Opkuisen van heel wat rotzooi - RSIT logje

[superjona]

Hey iedereen,

Een laptop van een maat van me is serieus geïnfecteerd. Via de Windows Uninstaller, AdwCleaner en HitmanPro heel wat rotzooi kunnen verwijderen, maar er blijven nog heel wat lastige beestjes over. Vooral ongewenste advertenties op het web (niet afkomstig van de website).

Hieronder het RSIT logje.

Thanks!

--

Logfile of random's system information tool 1.09 (written by random/random)

Run by servaas at 2013-12-18 20:35:56

Microsoft Windows 7 Ultimate Service Pack 1

System drive C: has 464 GB (66%) free of 702 GB

Total RAM: 5996 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:36:01, on 18/12/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16502)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\servaas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: sAveNshare - {19B0FBB6-3926-8F9B-443A-DE32D3360283} - C:\ProgramData\sAveNshare\f7K3YS.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [speedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"

O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2168761549-3453325828-75870251-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2168761549-3453325828-75870251-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O20 - AppInit_DLLs: c:\progra~2\psupport\psupport.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8513 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe 29040880

\??\C:\Windows\system32\conhost.exe "-1530718391-625899199-1269697527144425735-1348725098-1254467868-231302288-1975292513

taskeng.exe {1C2F9D5C-79FD-448F-B868-FA12B96D9049}

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"

"taskhost.exe"

taskeng.exe {F03E63A9-A8FD-4C25-BB7E-6F5B99426A5B}

c:\programdata\quickset\updater\Updater.exe /schedule /profile "c:\programdata\quickset\updater\201502429.ini"

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3200.0.113224890\467047945" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --gpu-vendor-id=0x8086 --gpu-device-id=0x0126 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_01/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="3200.1.503462579\1618604941" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_01/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="3200.2.36215170\1754520125" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_01/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="3200.4.1227021881\1994393630" /prefetch:673131151

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_01/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="3200.6.1779578842\851800147" /prefetch:673131151

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\servaas\Downloads\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\PC Optimizer Pro64 startups.job

C:\Windows\tasks\Updater-S-201502429.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B0FBB6-3926-8F9B-443A-DE32D3360283}]

sAveNshare - C:\ProgramData\sAveNshare\f7K3YS.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-05 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-05 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-12-14 172144]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-12-14 399984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-12-14 441968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpeedItupFree"=C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe []

"ChicaPasswordManager"=C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Users\servaas\AppData\Roaming\BitTorrent\BitTorrent.exe [2013-12-18 899160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]

C:\Program Files (x86)\Origin\Origin.exe [2013-12-18 3551576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-11-28 151952]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" c:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-12-14 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-12-18 20:35:56 ----D---- C:\rsit

2013-12-18 20:35:56 ----D---- C:\Program Files\trend micro

2013-12-18 20:32:47 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys

2013-12-18 20:21:46 ----D---- C:\ProgramData\HitmanPro

2013-12-18 20:20:07 ----D---- C:\ProgramData\QuickSet

2013-12-18 20:16:03 ----D---- C:\AdwCleaner

2013-12-18 20:11:09 ----A---- C:\Windows\SpeedItup Free Uninstall Log.txt

2013-12-18 19:28:24 ----D---- C:\Program Files (x86)\PSupport

2013-12-18 15:53:44 ----D---- C:\Program Files (x86)\Trend Micro

======List of files/folders modified in the last 1 month======

2013-12-18 20:35:56 ----RD---- C:\Program Files

2013-12-18 20:35:41 ----D---- C:\Windows\Temp

2013-12-18 20:35:00 ----A---- C:\Windows\SYSWOW64\log.txt

2013-12-18 20:32:52 ----D---- C:\Windows\System32

2013-12-18 20:32:47 ----D---- C:\Windows\system32\drivers

2013-12-18 20:32:44 ----D---- C:\Windows\Minidump

2013-12-18 20:32:44 ----D---- C:\ProgramData\NVIDIA

2013-12-18 20:32:42 ----D---- C:\Windows

2013-12-18 20:29:45 ----D---- C:\Users\servaas\AppData\Roaming\BitTorrent

2013-12-18 20:22:52 ----D---- C:\Windows\inf

2013-12-18 20:22:52 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-12-18 20:21:46 ----HD---- C:\ProgramData

