Netwerkkaart updaten

[kweezie wabbit]

Vreemd, de besmetting is er nog steeds na het herstarten

Start de pc op in veilige modus door herhaaldelijk de toets F8 in te drukken (tokkelen) onmiddellijk na het aanzetten van de pc.

Kies voor veilige modus met netwerkmogelijkheden.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

F3 - REG:win.ini: load=C:\Users\Elham\LOCALS~1\Temp\msakuovqo.pif

Klik op 'Fix checked' om de items te verwijderen.

Voer daarna nogmaals de scan uit met malwarebytes en laat de gevonden besmettingen verwijderen.

Herstart de pc in normale modus en maak nieuwe logjes van hijackthis en malwarebytes.

[elham]

Hier is de niewe Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:25:36, on 4-3-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\MSI\EasyFace2\MessengerSignIn.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Elham\Desktop\HijackThis.exe

C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F3 - REG:win.ini: load=C:\Users\Elham\LOCALS~1\Temp\msakuovqo.pif

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

O4 - HKLM\..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\windows\UpdReg.EXE

O4 - HKLM\..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [MSNAutoLogon] C:\Program Files (x86)\msi\EasyFace2\MessengerSignIn.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O12 - Plugin for .csm: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14364 bytes

- - - Updated - - -

En hier de nieuwe Malware log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Databaseversie: v2013.03.03.09

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)

Internet Explorer 9.0.8112.16421

Elham :: ELHAM-MSI [administrator]

4-3-2013 22:16:01

mbam-log-2013-03-04 (22-16-01).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 235328

Verstreken tijd: 2 minuut/minuten, 49 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Elham\LOCALS~1\Temp\msakuovqo.pif -> Zal worden verwijderd tijdens het herstarten.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

[kweezie wabbit]

Download AdwCleaner by Xplode naar je bureaublad.

Sluit alle openstaande vensters.

• Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  
• Voor XP: Gewoon dubbelklikken op AdwCleaner.
  
• Klik vervolgens op Verwijderen.
  
• Klik bij AdwCleaner – Informatie op OK
  
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
  

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht samen met een nieuw hijackthis logje.

[elham]

Hier is de AdwCleaner logje:

# AdwCleaner v2.114 - Verslag gemaakt op 07/03/2013 om 21:15:46

# Geactualiseerd op 05/03/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Elham - ELHAM-MSI

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Elham\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Verwijdert : C:\user.js

Map Verwijdert : C:\ProgramData\Babylon

Map Verwijdert : C:\Users\Elham\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Map Verwijdert : C:\Users\Elham\AppData\Roaming\Babylon

Map Verwijdert : C:\Users\Elham\AppData\Roaming\BabylonToolbar

Map Verwijdert : C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\extensions\bbrs_002@blabbers.com

Map Verwijdert : C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\extensions\ffxtlbr@claro.com

Map Verwijdert : C:\Users\Elham\AppData\Roaming\OpenCandy

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\BrowserCompanion

Sleutel Verwijdert : HKCU\Software\Claro LTD

Sleutel Verwijdert : HKCU\Software\IGearSettings

Sleutel Verwijdert : HKCU\Software\Microsoft\Babylon

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKCU\Software\Softonic

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKLM\Software\Babylon

Sleutel Verwijdert : HKLM\Software\BabylonToolbar

Sleutel Verwijdert : HKLM\Software\BrowserCompanion

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\updatebho.TimerBHO

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wit4ie.WitBHO

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v7.0.1 (nl)

File : C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\prefs.js

C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\user.js ... Verwijdert !

Verwijdert : user_pref("browser.babylon.HPOnNewTab", "isearch.claro-search.com");

Verwijdert : user_pref("browser.newtab.url", "hxxp://isearch.claro-search.com/?affID=114164&tt=3112_8&babsrc=NT_i[...]

Verwijdert : user_pref("browser.search.defaultenginename", "Claro Search");

Verwijdert : user_pref("browser.search.order.1", "Claro Search");

Verwijdert : user_pref("browser.search.selectedEngine", "Claro Search");

Verwijdert : user_pref("browser.startup.homepage", "hxxp://isearch.claro-search.com/?affID=114164&tt=3112_8&babsr[...]

