:\program files\iLivid\VLC\languages\french.nsh

c:\program files\iLivid\VLC\languages\german.nsh

c:\program files\iLivid\VLC\languages\hungarian.nsh

c:\program files\iLivid\VLC\languages\italian.nsh

c:\program files\iLivid\VLC\languages\japanese.nsh

c:\program files\iLivid\VLC\languages\lithuanian.nsh

c:\program files\iLivid\VLC\languages\occitan.nsh

c:\program files\iLivid\VLC\languages\polish.nsh

c:\program files\iLivid\VLC\languages\punjabi.nsh

c:\program files\iLivid\VLC\languages\romanian.nsh

c:\program files\iLivid\VLC\languages\schinese.nsh

c:\program files\iLivid\VLC\languages\slovak.nsh

c:\program files\iLivid\VLC\languages\slovenian.nsh

c:\program files\iLivid\VLC\languages\sorani.nsh

c:\program files\iLivid\VLC\languages\spanish.nsh

c:\program files\iLivid\VLC\locale\ach\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\af\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\am\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ar\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ast\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\be\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\bg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\bn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\br\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ca\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\cgg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ckb\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\co\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\cs\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\da\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\de\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\el\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\en_GB\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\es\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\et\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\eu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ff\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fur\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ga\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\gl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\he\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hy\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\id\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\is\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\it\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ja\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ka\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\kk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\km\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ko\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lt\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lv\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\mk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ml\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\mn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ms\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\my\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nb\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ne\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\oc\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ps\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ro\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ru\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\si\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sq\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sv\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ta\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tet\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\th\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\uk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\vi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\wa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\lua\extensions\allocine-fr.lua