2013-12-18 20:21:08 ----D---- C:\Windows\system32\config

2013-12-18 20:20:07 ----D---- C:\Windows\Tasks

2013-12-18 20:20:07 ----D---- C:\ProgramData\InstallMate

2013-12-18 20:18:54 ----RD---- C:\Program Files (x86)

2013-12-18 20:16:57 ----D---- C:\Windows\system32\Tasks

2013-12-18 20:16:56 ----D---- C:\Windows\SysWOW64

2013-12-18 20:11:13 ----D---- C:\Program Files (x86)\SpeedItup Free

2013-12-18 20:09:06 ----D---- C:\Program Files (x86)\Battlelog Web Plugins

2013-12-18 19:41:54 ----D---- C:\Program Files (x86)\Mobogenie

2013-12-18 19:38:17 ----D---- C:\Users\servaas\AppData\Roaming\.minecraft

2013-12-18 19:23:40 ----D---- C:\Windows\system32\NDF

2013-12-18 15:58:44 ----D---- C:\Program Files (x86)\Origin

2013-12-18 15:53:44 ----SHD---- C:\Windows\Installer

2013-12-18 15:53:44 ----SD---- C:\Users\servaas\AppData\Roaming\Microsoft

2013-12-18 15:53:25 ----SHD---- C:\System Volume Information

2013-12-18 15:25:36 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 nvkflt;nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-02 2380448]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2013-12-18 32512]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-12-14 5353888]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]

S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []

S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-02-12 42184]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-09-28 53760]

S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-13 1751656]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-08 1258856]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-21 76888]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20 116648]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-12-14 277616]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20 116648]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-11-28 640912]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
 {19B0FBB6-3926-8F9B-443A-DE32D3360283};c
 C:\ProgramData\sAveNshare;fs
 mobilegeni daemon;s
 C:\Program Files (x86)\Mobogenie;fs
 SpeedItupFree;s
 C:\Program Files (x86)\SpeedItup Free;fs
 C:\Windows\tasks\PC Optimizer Pro64 startups.job;f
 C:\Windows\tasks\Updater-S-201502429.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B0FBB6-3926-8F9B-443A-DE32D3360283}];r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "SpeedItupFree"=-;r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 "mobilegeni daemon"=-;r64
 startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Deep Scan
  
  
• IE Defaults
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[superjona]

Zoek.exe v5.0.0.0 Updated 18-December-2013

Tool run by servaas on do 19/12/2013 at 9:44:18,76.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\servaas\Downloads\zoek\uitpakken\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

19/12/2013 9:45:49 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\ProgramData\Oracle deleted successfully

C:\Users\servaas\AppData\Roaming\Gearbox Software deleted successfully

C:\Users\servaas\AppData\Local\cache deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2168761549-3453325828-75870251-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19B0FBB6-3926-8F9B-443A-DE32D3360283} deleted successfully

HKEY_USERS\S-1-5-21-2168761549-3453325828-75870251-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19B0FBB6-3926-8F9B-443A-DE32D3360283} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{19B0FBB6-3926-8F9B-443A-DE32D3360283} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{19B0FBB6-3926-8F9B-443A-DE32D3360283} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B0FBB6-3926-8F9B-443A-DE32D3360283} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\servaas\Downloads\zoek\uitpakken\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B0FBB6-3926-8F9B-443A-DE32D3360283}]

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpeedItupFree"=-

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"mobilegeni daemon"=-

==== Deleting Files \ Folders ======================

C:\ProgramData\sAveNshare not found

C:\Program Files (x86)\Mobogenie deleted

C:\Program Files (x86)\SpeedItup Free deleted

C:\Users\servaas\daemonprocess.txt deleted

C:\PROGRA~2\PSupport deleted

C:\ProgramData\spds90.txt deleted

C:\ProgramData\QuickSet deleted

C:\ProgramData\InstallMate deleted

C:\ProgramData\SummerSoft deleted

C:\Users\servaas\AppData\Local\CRE deleted

C:\Users\servaas\AppData\Local\avgchrome deleted

C:\Users\servaas\AppData\Local\Mobogenie deleted

C:\Windows\tasks\PC Optimizer Pro64 startups.job deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\servaas\Documents\Mobogenie deleted

"C:\Windows\tasks\Updater-S-201502429.job" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 5996 MB

CPU Info: Intel® Core i5-2450M CPU @ 2.50GHz

CPU Speed: 2520,4 MHz

Sound Card: Speakers (High Definition Audio |

Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | NVIDIA GeForce GT 630M | NVIDIA GeForce GT 630M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Atheros AR5B97 Wireless Network Adapter

CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8B0AW

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 2 Button Mouse Present

Hard Disks: C: 685,5GB

Hard Disks - Free: C: 467,5GB

Manufacturer *: INSYDE

BIOS Info: AT/AT COMPATIBLE | 10/17/11 | ACRSYS - 1

Time Zone: Romance (standaardtijd)

Motherboard *: Acer BAV50_HR

Country: Belgi‰

Language: NLB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Default Browser: Google Chrome 31.0.1650.63

Internet Explorer Version: 9.0.8112.16421

Google Chrome version: 31.0.1650.63

Sun Java version: 1.7.0_45 (32-bit)

Shockwave Player version: 12.0.5r146

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-12-18 20:15:43 4D5FD79A075B9BD9ACEFD6FAA753318A 43152 ----a-w- C:\Windows\avastSS.scr

====== C:\Users\servaas\AppData\Local\Temp ====

2013-12-18 19:18:40 DC911D6676A0594517172FEAF3DD26F3 899160 ----a-w- C:\Users\servaas\AppData\Local\Temp\utt1343.tmp.exe

2013-12-18 18:44:37 6780270FF60D628A8C685AD86BE0301D 11360 ----atw- C:\Users\servaas\AppData\Local\Temp\_TinDel.exe

2013-12-18 18:36:16 B0F6507F8666E89DD9F192313D88EB98 389632 ----a-w- C:\Users\servaas\AppData\Local\Temp\uninst1.exe

2013-12-18 18:33:12 5AA3E89A59E3D556B5F9B6D8D8EE3A82 42080 ----a-w- C:\Users\servaas\AppData\Local\Temp\bi_cleaner.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-12-18 19:44:44 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2013-12-18 19:44:41 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2013-12-18 19:44:41 9B0B14B405E0EDF76B5F5E31A49EB753 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-18 19:44:41 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-12-18 20:15:43 FC6C916BDACC594802064A78225A3E6B 334136 ----a-w- C:\Windows\Sysnative\aswBoot.exe

2013-12-18 19:30:47 1EF1CF599FE38D6E49285B766F06674B 4190 ----a-w- C:\Windows\Sysnative\.crusader

====== C:\Windows\Sysnative\drivers =====

2013-12-18 20:35:05 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-12-18 20:15:44 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys

2013-12-18 20:15:44 9C2BEA3957EFFD45F352F0938DFB3721 78648 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys

2013-12-18 20:15:44 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys

2013-12-18 20:15:44 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys

2013-12-18 20:15:44 52B5F8FAF7E78C02D26B0B6E3A05F596 1034464 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys

2013-12-18 20:15:44 4FA30DCF568C773E399F174E0A04879F 82744 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys

2013-12-18 20:15:44 251360C2FCA22BAFE0583314B3262F98 422216 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys

2013-12-18 19:32:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys

====== C:\Windows\Tasks ======

2013-12-18 20:15:47 FBD609B78E88839316D9DE8EF2DD757D 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-12-18 19:35:56 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2013-12-18 19:44:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2013-12-18 14:53:44 -------- d-----w- C:\PROGRA~2\Trend Micro

======= C: =====

====== C:\Users\servaas\AppData\Roaming ======

2013-12-18 19:02:16 EACFF9541D17E66AD6CFF105B9063879 30 ----a-w- C:\Users\servaas\AppData\Roaming\WB.CFG

====== C:\Users\servaas ======

2013-12-18 20:46:15 CE2E04C5B0C4820E129886A874D92C03 4618136 ----a-w- C:\Users\servaas\Downloads\ccsetup408.exe

2013-12-18 20:34:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\servaas\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-18 20:15:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2013-12-18 19:44:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2013-12-18 19:35:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\servaas\Downloads\RSITx64 (1).exe

2013-12-18 19:35:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\servaas\Downloads\RSITx64.exe

2013-12-18 19:21:46 -------- d-----w- C:\ProgramData\HitmanPro

2013-12-18 19:21:18 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\servaas\Downloads\HitmanPro_x64.exe

2013-12-18 19:15:54 FFA683DC592D4E91F76714D9BA2272D1 1226750 ----a-w- C:\Users\servaas\Downloads\adwcleaner.exe

2013-12-18 19:10:58 -------- d-----w- C:\Users\servaas\.smplayer

====== C: exe-files ==

2013-12-18 20:46:15 CE2E04C5B0C4820E129886A874D92C03 4618136 ----a-w- C:\Users\servaas\Downloads\ccsetup408.exe

2013-12-18 20:34:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\servaas\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-18 20:20:55 3C2A9F3195CDDD8943971DC8A677EF25 294912 ----a-w- C:\Windows\Temp\bcdedit.exe

2013-12-18 20:15:43 FC6C916BDACC594802064A78225A3E6B 334136 ----a-w- C:\Windows\System32\aswBoot.exe

2013-12-18 19:44:44 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2013-12-18 19:44:41 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2013-12-18 19:44:41 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2013-12-18 19:35:57 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\servaas.exe

2013-12-18 19:35:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\servaas\Downloads\RSITx64 (1).exe

2013-12-18 19:35:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\servaas\Downloads\RSITx64.exe

2013-12-18 19:21:18 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Users\servaas\Downloads\HitmanPro_x64.exe

2013-12-18 19:18:41 DC911D6676A0594517172FEAF3DD26F3 899160 ----a-w- C:\Users\servaas\AppData\Roaming\BitTorrent\updates\7.8.2_30332.exe

2013-12-18 19:18:40 DC911D6676A0594517172FEAF3DD26F3 899160 ----a-w- C:\Users\servaas\AppData\Local\Temp\utt1343.tmp.exe

2013-12-18 19:15:54 FFA683DC592D4E91F76714D9BA2272D1 1226750 ----a-w- C:\Users\servaas\Downloads\adwcleaner.exe

2013-12-18 18:44:37 6780270FF60D628A8C685AD86BE0301D 11360 ----atw- C:\Users\servaas\AppData\Local\Temp\_TinDel.exe

2013-12-18 18:36:16 B0F6507F8666E89DD9F192313D88EB98 389632 ----a-w- C:\Users\servaas\AppData\Local\Temp\uninst1.exe

2013-12-18 18:33:12 5AA3E89A59E3D556B5F9B6D8D8EE3A82 42080 ----a-w- C:\Users\servaas\AppData\Local\Temp\bi_cleaner.exe

2013-12-18 14:39:33 CB3091FB191AB59FCF68CB1E8137A7B5 13435232 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.63\31.0.1650.63_30.0.1599.101_chrome_updater.exe

2013-12-18 14:28:39 58B19F0798ABADF9BFFCECB5B4AB3006 360328 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005616\updatus.17446539_RUNASUSER.exe

2013-12-18 14:28:16 CA0A340ABCF0C14A09691CBC90186AB4 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateBroker.exe

2013-12-18 14:28:16 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateSetup.exe

2013-12-18 14:28:16 600B1A4BCC0823A96DC7B86F005ADBB8 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe

2013-12-18 14:28:07 9CCBA5E2489E603BB1578D1D541252A8 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

2013-12-18 14:28:07 465680BDE344CE4FF6646626AA3A9125 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

2013-12-18 14:28:06 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdate.exe

2013-12-18 14:28:04 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe

=== C: other files ==

2013-12-18 20:35:05 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-12-18 20:15:44 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-12-18 20:15:44 9C2BEA3957EFFD45F352F0938DFB3721 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-12-18 20:15:44 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-12-18 20:15:44 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-12-18 20:15:44 52B5F8FAF7E78C02D26B0B6E3A05F596 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-12-18 20:15:44 4FA30DCF568C773E399F174E0A04879F 82744 ----a-w- C:\Windows\System32\drivers\aswStm.sys

2013-12-18 20:15:44 251360C2FCA22BAFE0583314B3262F98 422216 ----a-w- C:\Windows\System32\drivers\aswSP.sys

2013-12-18 19:32:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys

2013-12-18 19:19:33 EEEFB9AC13EE21192D82F5C3D50EF695 103 ----a-w- C:\Users\servaas\AppData\Local\Temp\uttE1D6.tmp.bat