Verwijdert : user_pref("extensions.claro.admin", false);

Verwijdert : user_pref("extensions.claro.aflt", "babsst");

Verwijdert : user_pref("extensions.claro.autoRvrt", "false");

Verwijdert : user_pref("extensions.claro.bbDpng", "18");

Verwijdert : user_pref("extensions.claro.cntry", "NL");

Verwijdert : user_pref("extensions.claro.dfltLng", "en");

Verwijdert : user_pref("extensions.claro.envrmnt", "production");

Verwijdert : user_pref("extensions.claro.excTlbr", false);

Verwijdert : user_pref("extensions.claro.hdrMd5", "A5260AF9958B2DD5388C6FFEF1F6C0E6");

Verwijdert : user_pref("extensions.claro.hmpg", false);

Verwijdert : user_pref("extensions.claro.id", "46a4e8d500000000000000fff12858b0");

Verwijdert : user_pref("extensions.claro.instlDay", "15552");

Verwijdert : user_pref("extensions.claro.instlRef", "sst");

Verwijdert : user_pref("extensions.claro.lastVrsnTs", "1.6.4.121:24:10");

Verwijdert : user_pref("extensions.claro.mntrvrsn", "1.3.1");

Verwijdert : user_pref("extensions.claro.newTab", false);

Verwijdert : user_pref("extensions.claro.prdct", "claro");

Verwijdert : user_pref("extensions.claro.prtnrId", "claro");

Verwijdert : user_pref("extensions.claro.sg", "none");

Verwijdert : user_pref("extensions.claro.smplGrp", "none");

Verwijdert : user_pref("extensions.claro.tlbrId", "iclaro");

Verwijdert : user_pref("extensions.claro.vrsn", "1.6.4.1");

Verwijdert : user_pref("extensions.claro.vrsnTs", "1.6.4.121:24:10");

Verwijdert : user_pref("extensions.claro.vrsni", "1.6.4.1");

Verwijdert : user_pref("extensions.claro_i.newTab", false);

Verwijdert : user_pref("extensions.claro_i.smplGrp", "none");

Verwijdert : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:24:10");

Verwijdert : user_pref("extensions.enabledAddons", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,ffxtlbr@claro.co[...]

Verwijdert : user_pref("keyword.URL", "hxxp://isearch.claro-search.com/?affID=114164&tt=3112_8&babsrc=KW_iclro&mn[...]

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Elham\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[s1].txt - [7955 octets] - [07/03/2013 21:15:46]

########## EOF - C:\AdwCleaner[s1].txt - [8015 octets] ##########

---------------------------------------------------------------------

Hier is de Hijackthis logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:19:48, on 7-3-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\MSI\EasyFace2\MessengerSignIn.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Users\Elham\Desktop\HijackThis.exe

C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F3 - REG:win.ini: load=C:\Users\Elham\LOCALS~1\Temp\msakuovqo.pif

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

O4 - HKLM\..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\windows\UpdReg.EXE

O4 - HKLM\..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [MSNAutoLogon] C:\Program Files (x86)\msi\EasyFace2\MessengerSignIn.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O12 - Plugin for .csm: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14419 bytes

[kweezie wabbit]

De koppigaard is er nog steeds

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Hier kan je lezen hoe je Combofix moet gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: klik hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[elham]

Hier is de Combofix logje:

ComboFix 13-03-10.02 - Elham 10-03-2013 11:18:25.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8169.6238 [GMT 1:00]

Gestart vanuit: c:\users\Elham\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Elham\AppData\Local\Temp\B2F9.tmp

c:\users\Elham\AppData\Roaming\Ihavx

c:\users\Elham\AppData\Roaming\Ihavx\seuc.ixk

c:\users\Elham\AppData\Roaming\Iniqp

c:\users\Elham\AppData\Roaming\Iniqp\ecyht.azi

c:\users\Elham\War_Rock_10182011_G1_Xfire.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

D:\install.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-10 to 2013-03-10 ))))))))))))))))))))))))))))))

.