c:\program files\iLivid\VLC\lua\extensions\imdb.lua

c:\program files\iLivid\VLC\lua\extensions\README.txt

c:\program files\iLivid\VLC\lua\http\.hosts

c:\program files\iLivid\VLC\lua\http\custom.lua

c:\program files\iLivid\VLC\lua\http\dialogs\.hosts

c:\program files\iLivid\VLC\lua\http\dialogs\browse

c:\program files\iLivid\VLC\lua\http\dialogs\footer

c:\program files\iLivid\VLC\lua\http\dialogs\input

c:\program files\iLivid\VLC\lua\http\dialogs\main

c:\program files\iLivid\VLC\lua\http\dialogs\mosaic

c:\program files\iLivid\VLC\lua\http\dialogs\playlist

c:\program files\iLivid\VLC\lua\http\dialogs\sout

c:\program files\iLivid\VLC\lua\http\dialogs\vlm

c:\program files\iLivid\VLC\lua\http\flash.html

c:\program files\iLivid\VLC\lua\http\iehacks.css

c:\program files\iLivid\VLC\lua\http\images\delete.png

c:\program files\iLivid\VLC\lua\http\images\delete_small.png

c:\program files\iLivid\VLC\lua\http\images\eject.png

c:\program files\iLivid\VLC\lua\http\images\empty.png

c:\program files\iLivid\VLC\lua\http\images\fullscreen.png

c:\program files\iLivid\VLC\lua\http\images\help.png

c:\program files\iLivid\VLC\lua\http\images\info.png

c:\program files\iLivid\VLC\lua\http\images\loop.png

c:\program files\iLivid\VLC\lua\http\images\minus.png

c:\program files\iLivid\VLC\lua\http\images\next.png

c:\program files\iLivid\VLC\lua\http\images\pause.png

c:\program files\iLivid\VLC\lua\http\images\play.png

c:\program files\iLivid\VLC\lua\http\images\playlist.png

c:\program files\iLivid\VLC\lua\http\images\playlist_small.png

c:\program files\iLivid\VLC\lua\http\images\plus.png

c:\program files\iLivid\VLC\lua\http\images\prev.png

c:\program files\iLivid\VLC\lua\http\images\refresh.png

c:\program files\iLivid\VLC\lua\http\images\repeat.png

c:\program files\iLivid\VLC\lua\http\images\reset.png

c:\program files\iLivid\VLC\lua\http\images\sd.png

c:\program files\iLivid\VLC\lua\http\images\shuffle.png

c:\program files\iLivid\VLC\lua\http\images\slider_bar.png

c:\program files\iLivid\VLC\lua\http\images\slider_left.png

c:\program files\iLivid\VLC\lua\http\images\slider_point.png

c:\program files\iLivid\VLC\lua\http\images\slider_right.png

c:\program files\iLivid\VLC\lua\http\images\slow.png

c:\program files\iLivid\VLC\lua\http\images\snapshot.png

c:\program files\iLivid\VLC\lua\http\images\sort.png

c:\program files\iLivid\VLC\lua\http\images\sout.png

c:\program files\iLivid\VLC\lua\http\images\speaker.png

c:\program files\iLivid\VLC\lua\http\images\speaker_mute.png

c:\program files\iLivid\VLC\lua\http\images\stop.png

c:\program files\iLivid\VLC\lua\http\images\vlc16x16.png

c:\program files\iLivid\VLC\lua\http\images\volume_down.png

c:\program files\iLivid\VLC\lua\http\images\volume_up.png

c:\program files\iLivid\VLC\lua\http\images\white.png

c:\program files\iLivid\VLC\lua\http\images\white_cross_small.png

c:\program files\iLivid\VLC\lua\http\index.html

c:\program files\iLivid\VLC\lua\http\mosaic.html

c:\program files\iLivid\VLC\lua\http\requests\browse.xml

c:\program files\iLivid\VLC\lua\http\requests\playlist.xml

c:\program files\iLivid\VLC\lua\http\requests\readme.txt

c:\program files\iLivid\VLC\lua\http\requests\status.xml

c:\program files\iLivid\VLC\lua\http\requests\vlm.xml

c:\program files\iLivid\VLC\lua\http\requests\vlm_cmd.xml

c:\program files\iLivid\VLC\lua\http\style.css

c:\program files\iLivid\VLC\lua\http\vlm.html

c:\program files\iLivid\VLC\lua\http\vlm_export.html

c:\program files\iLivid\VLC\lua\intf\dummy.lua

c:\program files\iLivid\VLC\lua\intf\dumpmeta.lua

c:\program files\iLivid\VLC\lua\intf\hotkeys.lua

c:\program files\iLivid\VLC\lua\intf\http.lua

c:\program files\iLivid\VLC\lua\intf\luac.lua

c:\program files\iLivid\VLC\lua\intf\modules\common.lua

c:\program files\iLivid\VLC\lua\intf\modules\host.lua

c:\program files\iLivid\VLC\lua\intf\rc.lua

c:\program files\iLivid\VLC\lua\intf\README.txt

c:\program files\iLivid\VLC\lua\intf\telnet.lua

c:\program files\iLivid\VLC\lua\meta\art\01_googleimage.lua