2013-12-18 19:18:41 751AC003A12174A0EFCAE593782D3B13 97 ----a-w- C:\Users\servaas\AppData\Local\Temp\utt188F.tmp.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2168761549-3453325828-75870251-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ChicaPasswordManager"="C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned"

[HKEY_USERS\S-1-5-21-2168761549-3453325828-75870251-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2168761549-3453325828-75870251-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ChicaPasswordManager"="C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~2\\psupport\\psupport.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" c:\\windows\\system32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BitTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\servaas\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EADM"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/05/2013 13:51]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/05/2013 13:51]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\{3EFA7818-5F81-4990-B4F4-4F75474C4D05}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{4179253B-8700-4393-B727-68756C39D3E5}" [C:\Games\FIFA 14\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{44F2E5A0-7D50-41C3-98C4-0750C4241A0D}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{4B67FD04-BA4A-466D-B24C-76D2C464D877}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{4C1D114E-E9FD-49B2-8FD2-00FCD31E66FE}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{4FA796E1-281B-4EFD-B23F-A2816433D932}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{541902A0-339E-40AA-A2EF-9D63A795F917}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{54453DAB-367A-43FA-A8D2-4AC650098083}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{5AA28A16-A1B4-468E-A666-4D2A6466A8AF}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{5F8BE351-8A3B-46D0-A529-4B56968FE428}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{7159CF21-0E3E-4BDB-BEBC-A1601671251C}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{7D2AA0A5-861B-4DBA-9984-11E7D61D1129}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{7F89D0A2-C9FF-4CAD-8E33-18012CFBA630}" [C:\Games\FIFA 14\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{8D6EBFD7-54BB-4B3E-9165-55F91B179F69}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{92E44F22-12DD-45DD-ABC4-19F74DEBC831}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{A2D2B733-C191-4DB8-8A40-2C015C673FBB}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{A5913125-F6FC-4032-B4FB-20702E0A27BB}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

"C:\Windows\SysNative\tasks\{E173357E-3473-45FE-8ED9-8C8A1123A519}" [C:\Games\FIFA 14\Game\fifasetup\fifaconfig.exe]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18/12/2013 21:15]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\servaas\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\servaas\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

Last updated at time on date - servaas - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Man of Steel - servaas - Default\Extensions\cjgmejdkhoceknebcblhjclppobaggen

avast Online Security - servaas - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Downlaoad keeper - servaas - Default\Extensions\gpegpfafbjomdgfkbaifmhchmffheimd

Sniper Team - servaas - Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec

Google Wallet - servaas - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

DefaultTab - C:\Windows\sysWoW64\config\systemprofile - Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Chrome Fix ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully

C:\Users\servaas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpegpfafbjomdgfkbaifmhchmffheimd deleted successfully

C:\Users\servaas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpegpfafbjomdgfkbaifmhchmffheimd_0.localstorage deleted successfully

C:\Users\servaas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpegpfafbjomdgfkbaifmhchmffheimd deleted successfully

C:\Users\servaas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{121C39A4-F07B-1528-8ADB-54DEC1A78824} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{154294FC-53F5-9BBA-52CF-0069782E0299} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52BF2457-AF4A-658C-C40A-77CE1CFF6001} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BBA57A9-DBC1-F85B-B6FF-ED46757E5551} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F4101ED-9177-C15A-7B03-507745405AEE} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{74B3B3EC-DC63-F4D4-43B6-DAD26200128B} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C7154CB-62FA-FE5C-88AB-13BDB2579843} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88F51FCE-62B0-1916-A29A-A26E643D9FEC} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BA444B3B-ED64-CFCE-5F10-55F97A0D4BF8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2168761549-3453325828-75870251-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2168761549-3453325828-75870251-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O20 - AppInit_DLLs: c:\progra~2\psupport\psupport.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\servaas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\servaas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\servaas\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\servaas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\servaas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on do 19/12/2013 at 9:56:41,73 ======================

[kape]

En hoe zit het nu met de pop-ups en ander ongewenst spul ?

Een update van het AV-programma lijkt ook hoognodig te zijn !

[superjona]

Alle ongewenste ads en programma's zijn weg. Zag het ook van die AV, staat nu Avast op.

Thanks!