.

2013-03-08 18:38 . 2013-03-08 18:38 -------- d--h--w- c:\windows\AxInstSV

2013-03-08 14:00 . 2013-03-08 14:01 -------- d-sh--w- c:\users\Elham\AppData\Roaming\wyUpdate AU

2013-03-05 19:39 . 2013-03-05 19:39 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-03-02 16:14 . 2013-03-08 14:01 -------- d-sh--w- c:\users\Elham\wc

2013-03-02 16:14 . 2013-03-02 16:14 -------- d-sh--w- c:\users\Elham\AppData\Roaming\ViperUpdate AU

2013-03-02 16:14 . 2013-03-02 16:14 -------- d-----w- c:\users\Elham\AppData\Roaming\ViperSettingsFolder

2013-03-02 16:14 . 2013-03-02 16:14 -------- d-----w- c:\program files (x86)\All Answers Ltd

2013-03-02 15:31 . 2013-03-02 15:31 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-03-02 15:31 . 2013-03-02 15:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-02 15:30 . 2013-03-02 15:30 -------- d-----w- c:\program files (x86)\Java

2013-03-02 15:26 . 2013-03-02 15:26 310688 ----a-w- c:\windows\system32\javaws.exe

2013-03-02 15:26 . 2013-03-02 15:26 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-03-02 15:26 . 2013-03-02 15:26 188832 ----a-w- c:\windows\system32\javaw.exe

2013-03-02 15:26 . 2013-03-02 15:26 188320 ----a-w- c:\windows\system32\java.exe

2013-03-02 15:26 . 2013-03-02 15:26 -------- d-----w- c:\program files\Java

2013-03-02 13:30 . 2013-03-02 13:30 -------- d-----w- c:\users\Elham\AppData\Local\Programs

2013-03-02 13:23 . 2013-03-02 15:26 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-02 13:23 . 2013-03-02 15:26 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-28 19:32 . 2013-03-02 10:40 -------- d-----w- c:\program files (x86)\Google

2013-02-26 17:12 . 2013-02-26 17:12 -------- d-----w- c:\users\Elham\AppData\Roaming\AVG2013

2013-02-26 17:04 . 2013-02-26 17:04 -------- d-----w- c:\programdata\AVG2013

2013-02-26 17:04 . 2013-02-26 17:04 -------- d-----w- C:\$AVG

2013-02-26 16:52 . 2013-02-26 16:52 388096 ----a-r- c:\users\Elham\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-02-26 16:52 . 2013-02-26 16:52 -------- d-----w- c:\program files (x86)\Trend Micro

2013-02-26 15:39 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DFF5FC6-B49F-4029-A986-215DC3F5D661}\mpengine.dll

2013-02-22 18:24 . 2013-02-26 20:40 -------- d-----w- c:\users\Elham\AppData\Local\Avg2013

2013-02-20 09:40 . 2013-03-02 13:40 -------- d-----w- c:\users\Elham\AppData\Roaming\Qyeh

2013-02-20 09:40 . 2013-02-25 15:03 -------- d-----w- c:\users\Elham\AppData\Roaming\Riatpo

2013-02-15 10:22 . 2013-02-15 10:22 -------- d-----w- c:\program files (x86)\Cisco Systems

2013-02-15 09:52 . 2013-02-15 09:52 -------- d-----w- c:\programdata\Cisco Systems

2013-02-14 13:44 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 13:44 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 19:15 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 19:15 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 19:15 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 19:15 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 19:15 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 19:15 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 19:15 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 19:15 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 19:15 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 19:15 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 19:15 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 19:15 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-02 15:30 . 2012-05-23 22:28 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-02 15:30 . 2012-04-10 15:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-17 20:18 . 2011-11-19 23:34 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-02-17 20:18 . 2011-10-28 12:55 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-02-14 13:46 . 2011-10-23 10:16 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-12 17:49 . 2011-10-28 13:09 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-02-10 03:25 . 2011-04-22 20:25 2854344 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-10 03:25 . 2011-04-22 20:25 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-10 03:25 . 2011-04-22 20:25 15275744 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-10 03:25 . 2011-04-22 20:25 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-10 01:04 . 2011-04-08 03:36 6393120 ----a-w- c:\windows\system32\nvcpl.dll