c:\program files\iLivid\VLC\lua\meta\art\02_frenchtv.lua

c:\program files\iLivid\VLC\lua\meta\art\03_lastfm.lua

c:\program files\iLivid\VLC\lua\meta\art\04_musicbrainz.lua

c:\program files\iLivid\VLC\lua\meta\art\README.txt

c:\program files\iLivid\VLC\lua\meta\fetcher\README.txt

c:\program files\iLivid\VLC\lua\meta\fetcher\tvrage.lua

c:\program files\iLivid\VLC\lua\meta\reader\filename.lua

c:\program files\iLivid\VLC\lua\meta\reader\README.txt

c:\program files\iLivid\VLC\lua\modules\sandbox.lua

c:\program files\iLivid\VLC\lua\modules\simplexml.lua

c:\program files\iLivid\VLC\lua\playlist\anevia_streams.lua

c:\program files\iLivid\VLC\lua\playlist\anevia_xml.lua

c:\program files\iLivid\VLC\lua\playlist\appletrailers.lua

c:\program files\iLivid\VLC\lua\playlist\bbc_co_uk.lua

c:\program files\iLivid\VLC\lua\playlist\break.lua

c:\program files\iLivid\VLC\lua\playlist\canalplus.lua

c:\program files\iLivid\VLC\lua\playlist\cue.lua

c:\program files\iLivid\VLC\lua\playlist\dailymotion.lua

c:\program files\iLivid\VLC\lua\playlist\france2.lua

c:\program files\iLivid\VLC\lua\playlist\googlevideo.lua

c:\program files\iLivid\VLC\lua\playlist\jamendo.lua

c:\program files\iLivid\VLC\lua\playlist\joox.lua

c:\program files\iLivid\VLC\lua\playlist\katsomo.lua

c:\program files\iLivid\VLC\lua\playlist\koreus.lua

c:\program files\iLivid\VLC\lua\playlist\lelombrik.lua

c:\program files\iLivid\VLC\lua\playlist\megavideo.lua

c:\program files\iLivid\VLC\lua\playlist\metacafe.lua

c:\program files\iLivid\VLC\lua\playlist\metachannels.lua

c:\program files\iLivid\VLC\lua\playlist\mpora.lua

c:\program files\iLivid\VLC\lua\playlist\pinkbike.lua

c:\program files\iLivid\VLC\lua\playlist\README.txt

c:\program files\iLivid\VLC\lua\playlist\rockbox_fm_presets.lua

c:\program files\iLivid\VLC\lua\playlist\vimeo.lua

c:\program files\iLivid\VLC\lua\playlist\youtube.lua

c:\program files\iLivid\VLC\lua\playlist\youtube_homepage.lua

c:\program files\iLivid\VLC\lua\README.txt

c:\program files\iLivid\VLC\lua\sd\fmc.lua

c:\program files\iLivid\VLC\lua\sd\freebox.lua

c:\program files\iLivid\VLC\lua\sd\icecast.lua

c:\program files\iLivid\VLC\lua\sd\jamendo.lua

c:\program files\iLivid\VLC\lua\sd\metachannels.lua

c:\program files\iLivid\VLC\lua\sd\README.txt

c:\program files\iLivid\VLC\NEWS.txt

c:\program files\iLivid\VLC\NSIS\UAC.nsh

c:\program files\iLivid\VLC\osdmenu\default\selected\bw.png

c:\program files\iLivid\VLC\osdmenu\default\selected\esc.png

c:\program files\iLivid\VLC\osdmenu\default\selected\fw.png

c:\program files\iLivid\VLC\osdmenu\default\selected\next.png

c:\program files\iLivid\VLC\osdmenu\default\selected\play_pause.png

c:\program files\iLivid\VLC\osdmenu\default\selected\previous.png

c:\program files\iLivid\VLC\osdmenu\default\selected\stop.png

c:\program files\iLivid\VLC\osdmenu\default\selected\volume.png

c:\program files\iLivid\VLC\osdmenu\default\selection\bw.png

c:\program files\iLivid\VLC\osdmenu\default\selection\esc.png

c:\program files\iLivid\VLC\osdmenu\default\selection\fw.png

c:\program files\iLivid\VLC\osdmenu\default\selection\next.png

c:\program files\iLivid\VLC\osdmenu\default\selection\play_pause.png

c:\program files\iLivid\VLC\osdmenu\default\selection\previous.png

c:\program files\iLivid\VLC\osdmenu\default\selection\stop.png

c:\program files\iLivid\VLC\osdmenu\default\selection\volume.png

c:\program files\iLivid\VLC\osdmenu\default\unselected.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_00.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_01.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_02.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_03.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_04.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_05.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_06.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_07.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_08.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_09.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_10.png

