Ga naar inhoud

Chrome opent ongewild tabbladen

woonschip
 Delen

Aanbevolen berichten

woonschip Groentje

woonschip

Geplaatst:
Geplaatst:

Goedenavond,

Ik denk dat wat vervelende spy- en/of malware binnengehaald heb, sindsdien opent Chrome allerlei tabbladen.

Na raadpleging van dit forum heb ik vast RSIT laten draaien.

Is er iemand die me verder kan/wil helpen??

M. vr. groet,

Arie

Logfile of random's system information tool 1.09 (written by random/random)

Run by DIRECTION at 2013-12-30 19:57:25

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 82 GB (73%) free of 111 GB

Total RAM: 1766 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:57:51, on 30/12/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AppleOSSMgr.exe

C:\WINDOWS\system32\AppleTimeSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

c:\program files\teamviewer\version9\TeamViewer.exe

C:\Program Files\TeamViewer\Version9\tv_w32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

c:\program files\teamviewer\version9\TeamViewer_Desktop.exe

C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Bureau\RSIT.exe

C:\Program Files\trend micro\DIRECTION.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: ST_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll

O2 - BHO: ST_France - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: ST_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300

O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/301

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Download Video - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300 (file missing)

O9 - Extra 'Tools' menuitem: Download video on this page - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300 (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe

O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\WINDOWS\system32\AppleTimeSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OKI OPHI DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHILDCS.EXE

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--

End of file - 8836 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\avast! Emergency Update.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1060284298-1801674531-1004Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1060284298-1801674531-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

ST_France Toolbar - C:\Program Files\Softonic_France\prxtbSof0.dll [2013-07-17 226592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-20 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-20 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{4daac69c-cba7-45e2-9bc8-1044483d3352} - ST_France Toolbar - C:\Program Files\Softonic_France\prxtbSof0.dll [2013-07-17 226592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Apple_KbdMgr"=C:\Program Files\Boot Camp\Bootcamp.exe [2010-11-11 525112]

"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-05-09 4858968]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-05 13799424]

"nwiz"=nwiz.exe /installquiet []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-05 86016]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-01-15 18723104]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2013-03-12 253816]

"APSDaemon"=C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\LMI98.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI98.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\Imoresea\Imointer\IMinet.exe"="C:\Imoresea\Imointer\IMinet.exe:*:Enabled:Transferts de biens"

"C:\WINDOWS\LMIE8.tmp\lmi_rescue.exe"="C:\WINDOWS\LMIE8.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\WINDOWS\LMI54.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI54.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\WINDOWS\LMI2A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI2A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\VuuPC\RemoteEngine.exe"="C:\Program Files\VuuPC\RemoteEngine.exe:*:Enabled:VuuPC Remote Engine"

"C:\Program Files\VuuPC\Connectivity.exe"="C:\Program Files\VuuPC\Connectivity.exe:*:Enabled:VuuPC Connectivity"

"C:\Program Files\TeamViewer\Version9\TeamViewer.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-30 19:57:26 ----D---- C:\Program Files\trend micro

2013-12-30 19:57:25 ----D---- C:\rsit

2013-12-30 15:48:02 ----D---- C:\Documents and Settings\DIRECTION\Application Data\Malwarebytes

2013-12-30 15:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2013-12-30 15:47:45 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2013-12-30 15:47:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-12-30 13:53:08 ----D---- C:\WINDOWS\ERUNT

2013-12-30 13:38:47 ----D---- C:\Program Files\Enigma Software Group

2013-12-30 13:38:01 ----D---- C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP

2013-12-30 12:33:12 ----D---- C:\Program Files\TeamViewer

2013-12-21 14:33:57 ----D---- C:\Documents and Settings\DIRECTION\Application Data\RDP6

2013-12-17 20:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$

2013-12-17 20:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2898785$

2013-12-17 20:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$

2013-12-17 20:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$

2013-12-17 20:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$

2013-12-17 20:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$

======List of files/folders modified in the last 1 month======

2013-12-30 19:57:27 ----D---- C:\WINDOWS\Prefetch

2013-12-30 19:57:26 ----RD---- C:\Program Files

2013-12-30 19:44:45 ----D---- C:\WINDOWS\Temp

2013-12-30 19:41:02 ----D---- C:\WINDOWS

2013-12-30 18:42:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-12-30 16:58:11 ----A---- C:\_APLog.txt