2013-02-10 01:04 . 2011-04-08 03:35 3472672 ----a-w- c:\windows\system32\nvsvc64.dll

2013-02-10 01:04 . 2011-04-08 03:37 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-02-10 01:04 . 2011-04-08 03:37 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-02-10 01:04 . 2011-04-08 03:37 2555680 ----a-w- c:\windows\system32\nvsvcr.dll

2013-02-10 01:04 . 2011-04-08 03:37 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-04 04:43 . 2013-02-13 19:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-18 08:31 . 2012-03-14 18:32 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-12-16 17:11 . 2012-12-21 15:02 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 15:02 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 15:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 15:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-10-16 09:38 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"MSNAutoLogon"="c:\program files (x86)\msi\EasyFace2\MessengerSignIn.exe" [2010-12-27 86528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-11-05 2482176]

"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]

"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"NVIDIAOCAP"="c:\program files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe" [2010-10-20 83456]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\drivers\fspad_xp64.sys [2010-06-07 52224]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-09 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-21 14136]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-14 744856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-03 834544]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]

S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2010-06-07 52224]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-06 13:38 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-02-27 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job

- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-07-03 09:56]

.

2013-03-09 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job

- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-07-03 09:56]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28 19:32]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28 19:32]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.nl/

mStart Page = hxxp://msi.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

FF - ProfilePath - c:\users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-Cisco Connect - c:\program files (x86)\Cisco Systems\Cisco Connect\Cisco Connect.exe

AddRemove-ESN Sonar-0.70.3 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-PunkBusterSvc - c:\program files (x86)\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe

AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Voltooingstijd: 2013-03-10 11:29:08 - machine werd herstart

ComboFix-quarantined-files.txt 2013-03-10 10:29

.

Pre-Run: 211.464.609.792 bytes beschikbaar

Post-Run: 215.407.788.032 bytes beschikbaar

.

- - End Of File - - C735DA3938288C7955D46F51EBC67038

[kweezie wabbit]

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

   
  startupall; 
  filesrcm; 
  

  
  

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
  • Running processes
    
  • Recently Created
    
  • Startup Information
    
  • Installed Programs
    
  • Empty Temp Folders
    
  • Auto Clean
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Maak nadien ook een nieuw logje van hijackthis.

[elham]

Sorry voor mijn late antwoord, maar hier is de logje:

Zoek.exe Version 4.0.0.2 Updated 14-March-2013

Tool run by Elham on vr 15-03-2013 at 21:42:37,55.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\windows\system32\csrss.exe

C:\windows\system32\wininit.exe

C:\windows\system32\csrss.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\winlogon.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\System Control Manager\MSIService.exe

C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\FSP\FspUip.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\MSI\EasyFace2\MessengerSignIn.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Users\Elham\Desktop\zoek.exe

C:\windows\system32\conhost.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-55408526-856673997-1952082211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09DFC675-A3D8-4381-BBCF-70E2B676B25E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

@C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\Uninstall\\Setup.exe,-2018

@C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology\\Uninstall\\Setup.exe,-2018

æTorrent

ActiveX-kontroll f”r fj„rranslutningar f”r Windows Live Mesh

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.0) - Nederlands

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

ArtMoney SE v7.39.2

Assassin's Creed Revelations

Batman Arkham City 1.0

Battlefield 3T

Battlelog Web Plugins

Bing Bar

Borderlands 2

BurnRecovery

Call of Duty

Call of Duty® - World at War

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Camera Recorder

Cinema ProII Setup

Cisco Connect

Contr“le ActiveX Windows Live Mesh pour connexions … distance

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex Human Revolution

Dishonored

Dll-Files Fixer

Driver Whiz

EasyFace2

EasyViewer

ESN Sonar

F.E.A.R. 3

Far Cry 3

FreeMind

Galerie de photos Windows Live

GamersFirst LIVE

GameShadow

Google Chrome

Google Earth

Google Update Helper

GrabIt 1.7.2 Beta 6 (build 1008)