c:\program files\iLivid\VLC\plugins\plugins-04041e-3e8.dat

c:\program files\iLivid\VLC\README.txt

c:\program files\iLivid\VLC\sdk\include\vlc\deprecated.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_events.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_discoverer.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_library.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list_player.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_player.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_structures.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_version.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_vlm.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_access.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_acl.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout_mixer.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_arrays.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_art_finder.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_avcodec.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_bits.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block_helper.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_charset.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_codec.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_common.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config_cat.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_configuration.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_cpu.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_demux.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_dialog.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_epg.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es_out.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_events.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_filter.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fourcc.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fs.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_gcrypt.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_http.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_httpd.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_image.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_inhibit.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input_item.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_main.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_md5.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_messages.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_meta.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_modules.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mouse.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mtime.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_objects.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_fifo.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_pool.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_playlist.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_plugin.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_probe.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_rand.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sql.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_stream.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_strings.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_subpicture.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_threads.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_url.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_variables.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_video_splitter.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vlm.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_display.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_opengl.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_window.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xlib.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xml.h

c:\program files\iLivid\VLC\sdk\include\vlc\vlc.h

c:\program files\iLivid\VLC\sdk\lib\libvlc.dll.a

c:\program files\iLivid\VLC\sdk\lib\libvlc.la

c:\program files\iLivid\VLC\sdk\lib\libvlccore.dll.a

c:\program files\iLivid\VLC\sdk\lib\libvlccore.la

c:\program files\iLivid\VLC\sdk\lib\pkgconfig\libvlc.pc

c:\program files\iLivid\VLC\sdk\lib\pkgconfig\vlc-plugin.pc

c:\program files\iLivid\VLC\skins\default.vlt

c:\program files\iLivid\VLC\skins\skin.catalog

c:\program files\iLivid\VLC\skins\skin.dtd

c:\program files\iLivid\VLC\THANKS.txt

c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

c:\programdata\qqeibkctojzjwzt

c:\programdata\qqeibkctojzjwzt\be-flag.png

c:\programdata\qqeibkctojzjwzt\be-image.png

c:\programdata\qqeibkctojzjwzt\btn-green.png

c:\programdata\qqeibkctojzjwzt\corners-btn.png

c:\programdata\qqeibkctojzjwzt\corners1.png

c:\programdata\qqeibkctojzjwzt\corners2.png

c:\programdata\qqeibkctojzjwzt\corners3.png

c:\programdata\qqeibkctojzjwzt\corners4.png

c:\programdata\qqeibkctojzjwzt\ie6-7.css

c:\programdata\qqeibkctojzjwzt\McAfee.png

c:\programdata\qqeibkctojzjwzt\pays-be.png

c:\programdata\qqeibkctojzjwzt\steps-be.png

c:\programdata\qqeibkctojzjwzt\steps-en.png

c:\programdata\qqeibkctojzjwzt\steps-nl.png

c:\programdata\qqeibkctojzjwzt\style.css

c:\programdata\qqeibkctojzjwzt\tabs.png

c:\programdata\qqeibkctojzjwzt\wait.html

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))

.

.

2012-10-14 14:39 . 2012-10-14 14:39 -------- d-----w- c:\users\Fsc Renew\AppData\Local\temp

2012-10-14 14:39 . 2012-10-14 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-13 17:51 . 2012-10-13 17:56 -------- d-----w- c:\users\Fsc Renew\AppData\Local\Spoon

2012-10-13 17:51 . 2012-10-13 17:51 -------- d-----w- c:\users\Fsc Renew\AppData\Local\Xenocode

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\Malwarebytes

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\programdata\Malwarebytes

2012-10-12 20:58 . 2012-10-12 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-12 20:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-12 19:34 . 2012-10-12 19:34 -------- d-----w- c:\program files\ESET

2012-10-10 20:30 . 2012-10-10 20:30 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\eType

2012-09-25 09:01 . 2012-05-29 15:27 31584 ----a-w- c:\windows\system32\TURegOpt.exe