2013-12-30 16:57:33 ----D---- C:\WINDOWS\system32\drivers

2013-12-30 16:56:51 ----D---- C:\WINDOWS\system32\CatRoot2

2013-12-30 16:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

2013-12-30 16:55:13 ----D---- C:\Program Files\Softonic_France

2013-12-30 15:31:28 ----SHD---- C:\WINDOWS\Installer

2013-12-30 15:31:28 ----SD---- C:\Documents and Settings\DIRECTION\Application Data\Microsoft

2013-12-30 15:31:24 ----D---- C:\WINDOWS\system32

2013-12-30 14:40:26 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2013-12-30 14:40:22 ----D---- C:\Program Files\Corel

2013-12-30 14:32:27 ----HD---- C:\WINDOWS\inf

2013-12-30 14:02:24 ----SD---- C:\WINDOWS\Tasks

2013-12-30 13:54:08 ----D---- C:\Program Files\Fichiers communs

2013-12-30 12:33:37 ----RSD---- C:\WINDOWS\Fonts

2013-12-21 14:48:25 ----D---- C:\Program Files\Google

2013-12-21 14:34:19 ----D---- C:\tmprdp

2013-12-17 20:07:09 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-12-17 20:07:02 ----A---- C:\WINDOWS\imsins.BAK

2013-12-17 20:05:16 ----D---- C:\WINDOWS\system32\MRT

2013-12-17 20:05:03 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AppleHFS;AppleHFS; C:\WINDOWS\system32\drivers\AppleHFS.sys [2010-11-11 49280]

R0 AppleMNT;AppleMNT; C:\WINDOWS\system32\drivers\AppleMNT.sys [2010-11-11 6784]

R0 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-05-09 21576]

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2013-05-09 204784]

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]

R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-07-09 175176]

R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]

R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2013-05-09 104752]

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-05-09 49760]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-07-09 770344]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-07-09 369584]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]

R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []

R2 KeyAgent;KeyAgent; \??\C:\WINDOWS\system32\drivers\KeyAgent.sys []

R2 MacHALDriver;Mac HAL; \??\C:\WINDOWS\system32\drivers\MacHALDriver.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-10-23 2649216]

R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-01-15 5911552]

R3 IRRemoteFlt;IR Receiver Filter Driver; C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2009-10-15 16512]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-15 7989728]

R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-10-24 54784]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-10-24 22016]

R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2009-10-24 13952]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2010-01-15 1684736]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-29 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-29 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-29 21568]

S3 KeyMagic;USB Keyboard HID Filter; C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2009-10-15 23552]

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2010-01-15 1389056]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppleOSSMgr;Apple OS Switch Manager; C:\WINDOWS\system32\AppleOSSMgr.exe [2010-11-11 193848]

R2 AppleTimeSrv;Apple Time Service; C:\WINDOWS\system32\AppleTimeSrv.exe [2009-11-02 99632]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-05-09 46808]

R2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2013-05-09 137960]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-20 182184]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-05 168005]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-19 136176]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Service Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-19 136176]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 OKI OPHI DCS Loader;OKI OPHI DCS Loader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHILDCS.EXE [2006-07-25 24576]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {4daac69c-cba7-45e2-9bc8-1044483d3352};c
 C:\Program Files\Softonic_France;fs
 mobilegeni daemon;s
 C:\Program Files\Mobogenie;fs
 C:\Program Files\Kotato\YouTube Downloader;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 "mobilegeni daemon"=-;r
 C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP;f
  emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • Shortcut Fix
  • IE Defaults
  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
woonschip Groentje

woonschip

Geplaatst:
  • Auteur
Geplaatst:

Hierbij het zoek.exe logje.

Dank voor de hulp tot nu toe.

Fijne jaarwisseling.