HD Tune 2.55

HiJackThis

Hitman Absolution

Hitman Blood Money

i-Charger

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 15

Java Auto Updater

Junk Mail filter update

Live Update 5

MAGIX Video easy SE

Malwarebytes Anti-Malware versie 1.70.0.1100

MDL Chime/Chime Pro for Internet Explorer

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 7.0.1 (x86 nl)

MSI HOUSE

msi LED Manager

msi Software Install

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nuance PDF Reader

NVIDIA Overclock Tool

NVIDIA PhysX

OpenAL

Origin

Pando Media Booster

Portal 2

PowerISO

Raccolta foto di Windows Live

Rapture3D 2.4.8 Game

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Renesas Electronics USB 3.0 Host Controller Driver

RESIDENT EVIL 5

Revo Uninstaller 1.93

S?????? f?t???af??? t?? Windows Live

Saints Row The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Simple Adblock

SkypeT 6.1

Sniper Elite V2

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??

Steam

Stone Giant 1.0

swMSM

System Control Manager

TeamViewer 7

The Witcher 2

The Witcher 2 Assassins of Kings version 1.0

THX TruStudio Pro

TI Connect 1.6

TI NoteFolio Creator

Tombraider

Tunngle beta

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Uplay

Viper Plagiarism Scanner

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

Vuze

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Installer

Windows Live Mail

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Mesh ActiveX control for remote connections

Windows Live Meshin et„yhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennusty”kalu

Windows Liven s„hk”posti

Windows Liven valokuvavalikoima

WinRAR archiver

Xfire (remove only)

==== FireFox Fix ======================

ProfilePath: C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default

user.js not found

---- Lines claro removed from prefs.js ----

---- Lines claro modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1319364461349},\"{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\",\"mtime\":1334071771995}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1361218973690},\"ffxtlbr@claro.com\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\ffxtlbr@claro.com\",\"mtime\":1343761516421},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1330201246442}}}]");

---- Lines Toggle removed from prefs.js ----

user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false);

---- Lines Toggle modified from prefs.js ----

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----

---- Lines blabbers.com removed from prefs.js ----

---- Lines blabbers.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1319364461349},\"{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\",\"mtime\":1334071771995}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1361218973690},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1343761516421},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Elham\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ghpd7l1a.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1330201246442}}}]");

---- FireFox user.js and prefs.js backups ----

prefs_15-03-2013_2145_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\extensions\ffxtlbr@claro.com" not found

"C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default\extensions\bbrs_002@blabbers.com" not found

==== Files Recently Created / Modified ======================

====== C:\windows ====

2013-03-10 10:16:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe

2013-03-10 10:16:26 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe

2013-03-10 10:16:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe

2013-03-10 10:16:26 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe

2013-03-10 10:16:26 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe

====== C:\Users\Elham\AppData\Local\Temp ====

2013-03-10 10:37:57 08AF557C8E6E74D7D92314F6B2C86273 4608 ----a-w- C:\Users\Elham\AppData\Local\Temp\i4jdel0.exe

====== C:\windows\SysWOW64 =====

2013-03-14 15:16:59 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\windows\SysWOW64\mshtmled.dll

2013-03-14 15:16:59 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\windows\SysWOW64\url.dll

2013-03-14 15:16:59 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\windows\SysWOW64\vbscript.dll

2013-03-14 15:16:59 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\windows\SysWOW64\ieUnatt.exe

2013-03-14 15:16:59 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\windows\SysWOW64\mshtml.tlb

2013-03-14 15:16:59 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\windows\SysWOW64\ieui.dll

2013-03-14 15:16:58 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\windows\SysWOW64\msfeeds.dll

2013-03-14 15:16:58 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\windows\SysWOW64\inetcpl.cpl

2013-03-14 15:16:58 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\windows\SysWOW64\urlmon.dll

2013-03-14 15:16:58 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\windows\SysWOW64\wininet.dll

2013-03-14 15:16:57 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\windows\SysWOW64\iertutil.dll

2013-03-14 15:16:57 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\windows\SysWOW64\jscript9.dll