2012-09-25 09:01 . 2012-05-29 15:27 21344 ----a-w- c:\windows\system32\authuitu.dll

2012-09-25 09:00 . 2012-09-25 09:01 -------- d-----w- c:\program files\TuneUp Utilities 2012

2012-09-25 08:58 . 2012-09-25 08:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-09-25 06:57 . 2012-09-25 09:00 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\TuneUp Software

2012-09-25 06:56 . 2012-09-25 08:59 -------- d-----w- c:\program files\TuneUp Utilities 2013

2012-09-25 06:55 . 2012-09-25 09:00 -------- d-----w- c:\programdata\TuneUp Software

2012-09-24 14:30 . 2012-09-24 14:30 -------- d-----w- c:\users\Fsc Renew\AppData\Roaming\RecoolTec

2012-09-24 14:25 . 2012-09-25 07:27 -------- d-----w- c:\program files\AviSynth 2.5

2012-09-24 14:25 . 2011-04-12 19:43 219136 ----a-w- c:\windows\system32\frvSource.ax

2012-09-24 14:25 . 2012-09-24 14:25 -------- d-----w- c:\program files\Recool SWF to HTML5 Converter

2012-09-24 14:20 . 2012-09-24 14:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-09-19 09:12 . 2012-09-19 09:13 -------- d-----w- c:\users\Fsc Renew\copy-movieClip-with-bitmapData-CS3

2012-09-17 06:17 . 2012-10-05 18:27 -------- d-----w- c:\windows\system32\WNLT

2012-09-17 06:17 . 2012-10-01 11:39 -------- d-----w- c:\windows\system32\ARFC

2012-09-17 06:17 . 2012-09-13 13:26 1006448 ----a-w- c:\windows\system32\dmwu.exe

2012-09-17 06:17 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll

2012-09-17 06:17 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-09-17 06:17 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-09-17 06:17 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll

2012-09-17 06:17 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll

2012-09-17 06:17 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll

2012-09-14 18:39 . 2012-09-14 18:39 -------- d-----w- c:\users\Fsc Renew\ultimatefontpack

2012-09-14 15:22 . 2012-09-14 15:22 -------- d-----w- c:\users\Fsc Renew\walt_disney

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-17 06:41 . 2012-04-13 11:48 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-17 06:41 . 2011-10-27 06:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fsc Renew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]

"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]

.

c:\users\Fsc Renew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Spoon.net Console.lnk - c:\users\Fsc Renew\AppData\Local\Spoon\3.33.3.7\Spoon-Console.exe [2012-10-13 6930128]

Spoon.net Sandbox Manager 3.33.lnk - c:\users\Fsc Renew\AppData\Local\Spoon\3.33.3.7\Spoon-Sandbox-Native.exe [2012-10-13 348920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"Facebook Update"="c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED

"MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - AVGTP

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - TUNEUPUTILITIESDRV

*Deregistered* - eeCtrl

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000Core.job

- c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 10:00]

.

2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000UA.job

- c:\users\Fsc Renew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 10:00]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:33]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:33]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000Core.job

- c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-01 05:00]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478391444-495470778-2787323053-1000UA.job

- c:\users\Fsc Renew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-01 05:00]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://www.google.be/

mStart Page = hxxp://www.telenet.be

mWindow Title = Telenet Internet

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

TCP: Interfaces\{B0ECDDAE-6CED-4074-8F5D-15368F135EE5}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F2D7B778-AAEB-4C84-891F-A24A71F11E2B}: NameServer = 8.26.56.26,156.154.70.22

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-14 16:39

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-10-14 16:42:30

ComboFix-quarantined-files.txt 2012-10-14 14:42

ComboFix2.txt 2012-10-14 13:00

.

Pre-Run: 29.470.019.584 bytes beschikbaar

Post-Run: 29.463.941.120 bytes beschikbaar

.

- - End Of File - - 28C95636F88CAD91497E65CBAA56E6E9

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Vista : via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.