Arie

Zoek.exe v5.0.0.0 Updated 23-December-2013

Tool run by DIRECTION on 31/12/2013 at 10:01:47.78.

Microsoft Windows XP Édition familiale 5.1.2600 Service Pack 3 x86

Running in: Normal Mode No Internet Access Detected

Launched: C:\Documents and Settings\DIRECTION\Bureau\zoek\zoek.scr [scan all users] [Deep Scan] [Auto Clean]

==== System Restore Info ======================

31/12/2013 10:03:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-839522115-1060284298-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AppleOSSMgr.exe

C:\WINDOWS\system32\AppleTimeSrv.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

c:\program files\teamviewer\version9\TeamViewer.exe

C:\Program Files\TeamViewer\Version9\tv_w32.exe

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe

c:\program files\teamviewer\version9\TeamViewer_Desktop.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\genienext deleted

C:\Documents and Settings\DIRECTION\daemonprocess.txt deleted

C:\Documents and Settings\DIRECTION\.android deleted

C:\Program Files\Softonic_France deleted

C:\Documents and Settings\All Users\Application Data\tmp5A.tmp deleted

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Mobogenie deleted

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\cache deleted

C:\DOCUME~1\DIRECT~1\MENUDM~1\PROGRA~1\VuuPC deleted

C:\WINDOWS\System32\SET2A9.tmp deleted

C:\WINDOWS\System32\SET2AD.tmp deleted

C:\WINDOWS\System32\SET2AE.tmp deleted

C:\WINDOWS\System32\SET2B5.tmp deleted

C:\Documents and Settings\All Users\Bureau\YouTube Downloader.lnk deleted

==== System Specs ======================

Operating System: Microsoft Windows XP Édition familiale 5.1.2600 Service Pack 3

Manufacturer: Apple Inc. - Model: Macmini3,1

Install Date: 10/03/2010 13:11:59

Last Boot: 30/12/2013 16:57:30

Processor: Processeur Intel Pentium III Xeon

Number of Processors: 2

Work Station

Bootmode: Normal boot

Total RAM: 1765 MB (free 1156 MB - 65)

Computername: LEONTINE

Domain: WORKGROUP

User: DIRECTION (Administrator account)

Local Disk: C:\ - NTFS - 108 GB (free 79 GB)

CD \ DVD Drive: D:\

Local Disk: F:\ - HFS - 39 GB (free 29 GB)

Bootdevice: \Device\HarddiskVolume2

Windows update: 2013-12-17 19:07:31

Country: France

Language: FRA

==== System Specs (Software) ======================

Anti-Virus: avast! Internet Security On-access scanning enabled (Updated)

Firewall: avast! Internet Security enabled

Default Browser: Google Chrome 31.0.1650.63

Internet Explorer version: 6.0.2900.5512

Google Chrome version: 31.0.1650.63

Adobe Reader version: 11.0.04.63

Sun Java version: 1.7.0_25 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\DIRECT~1\LOCALS~1\Temp ====

2013-12-30 13:01:53 9F81FEA4D9046DBC6566CF9233388EE6 306688 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\56259uninstall.exe

2013-12-30 13:01:53 5405413FFF79B8D9C747AA900F60F082 599419 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\Sqlite3.dll

2013-12-30 13:00:55 919160525DA7A3D5D09E0DD5A6B16454 264008 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\McInstallerRes.dll

2013-12-30 13:00:55 8D15BBCBA2B1A6096C0D15E3D1893B5F 153280 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\McInstallerRes_LD.dll

2013-12-30 13:00:54 EA77325B4FAF6EBC8ACEB42011747DA1 571472 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\McInstallerStartup.dll

2013-12-30 13:00:54 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\McUICnt.exe

2013-12-30 13:00:54 206A83BDC11D09FB1B3740236ED5E9EE 418568 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\mcbrwsr2.dll

2013-12-30 12:52:59 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\erunt\ERUNT.EXE

2013-12-30 12:14:54 0679D39A697632EBD50DD438AB633214 45665360 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\SHSetup.exe

2013-12-17 11:31:40 60D9AC41CE2B2D8234FFCB8ED758D99F 5920680 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\TeamViewer\Version9\TeamViewer_.exe