2013-03-14 15:16:57 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\windows\SysWOW64\jsproxy.dll

2013-03-14 15:16:57 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\windows\SysWOW64\jscript.dll

2013-03-14 15:16:56 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\windows\SysWOW64\mshtml.dll

2013-03-14 15:16:54 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\windows\SysWOW64\ieframe.dll

2013-03-05 19:37:48 C3B72E7CF8EFD13431C0B45FA5E24F1B 12862400 ----a-w- C:\windows\SysWOW64\nvwgf2um.dll

2013-03-05 19:37:48 9B47B54BDF66F350493173D39EFEAE0F 20534560 ----a-w- C:\windows\SysWOW64\nvoglv32.dll

2013-03-05 19:37:48 973A0255A5DB5DFE64D78CF6E5A89440 6267240 ----a-w- C:\windows\SysWOW64\nvopencl.dll

2013-03-05 19:37:47 8BBCC9B3324FFE685C290606DCA9AC58 2726176 ----a-w- C:\windows\SysWOW64\nvcuvid.dll

2013-03-05 19:37:47 5509C47F908DAFB7AD1A14EBD485ECC9 17560352 ----a-w- C:\windows\SysWOW64\nvcompiler.dll

2013-03-05 19:37:47 22CFC35E50E07539087165EEABCBA6B0 1990944 ----a-w- C:\windows\SysWOW64\nvcuvenc.dll

2013-03-05 19:37:47 14F1FC4D5A4E95DC3F87E2F4CA0635DE 7964680 ----a-w- C:\windows\SysWOW64\nvcuda.dll

2013-03-02 15:31:01 B5037FBFE1F14169D4465C76CD4859FB 95648 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll

====== C:\windows\SysWOW64\drivers =====

====== C:\windows\Sysnative =====

2013-03-14 15:17:00 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\windows\Sysnative\mshtml.tlb

2013-03-14 15:16:59 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\windows\Sysnative\url.dll

2013-03-14 15:16:59 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\windows\Sysnative\mshtmled.dll

2013-03-14 15:16:59 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\windows\Sysnative\ieui.dll

2013-03-14 15:16:59 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\windows\Sysnative\ieUnatt.exe

2013-03-14 15:16:58 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\windows\Sysnative\urlmon.dll

2013-03-14 15:16:58 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\windows\Sysnative\msfeeds.dll

2013-03-14 15:16:58 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\windows\Sysnative\inetcpl.cpl

2013-03-14 15:16:58 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\windows\Sysnative\jscript9.dll

2013-03-14 15:16:57 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\windows\Sysnative\wininet.dll

2013-03-14 15:16:57 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\windows\Sysnative\jscript.dll

2013-03-14 15:16:57 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\windows\Sysnative\iertutil.dll

2013-03-14 15:16:57 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\windows\Sysnative\jsproxy.dll

2013-03-14 15:16:57 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\windows\Sysnative\vbscript.dll

2013-03-14 15:16:55 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\windows\Sysnative\mshtml.dll

2013-03-14 15:16:54 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\windows\Sysnative\ieframe.dll

2013-03-05 19:37:50 9FCC07C6A76DF5FDACE85E1033715A2B 31672 ----a-w- C:\windows\Sysnative\nvhdap64.dll

2013-03-05 19:37:48 AB42C0D21C1FC23A60CE5D29B2A53EC5 1510176 ----a-w- C:\windows\Sysnative\nvdispgenco6420162.dll

2013-03-05 19:37:48 5A1F71CAB0B6116E597C0A656A4E5C37 26947360 ----a-w- C:\windows\Sysnative\nvoglv64.dll

2013-03-05 19:37:48 4ED76EF4A4B43D01D5411176BC09E602 1807136 ----a-w- C:\windows\Sysnative\nvdispco6420294.dll

2013-03-05 19:37:48 16CA336B82E53F77FCF7FC610EA56EC9 7569184 ----a-w- C:\windows\Sysnative\nvopencl.dll

2013-03-05 19:37:47 DF870214B9551EED01CB2F5F4D892A97 17987192 ----a-w- C:\windows\Sysnative\nvd3dumx.dll

2013-03-05 19:37:47 86B32CD237A49AB47F5EC1C4A4824A23 25256736 ----a-w- C:\windows\Sysnative\nvcompiler.dll

2013-03-05 19:37:47 25DDDEECDDBB017F4630464F6E217848 9422672 ----a-w- C:\windows\Sysnative\nvcuda.dll

2013-03-05 19:37:47 20A7BAA5A76C0359582DD4E185C3ABDB 2911008 ----a-w- C:\windows\Sysnative\nvcuvid.dll

2013-03-05 19:37:47 02F39AFF6D05B042772930FF889996D8 2350368 ----a-w- C:\windows\Sysnative\nvcuvenc.dll

2013-03-02 15:26:39 1B7DEC8CA744FF96B1AD6588CFFC7F75 108448 ----a-w- C:\windows\Sysnative\WindowsAccessBridge-64.dll

====== C:\windows\Sysnative\drivers =====

2013-03-05 19:37:50 B4F53BCA4C688FF47F04FA90098F896E 194488 ----a-w- C:\windows\Sysnative\drivers\nvhda64v.sys

2013-03-05 19:37:48 0A2F27B5BCC45B64E152DD6AE0815198 11040544 ----a-w- C:\windows\Sysnative\drivers\nvlddmkm.sys

====== C:\windows\Tasks ======

====== C:\windows\Temp ======

======= C:\Program Files =====

2013-03-14 15:16:00 -------- d-----w- C:\Program Files\Microsoft Silverlight

======= C:\Program Files (x86) =====

2013-03-14 15:16:00 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight

2013-03-02 16:14:06 -------- d-----w- C:\Program Files (x86)\All Answers Ltd

2013-02-28 19:32:51 -------- d-----w- C:\Program Files (x86)\Google

2013-02-26 16:52:16 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-02-15 10:22:05 -------- d-----w- C:\Program Files (x86)\Cisco Systems

======= C: =====

2013-03-07 20:15:46 7947933F5EFCF9DC22C1213007D2792F 8072 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\Elham\AppData\Roaming ======

2013-03-10 10:29:10 -------- d-----w- C:\users\UpdatusUser\AppData\Local\temp

2013-03-10 10:29:10 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-03-10 10:29:10 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-03-10 10:29:10 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-03-08 14:00:46 -------- d-sh--w- C:\users\Elham\AppData\Roaming\wyUpdate AU

2013-03-02 16:14:26 -------- d-sh--w- C:\users\Elham\AppData\Roaming\ViperUpdate AU

2013-03-02 16:14:23 -------- d-----w- C:\users\Elham\AppData\Roaming\ViperSettingsFolder

2013-03-02 13:30:57 -------- d-----w- C:\users\Elham\AppData\Local\Programs

2013-02-28 19:34:11 -------- d-----w- C:\users\Elham\AppData\Locallow\Google

2013-02-26 17:12:50 -------- d-----w- C:\users\Elham\AppData\Roaming\AVG2013

2013-02-22 18:24:17 -------- d-----w- C:\users\Elham\AppData\Local\Avg2013

2013-02-20 09:40:20 -------- d-----w- C:\users\Elham\AppData\Roaming\Riatpo

2013-02-20 09:40:20 -------- d-----w- C:\users\Elham\AppData\Roaming\Qyeh

====== C:\Users\Elham ======

2013-03-10 10:29:10 -------- d-----w- C:\Users\Public\AppData

2013-03-02 16:14:28 -------- d-sh--w- C:\Users\Elham\wc

2013-02-26 17:04:08 -------- d-----w- C:\ProgramData\AVG2013

2013-02-22 18:14:44 70F3B35C7754B71A347B43660D5C55ED 636 --sha-r- C:\Users\Elham\ntuser.pol