====== Java Cache =====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

2013-12-30 14:47:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2013-12-30 19:20:02 -------- d-----w- C:\Program Files\WinRAR

2013-12-30 18:57:26 -------- d-----w- C:\Program Files\trend micro

2013-12-30 12:38:47 -------- d-----w- C:\Program Files\Enigma Software Group

2013-12-30 11:33:12 -------- d-----w- C:\Program Files\TeamViewer

======= C: =====

2013-12-31 09:01:40 2735AAF10AAF338D6CA529F99B0D25F5 2430 ----a-w- C:\runcheck.txt

====== C:\Documents and Settings\DIRECTION\Application Data ======

2013-12-30 19:24:18 -------- d-----w- C:\Documents and Settings\DIRECTION\Application Data\WinRAR

2013-12-21 13:33:57 -------- d-----w- C:\Documents and Settings\DIRECTION\Application Data\RDP6

====== C:\Documents and Settings\DIRECTION ======

2013-12-30 18:50:45 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\DIRECTION\Bureau\RSIT.exe

====== C: exe-files ==

2013-12-30 19:20:03 0B2A7AD88EDCBC12B53A23EA1580F056 1239640 ----a-w- C:\Program Files\WinRAR\WinRAR.exe

2013-12-30 19:20:02 C346E3D836FAE076D541FF3B10E02C89 136792 ----a-w- C:\Program Files\WinRAR\Uninstall.exe

2013-12-30 19:20:02 36E279DAAC7D1274F48C43AB690BE8A2 306776 ----a-w- C:\Program Files\WinRAR\UnRAR.exe

2013-12-30 19:20:02 3588C5853A233C973F1BD0FF12686444 490072 ----a-w- C:\Program Files\WinRAR\Rar.exe

2013-12-30 19:18:57 5576C14D5454A7F30E488BADC288CCFB 1767832 ----a-w- C:\RECYCLER\S-1-5-21-839522115-1060284298-1801674531-1004\Dc30.exe

2013-12-30 18:57:27 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\DIRECTION.exe

2013-12-30 18:50:45 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\DIRECTION\Bureau\RSIT.exe

2013-12-30 14:41:18 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\DIRECTION\Mes documents\MBAM1701300PRO\mbam-setup-1.75.0.1300.exe

2013-12-30 14:10:29 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla18.exe

2013-12-30 13:01:53 9F81FEA4D9046DBC6566CF9233388EE6 306688 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\56259uninstall.exe

2013-12-30 13:00:54 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\MSS\3.8.130.10\McUICnt.exe

2013-12-30 12:52:59 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\erunt\ERUNT.EXE

2013-12-30 12:52:24 2BF7A9428B0C60C07E38932FB14923FD 559441 ----a-w- C:\RECYCLER\S-1-5-21-839522115-1060284298-1801674531-1004\Dc28.0\JRT.exe

2013-12-30 12:38:02 7BE0F6203CDF7E986EDC66525DDA4424 180930 ----a-w- C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla22.exe

2013-12-30 12:14:54 0679D39A697632EBD50DD438AB633214 45665360 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\SHSetup.exe

2013-12-30 12:13:27 4FAEE05B33E3F48B93860D12FC7F56A8 3021720 ----a-w- C:\RECYCLER\S-1-5-21-839522115-1060284298-1801674531-1004\Dc28.0\Replace file\SpyHunter4.exe

2013-12-30 12:13:17 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\RECYCLER\S-1-5-21-839522115-1060284298-1801674531-1004\Dc28.0\SpyHunter-Installer.exe

2013-12-30 11:33:15 C3199DF0B394E13163A5925C2E1D6461 238944 ----a-w- C:\Program Files\TeamViewer\Version9\tv_x64.exe

2013-12-30 11:33:15 428360DE895B0D80BE90A088C3E10E14 199520 ----a-w- C:\Program Files\TeamViewer\Version9\tv_w32.exe

2013-12-30 11:33:15 07BE75060389FC57A0D8A5265D71B25A 462480 ----a-w- C:\Program Files\TeamViewer\Version9\uninstall.exe

2013-12-30 11:33:14 DF4A7E1E2BA788E28747F1EF49692ED6 5341536 ----a-w- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

2013-12-30 11:33:14 2602A0B5319AE6EA59B20BED11E3D51E 4671328 ----a-w- C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe

2013-12-30 11:33:12 0E3F332A0092E14401D1117126DDACA2 13543264 ----a-w- C:\Program Files\TeamViewer\Version9\TeamViewer.exe

2013-12-30 11:30:26 3795A2E4873176636020870D801F7C25 6073328 ----a-w- C:\Documents and Settings\DIRECTION\Mes documents\Downloads\TeamViewer_Setup_nl.exe

=== C: other files ==

2013-12-31 09:03:09 5CC2F5A33A46D41DBAC9FC0A945AB6EB 436 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\download8.bat

2013-12-30 14:47:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-12-30 12:52:59 FDB9CF820305FE44231763042642F7A6 12733 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\searchlnk.bat

2013-12-30 12:52:59 F871C2EECFB5DF889C240D846473CD80 89287 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\misc.bat

2013-12-30 12:52:59 F6CA4866511929B8356C67C40DF7D9B3 28960 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\prelim.bat

2013-12-30 12:52:59 BE9A93AB5FE6CAE1D6A78857B04F04FC 15330 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\chrome.bat

2013-12-30 12:52:59 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\FWPolicy.bat

2013-12-30 12:52:59 AD51C95160A3314D0F4E371729ED4D69 13748 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\get.bat

2013-12-30 12:52:59 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\ev_clear.bat

2013-12-30 12:52:59 6C966C77884990CE8F02799FF6227BB1 9486 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\modules.bat

2013-12-30 12:52:59 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\delorphans.bat

2013-12-30 12:52:59 5738500CE82B28738D24E2B61B2842C3 219670 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\firefox.bat

2013-12-30 12:52:59 4C51096033E1B16985334794FAAA2FA6 1018 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\TDL4.bat

2013-12-30 12:52:59 1ACDFEB8A7A728A429476F11E7A24617 29141 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\iexplore.bat

2013-12-30 12:52:59 16690673D3BF407C7F01A18855874F2B 11656 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\JRT.bat

2013-12-30 12:52:59 150B311890A68BB34170FBB4FAA733F5 6699 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\runvalues.bat

2013-12-30 12:52:59 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\medfos.bat

2013-12-30 12:52:59 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\delfolders.bat

2013-12-30 12:52:58 6FA00F3154329484AE7CA523863F010F 38960 ----a-w- C:\Documents and Settings\DIRECTION\Local Settings\Temp\jrt\ask.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-839522115-1060284298-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe"

"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui"

"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /installquiet"

"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"

"RTHDCPL"="RTHDCPL.EXE"

"Adobe ARM"="C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

"APSDaemon"="C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\Apple Software Update\SoftwareUpdate.exe [01/06/2011 16:57]

C:\WINDOWS\tasks\avast\Undetermined Task.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/03/2010 14:47]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/03/2010 14:47]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1060284298-1801674531-1004Core.job --a------ C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/03/2010 11:58]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1060284298-1801674531-1004UA.job --a------ C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/03/2010 11:58]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{78DADB4B-7468-4c1c-8612-00FBF356A9FF}"="C:\Program Files\Kotato\YouTube Downloader\YTD_FF.xpi" [30/07/2013 17:09]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ebjipgnedcljapmafeafekmlebefcafp - C:\Program Files\Kotato\YouTube Downloader\YTD_GC.crx[30/07/2013 17:12]

YouTube - DIRECTION - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - DIRECTION - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

YouTube Downloader Extension - DIRECTION - Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp

Google Wallet - DIRECTION - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - DIRECTION - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.nl/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1Qzu0DyEzy0AtBtD0FtA0EyE0D0AyByEtAtCtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=625256866&ir="

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{77AA745B-F4F8-45DA-9B14-61D2D95054C8}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.nl/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-839522115-1060284298-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-839522115-1060284298-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

HKEY_USERS\S-1-5-21-839522115-1060284298-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300

O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/301

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Download Video - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300 (file missing)

O9 - Extra 'Tools' menuitem: Download video on this page - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - res://C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll/300 (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe

O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\WINDOWS\system32\AppleTimeSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OKI OPHI DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHILDCS.EXE

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\DIRECTION\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\DIRECTION\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\DIRECTION\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1188 folders=108 110600115 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp will be emptied at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully

C:\Documents and Settings\DIRECTION\Local Settings\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\DIRECT~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\DIRECTION\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temp\Historique" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files" not deleted

==== EOF on 31/12/2013 at 12:15:21.45 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
 "mobilegeni daemon"=-;r
 C:\Program Files\Mobogenie;fs
 Ebjipgnedcljapmafeafekmlebefcafp;chr
 C:\Program Files\Kotato\YouTube Downloader;fs

  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
woonschip Groentje

woonschip

Geplaatst:
  • Auteur
Geplaatst:

Goedemiddag,

Hierbij de nieuwe logfile.

Het eerste vervelende tabblad is inmiddels verdwenen.

M.Vr groet,

Arie

Zoek.exe v5.0.0.0 Updated 28-December-2013

Tool run by DIRECTION on 01/01/2014 at 15:38:43.00.

Microsoft Windows XP Édition familiale 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\DIRECTION\Bureau\zoek\zoek.scr [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-31-111521.log 29753 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mobilegeni daemon"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Mobogenie not found

"C:\Program Files\Kotato\YouTube Downloader\FLVC_WS.dll" deleted

"C:\Program Files\Kotato\YouTube Downloader\FLVP_WS.dll" deleted

"C:\Program Files\Kotato\YouTube Downloader" not deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ebjipgnedcljapmafeafekmlebefcafp - C:\Program Files\Kotato\YouTube Downloader\YTD_GC.crx[]

YouTube - DIRECTION - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - DIRECTION - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

YouTube Downloader Extension - DIRECTION - Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp

Google Wallet - DIRECTION - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - DIRECTION - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{78DADB4B-7468-4c1c-8612-00FBF356A9FF} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\Ebjipgnedcljapmafeafekmlebefcafp deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1232 folders=118 136262383 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files\Kotato\YouTube Downloader" not found

==== EOF on 01/01/2014 at 15:45:10.28 ======================

Link naar reactie
Delen op andere sites
woonschip Groentje

woonschip

Geplaatst:
  • Auteur
Geplaatst:

Goedemiddag,

Helaas is het probleem nog niet geheel opgelost, er opent zich nog steeds een tabblad te veel, de boosdoener staat hieronder:

http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1Qzu0DyEzy0AtBtD0FtA0EyE0D0AyByEtAtCtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=625256866&ir=

Ik heb geprobeerd dit bij de instellingen van Chrome te veranderen, maar dat bleek een zinloze actie.

M. vr groet,

Arie

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites
woonschip Groentje

woonschip

Geplaatst:
  • Auteur
Geplaatst:

Goedemiddag,

hier het log file van ADW cleaner

chrome opende nu zonder extra tabbladen. Het probleem lijkt opgelost.

met vriendelijke groet en veel dank

Arie

# AdwCleaner v3.016 - Rapport créé le 05/01/2014 à 16:51:03

# Mis à jour le 23/12/2013 par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : DIRECTION - LEONTINE

# Exécuté depuis : C:\Documents and Settings\DIRECTION\Bureau\adwcleaner.exe

# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

***** [ Navigateurs ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Google Chrome v

[ Fichier : C:\Documents and Settings\DIRECTION\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4073 octets] - [05/01/2014 16:40:17]

AdwCleaner[R1].txt - [965 octets] - [05/01/2014 16:48:40]

AdwCleaner[s0].txt - [3851 octets] - [05/01/2014 16:42:32]

AdwCleaner[s1].txt - [887 octets] - [05/01/2014 16:51:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [946 octets] ##########

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Uitstekend ... dan mag je nu de gebruikte tools en wat overbodige restjes verwijderen:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.