2013-02-15 09:52:02 -------- d-----w- C:\ProgramData\Cisco Systems

====== C: exe-files ==

2013-03-14 15:16:59 DDE5A0DFAF7C6370FB36402D7A746ED3 757296 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-03-14 15:16:59 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-03-14 15:16:59 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-03-14 15:16:58 A8EBEBCD9F5C49475194099FCD276992 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-03-11 16:34:29 27C83242CA28917DF4D0379FAE7093CD 7605792 ----a-w- C:\Users\Elham\AppData\Roaming\Azureus\tmp\AZU5849695773544275712.tmp\Vuze_4.9.0.0a_win32.exe

2013-03-10 14:43:42 08AF557C8E6E74D7D92314F6B2C86273 4608 ----a-w- C:\Users\Elham\AppData\Local\Temp\e4jFF68.tmp_dir31298\i4jdel.exe

2013-03-10 10:37:57 08AF557C8E6E74D7D92314F6B2C86273 4608 ----a-w- C:\Users\Elham\AppData\Local\Temp\i4jdel0.exe

2013-03-10 10:16:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-10 10:16:26 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-10 10:16:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-10 10:16:26 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-10 10:16:26 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

=== C: other files ==

2013-03-10 10:36:11 691CE266D9A3A86702919C07688156DB 6852245 ----a-w- C:\Users\Elham\AppData\Local\Temp\Vuze_4.9.0.0a_win32.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-55408526-856673997-1952082211-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"MSNAutoLogon"="C:\Program Files (x86)\msi\EasyFace2\MessengerSignIn.exe"

[HKEY_USERS\S-1-5-21-55408526-856673997-1952082211-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-55408526-856673997-1952082211-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

"MGSysCtrl"="C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe"

"Cinema ProII AP"="C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe"

"Cinema ProII Controler"="C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe"

"THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe /r"

"UpdReg"="C:\windows\UpdReg.EXE"

"NVIDIAOCAP"="C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe"

"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

"MSNAutoLogon"="C:\Program Files (x86)\msi\EasyFace2\MessengerSignIn.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp"

"THXCfg64"="C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64"

"fspuip"="%ProgramFiles%\FSP\fspuip.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BCSSync"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Live Update 5]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Live Update 5"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\MSI\\Live Update 5\\LU5.exe /reminder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msi LED Manager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msi LED Manager"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\msi\\msi LED Manager\\SLM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PWRISOVM.EXE"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GamersFirst LIVE!.lnk"

"backup"="C:\\windows\\pss\\GamersFirst LIVE!.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\GAMERS~1\\LIVE!\\Live.exe /silent"

"item"="GamersFirst LIVE!"

==== Task Scheduler Jobs ======================

C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-02-2013 20:32]

C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-02-2013 20:32]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Elham\AppData\Roaming\Mozilla\Firefox\Profiles\ghpd7l1a.default

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{09DFC675-A3D8-4381-BBCF-70E2B676B25E}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09DFC675-A3D8-4381-BBCF-70E2B676B25E}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Elham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Elham\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Elham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Elham\AppData\Local\Mozilla\Firefox\Profiles\ghpd7l1a.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Elham\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied

C:\Users\Elham\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Elham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

En hier is de nieuwe Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:51:51, on 15-3-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16470)

Boot mode: Normal

Running processes:

C:\windows\SysWOW64\notepad.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\MSI\EasyFace2\MessengerSignIn.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Users\Elham\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe

O4 - HKLM\..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\windows\UpdReg.EXE

O4 - HKLM\..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [MSNAutoLogon] C:\Program Files (x86)\msi\EasyFace2\MessengerSignIn.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O12 - Plugin for .csm: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files (x86)\Internet Explorer\Plugins\npchime.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13488 bytes

[kweezie wabbit]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

• (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

   
  C:\users\Elham\AppData\Roaming\Riatpo;f
  C:\users\Elham\AppData\Roaming\Qyeh;f
  

  
  

• Klik daarna op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[elham]

Hier is de logje:

Zoek.exe Version 4.0.0.2 Updated 18-03-2013

Tool run by Elham on di 19-03-2013 at 16:33:45,69.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\users\Elham\AppData\Roaming\Riatpo" not found

"C:\users\Elham\AppData\Roaming\Qyeh" not found

==== Chrome Look ======================

Google Docs - Elham - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Elham - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Elham - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Elham - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Gmail - Elham - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia