Tiemen

5 april 2015

Helaas, te vroeg victorie gekraaid!

Het is gedeeltelijk opgelost (minder reclame op websites) maar nog niet volledig. Als ik een link open opent hij nog steeds popup vensters en ook op google krijg ik al eerste resultaten advertenties...

EDIT: na een aantal x websites te hebben geopend is het probleem weer op volle sterkte terug..

5 april 2015

Nu is het inderdaad weg!

5 april 2015

Bij mij ziet dit venster er iets anders uit en er is enkel een knop 'Firefox vernieuwen'. Dit heb ik dan ook gedaan maar het heeft niets opgelost.

5 april 2015

Mooi dat er geen bedreigingen meer gevonden worden.

Hoe staat het ondertussen met de problemen?

Is daar al iets veranderd?

Helaas niet, het is nog steeds hetzelfde. (praktisch alle problemen doen zich trouwens voor binnen Firefox, en niet in Internet Explorer)

4 april 2015

Ik heb het zopas een 2e keer laten lopen, 0 bedreigingen gedetecteerd nu maar het logje is nog steeds leeg.

4 april 2015

EDIT: het logje is ook niet aangepast sinds 17u terwijl ik mijn scan dan gestart heb en hij is geeindigd rond 20u30 (er is dus gewoon niets naar het logbestand geschreven..)

4 april 2015

Dit logje is quasi leeg? Er werden nochtans 6 threads gedetecteerd...

log:

log.txt

4 april 2015

Dit logje is quasi leeg? Er werden nochtans 6 threads gedetecteerd...

3 april 2015

Ook heb ik al een MBAM scan gedaan en er werden 0 bedreigingen gedetecteerd. Sorry voor het triple posten maar ik kan mijn voorgaande post niet editen.

3 april 2015

en ter anticipatie van de volgende stap:

(nog steeds niet opgelost trouwens)

AdwCleanerS0.txt

3 april 2015

logje:

P.S. het is nog niet opgelost

zoek-results.txt

2 april 2015

Hey PC-helpforum, ,

het is enige tijd geleden maar vandaag is het weer zover... malware in mijn browser.

Wat gebeurt er: veel pop-ups, nieuwe vensters die vanzelf openen, woorden die op een bepaalde site groter staan en met een icoontje erboven en als je er op gaat staat met de muis krijg je een link naar ergens anders etc etc....

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:47:11, on 2/04/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 36.0.4 (x86 nl)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Users\Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Users\Tiemen\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.4.0\ScriptHelper.exe
C:\Users\Tiemen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={245EC870-CCDB-4B15-B336-B68F56B99E68}&mid=19ea7ffd791947d2a1d57d32e7407661-44d2b87b6ceeb78305fc5f144f21245eeb866e14〈=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-16 10:26:07&v=4.1.0.411&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin
O4 - Startup: Dropbox.lnk = Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16764 bytes

Alvast bedankt!

RSIT log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Tiemen at 2015-04-02 16:54:02
Microsoft Windows 8.1
System drive C: has 7 GB (2%) free of 382 GB
Total RAM: 8075 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:07, on 2/04/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Users\Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\Tiemen\AppData\Roaming\uTorrent\uTorrent.exe
c:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Tiemen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={245EC870-CCDB-4B15-B336-B68F56B99E68}&mid=19ea7ffd791947d2a1d57d32e7407661-44d2b87b6ceeb78305fc5f144f21245eeb866e14〈=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-16 10:26:07&v=4.1.0.411&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin
O4 - Startup: Dropbox.lnk = Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 17118 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\system32\WLANExt.exe 826502658016
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ASUS\P4G\InsOnSrv.exe"
"C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
dashost.exe {efd29f42-29ef-4a07-99ac5d5d41d46dd3}
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-f032-9a6f97d35805 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files\ASUS\P4G\InsOnWMI.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe"
taskhostex.exe
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
C:\Windows\Explorer.EXE
KBFiltr.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
"C:\Users\Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Citrix\Receiver\Receiver.exe" -autoupdate -startplugins
"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
ctfmon.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe"
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" --lang=en-US --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --lang=en-US --uncaught-exception-stack-size=1024 --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="10920.1.619824852\1760069503" /prefetch:673131151

"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe" -critical
/S
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Users\Tiemen\AppData\Roaming\uTorrent\uTorrent.exe" "magnet:?xt=urn:btih:fde98fa482495d8c76314c530acde389e5c8d0b0&dn=House+of+Cards+2013+S03E10+720p+WEBRip+x264-2HD+%5Beztv%5D&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969"
"c:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=8044.16a288a0.1839413976 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll" -greomni "c:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "c:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "c:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 8044 "\\.\pipe\gecko-crash-server-pipe.8044" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --proxy-stub-channel=Flash10808.63B8E7D8.10414 --host-broker-channel=Flash10808.63B8E7D8.27386 --host-pid=10808 --host-npapi-version=28 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --channel=3372.00EAF7F0.149568080 --proxy-stub-channel=Flash10808.63B8E7D8.10414 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll" --host-npapi-version=28 --type=renderer

"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"
C:\Windows\splwow64.exe 8192
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:10048 CREDAT:267521 /prefetch:2
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:10048 CREDAT:726336 /prefetch:2
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3155478013-3749194283-1948835671-1001785_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3155478013-3749194283-1948835671-1001785 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe786_ Global\UsGthrCtrlFltPipeMssGthrPipe786 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\MDR1PR9F\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\24seven_savings_notification_service.job - C:\Program Files (x86)\24Seven savings\24seven_savings_notification_service.exe /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='24Seven savings' /appid='73143' /srcid='2913' /bic='e3632ea1186bb4b2a1a429f0eb5ccda5' /verifier='72ea6412c51c4aaef1413a6a51a48e27' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1427983214' /runfrom='task' /brwtype='notbg' /postponedhours='6'
C:\Windows\tasks\24seven_savings_updating_service.job - C:\Program Files (x86)\24Seven savings\24seven_savings_updating_service.exe /campid=2913 /verid=1 /url=http://cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=24seven_savings_updating_service /funurl=http://stats.buildomserv.com
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\MATLAB R2013b Startup Accelerator.job - C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
C:\Windows\tasks\MVETIHcwEjIFAivGNCd20.job - C:\Users\Tiemen\AppData\Roaming\MVETIHcwEjIFAivGNCd20.exe --c=An8zovGFmUXT8wWISooi6RxNzQBWrKNU8q0xh7bnWRMYLRpz3HXIbf/5kWjwcogcdmojk3IbGPzJFtPMPOQrddv12v4baxuxbWLNFfsNpJ3BrYnHoU9M7hyrUA//iD15mErzLhSDbSrGQioNkgF0BgdiMXoLu3hZUh+jYC5J6p+Rh7X7MgeTLyLipo+/Ie2rbD7eicHxJKppP/YYeIzEyD3mbIwkVqfdrkHursehH4KrBQ+Uhm1TWSVzjaXQo4500uEEMWihQJms3YG4nggcZXm0jsUiQOQOfV9ok0Bub0L2WJxYyB1hhOrtfC3UwzUDc3VJbhBtAHBcQ+7elqJ1/A==

=========Mozilla firefox=========

ProfilePath - C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.be"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Citrix.com/npican]
"Description"=Citrix ICA Client Plugin
"Path"=C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\extensions\
avg@toolbar
cddJDCJ@gmail.com
jid1-u9RbFp9JcoEGGw@jetpack

C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\searchplugins\
avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Web TuneUp - C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-04 2467864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Web TuneUp - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-04 2424856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-11 391128]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-11 771032]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-11-07 7818552]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 415680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2012-12-25 2649816]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [2015-02-08 960688]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2013-12-13 3216032]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [2013-08-16 63296]
"ASUS InstantKey"=C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [2013-12-19 13936]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2013-03-08 95192]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-24 111120]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2014-03-12 707472]
"CitrixReceiver"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk []
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2014-02-13 395656]
"Redirector"=C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [2014-02-13 153992]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2015-03-25 3723728]
"vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2015-03-04 3033112]

C:\Users\Tiemen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-12-11 624640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-04-03 15:49:34 ----A---- C:\Users\Tiemen\AppData\Roaming\MVETIHcwEjIFAivGNCd20.exe
2015-04-02 16:54:02 ----D---- C:\rsit
2015-04-02 16:54:02 ----D---- C:\Program Files\trend micro
2015-04-02 16:00:13 ----D---- C:\Program Files (x86)\24Seven savings
2015-03-25 11:21:34 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2015-03-22 12:44:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-19 16:05:44 ----A---- C:\Windows\system32\drivers\avgwfpa.sys
2015-03-07 09:50:51 ----A---- C:\Windows\system32\hasplms.exe
2015-03-04 14:55:13 ----D---- C:\Program Files (x86)\Correlated Solutions

======List of files/folders modified in the last 1 month======

2015-04-02 16:54:06 ----D---- C:\Windows\Prefetch
2015-04-02 16:54:02 ----RD---- C:\Program Files
2015-04-02 16:53:15 ----D---- C:\Users\Tiemen\AppData\Roaming\uTorrent
2015-04-02 16:51:30 ----AD---- C:\Windows\Temp
2015-04-02 16:39:57 ----D---- C:\Users\Tiemen\AppData\Roaming\vlc
2015-04-02 16:30:14 ----D---- C:\Windows\system32\sru
2015-04-02 16:00:18 ----D---- C:\Windows\Tasks
2015-04-02 16:00:18 ----D---- C:\Windows\system32\Tasks
2015-04-02 16:00:13 ----RD---- C:\Program Files (x86)
2015-04-02 12:07:49 ----D---- C:\Windows\Microsoft.NET
2015-04-02 11:43:28 ----D---- C:\ProgramData\MFAData
2015-04-01 14:58:45 ----D---- C:\Users\Tiemen\AppData\Roaming\Dropbox
2015-03-31 17:02:04 ----SHD---- C:\Windows\Installer
2015-03-31 17:00:06 ----D---- C:\Windows\system32\drivers
2015-03-30 22:37:11 ----RD---- C:\Windows\System32
2015-03-30 22:37:11 ----D---- C:\Windows\Inf
2015-03-30 22:37:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-29 16:01:24 ----D---- C:\Windows\system32\drivers\etc
2015-03-28 14:39:15 ----SHD---- C:\System Volume Information
2015-03-25 18:46:49 ----D---- C:\Windows\system32\config
2015-03-21 14:50:42 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-14 20:15:06 ----D---- C:\Windows\system32\wdi
2015-03-14 14:50:59 ----D---- C:\Windows\AppReadiness
2015-03-14 14:50:58 ----HD---- C:\Program Files\WindowsApps
2015-03-13 17:10:35 ----AD---- C:\Windows
2015-03-07 13:15:11 ----D---- C:\Windows\WinSxS
2015-03-07 09:50:54 ----D---- C:\Program Files (x86)\Common Files
2015-03-07 09:49:33 ----D---- C:\Windows\system32\DriverStore
2015-03-04 15:24:23 ----D---- C:\Program Files\AVG Web TuneUp
2015-03-04 15:24:22 ----D---- C:\Program Files (x86)\AVG Web TuneUp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-02-03 341472]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-02-05 133088]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-08-09 644968]
R0 IntelHSWPcc;IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [2013-08-06 74344]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-07-02 19768]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-03-25 281056]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-08-28 243480]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2014-02-05 97768]
R1 dtsoftbus01;@oem25.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2014-06-03 283064]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2014-11-26 91784]
R2 aksfridge;@oem36.inf,%AksFridgeServiceDisp%;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2014-11-26 162136]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2014-11-26 331608]
R2 plctrl;plctrl; \??\C:\Program Files\ASUS\P4G\plctrl.sys [2013-08-29 14136]
R3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2014-03-12 112496]
R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys [2013-04-17 17152]
R3 ATP;@oem12.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\Windows\System32\drivers\AsusTP.sys [2013-12-12 70928]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator-service; C:\Windows\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2014-01-31 81920]
R3 btmaux;@oem20.inf,%BTMAUX.ServiceDesc%;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2013-11-07 140600]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2013-11-07 1411384]
R3 HIDSwitch;@oem23.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys [2013-10-08 20280]
R3 ibtusb;@oem21.inf,%ibtusb.SVCDESC_IBT%;Intel® Wireless Bluetooth® 4.0 + HS Adapter; C:\Windows\system32\DRIVERS\ibtusb.sys [2013-11-23 149448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-12-11 4209152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-01-21 3849304]
R3 iwdbus;@oem9.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-10-29 27032]
R3 kbfiltr;@oem22.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\Windows\System32\drivers\kbfiltr.sys [2012-08-06 17280]
R3 MEIx64;@oem2.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-12-09 100312]
R3 NETwNb64;@oem15.inf,___ %NIC_Service_DispName_WINB_64%;___ Intel® Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\Windows\system32\DRIVERS\NETwbw02.sys [2013-12-05 3609056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-01-08 12652320]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2014-01-27 167424]
R3 RTL8168;@oem13.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-01-08 848088]
R3 RTSPER;@oem14.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\Windows\system32\DRIVERS\RtsPer.sys [2013-10-18 444632]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\Windows\system32\DRIVERS\avgboota.sys [2013-09-04 20496]
S1 Avgwfpa;AVG Firewall Driver; C:\Windows\system32\DRIVERS\avgwfpa.sys [2015-03-19 289248]
S3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2013-06-18 1146880]
S3 akshasp;@oem35.inf,%svcdesc%;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2014-11-26 60488]
S3 akshhl;@oem36.inf,%svcdesc%;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2014-11-26 63944]
S3 aksusb;@oem34.inf,%svcdesc%;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2014-11-26 303624]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 dg_ssudbus;@oem30.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel® PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem8.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-10-29 39320]
S3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-12-05 449496]
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\Windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 NETwNs64;@netwsw00.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2013-06-18 11518976]
S3 ssudmdm;@oem32.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 vpnva;@oem26.inf,%VPNVA64_Desc%;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-03-12 52592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2013-09-09 111416]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files\ASUS\P4G\InsOnSrv.exe [2013-08-29 277120]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [2013-08-16 71680]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-03-25 309232]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-11-07 1186168]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-11-07 1161592]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-11-20 631024]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-09 227936]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2014-11-26 4608320]
R2 iBtSiva;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2014-01-19 129992]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel® ME Service;Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-12-09 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2013-12-09 169432]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2013-12-09 390616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-01-08 922912]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-11-20 154864]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-03-12 560528]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-03-25 3416016]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09 68608]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08 267440]
S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-12-11 279000]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-03 1432400]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09 68608]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-22 148080]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

-----------------EOF-----------------

21 september 2012

Ik denk dat het opgelost is. Ik heb ook bij mn programma's snap.do verwijderd en mn homepage opnieuw ingesteld. Bedankt!

21 september 2012

ComboFix 12-09-20.03 - Tiemen De Winter 21/09/2012 20:18:51.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1756 [GMT 2:00]

Gestart vanuit: c:\users\Tiemen De Winter\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Tiemen De Winter\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Tiemen De Winter\AppData\Local\Smartbar

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))

.

2012-09-21 18:31 . 2012-09-21 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-09-21 18:31 . 2012-09-21 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-21 11:47 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D02DED49-FA5B-4975-B4B2-ED1E73030C02}\mpengine.dll

2012-09-21 11:40 . 2012-09-21 11:40 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-09-17 16:58 . 2012-09-17 16:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 03:34 . 2012-09-14 03:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-09-12 09:47 . 2012-09-12 09:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-12 09:47 . 2012-09-12 09:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-09-11 15:08 . 2012-09-11 15:08 -------- d-----w- c:\users\Tiemen De Winter\AppData\Roaming\OpenCandy

2012-09-06 15:58 . 2012-09-06 15:58 -------- d-----w- c:\program files\Common Files\Skype

2012-09-05 16:26 . 2012-09-05 16:26 -------- d-----w- c:\users\Tiemen De Winter\AppData\Roaming\AVG2013

2012-09-05 16:23 . 2012-09-05 16:23 -------- d-----w- c:\users\Tiemen De Winter\AppData\Local\AVG Secure Search

2012-09-05 16:23 . 2012-09-05 16:23 -------- d-----w- c:\users\Tiemen De Winter\AppData\Roaming\TuneUp Software

2012-09-05 16:22 . 2012-09-05 16:22 -------- d-----w- c:\programdata\AVG Secure Search

2012-09-05 16:22 . 2012-09-05 16:22 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-09-05 16:22 . 2012-09-05 16:22 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-09-05 16:22 . 2012-09-05 16:22 -------- d-----w- c:\program files\AVG Secure Search

2012-09-05 16:19 . 2012-09-05 16:24 -------- d-----w- c:\programdata\AVG2013

2012-09-05 15:52 . 2012-09-05 16:19 -------- d-----w- C:\$AVG

2012-09-05 15:45 . 2012-09-21 15:28 -------- d-----w- c:\programdata\MFAData

2012-09-05 15:45 . 2012-09-05 15:45 -------- d-----w- c:\users\Tiemen De Winter\AppData\Local\MFAData

2012-09-05 15:45 . 2012-09-05 15:45 -------- d-----w- c:\users\Tiemen De Winter\AppData\Local\Avg2013

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-07 15:04 . 2011-01-21 19:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-13 14:40 . 2012-08-13 14:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-08-10 02:52 . 2012-08-10 02:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-08-10 02:52 . 2012-08-10 02:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-08-09 11:56 . 2012-08-09 11:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-07-05 20:06 . 2012-08-21 05:23 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-05 20:06 . 2012-08-21 05:23 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:02 . 2012-08-17 09:46 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-30 10:28 . 2012-06-30 10:28 388096 ----a-r- c:\users\Tiemen De Winter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-29 00:16 . 2012-08-17 09:50 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09 . 2012-08-17 09:50 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08 . 2012-08-17 09:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04 . 2012-08-17 09:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00 . 2012-08-17 09:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2008-08-16 15:42 . 2012-09-07 15:36 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2012-09-07 15:36 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2012-09-07 15:36 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2012-09-07 15:36 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2012-09-07 15:36 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2012-09-07 15:36 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2012-09-07 15:36 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2012-09-07 15:36 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2012-09-07 15:36 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2012-09-07 15:36 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2012-09-07 15:37 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2012-09-07 15:37 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-09-07 15:37 . 2012-09-07 15:36 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-08 19:53 . 2012-09-07 15:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-05 16:22 2045536 ----a-w- c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-05 2045536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"GoogleChromeAutoLaunch_2BDE86D759DAD0CE7533CB14736799C0"="c:\users\Tiemen De Winter\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-13 3549696]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-20 249600]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-05 950368]

.

c:\users\Tiemen De Winter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:00]

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:00]

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2491774230-3222390539-979914213-1000Core.job

- c:\users\Tiemen De Winter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 11:29]

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2491774230-3222390539-979914213-1000UA.job

- c:\users\Tiemen De Winter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 11:29]

.

2012-09-21 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0709&m=aspire_7738

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Tiemen De Winter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

Trusted Zone: ugent.be\athena

Trusted Zone: ugent.be\athenax

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\Tiemen De Winter\AppData\Roaming\Mozilla\Firefox\Profiles\1zmzzrj5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - Google

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-09-21 20:31

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,

0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=hex:51,66,7a,6c,4c,1d,38,12,e6,58,38,

83,87,d3,7e,06,c2,c6,ef,58,90,09,a1,e1

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{87775FDB-6972-41F9-AE51-8326E38CB206}"=hex:51,66,7a,6c,4c,1d,38,12,b5,5c,64,

83,40,27,97,04,d1,47,c0,66,e6,d2,f6,12

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,

0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4

"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,

23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,

b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{3CD2B0B1-3011-4A68-9AC5-D3A88DE0F2D9}"=hex:51,66,7a,6c,4c,1d,38,12,df,b3,c1,

38,23,7e,06,0f,e5,d3,90,e8,88,be,b6,cd

"{4D1A83C2-7F52-4D4C-8790-6F7F478A0D96}"=hex:51,66,7a,6c,4c,1d,38,12,ac,80,09,

49,60,31,22,08,f8,86,2c,3f,42,d4,49,82

"{84902C76-B6BC-4199-8ADA-F1F65CC2A6AB}"=hex:51,66,7a,6c,4c,1d,38,12,18,2f,83,

80,8e,f8,f7,04,f5,cc,b2,b6,59,9c,e2,bf

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,ea,

71,82,e9,fc,3f,9d,e9,17,af,ad,b0,e5,ab

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f2,90,b8,27,58,1d,cd,01

.

[HKEY_USERS\S-1-5-21-2491774230-3222390539-979914213-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8569F2DD-E273-B086-CC78-B453C2C69A8F}*]

"majbolgfokbeggndogdhoogcjm"=hex:6a,61,6b,69,67,70,64,67,6f,70,69,64,66,61,68,

68,6b,6e,6f,6c,00,6e

"napbmcppojbhdiibjblfddaaogfh"=hex:6a,61,6c,69,6d,6f,68,6f,64,6c,67,70,68,64,

6e,6a,63,6d,66,6d,00,6d

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(936)

c:\program files\Acer Bio Protection\PwdFilter.dll

.

- - - - - - - > 'Explorer.exe'(4636)

c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll

c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll

c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll

c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll

c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll

c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll

c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll

.

Voltooingstijd: 2012-09-21 20:34:54

ComboFix-quarantined-files.txt 2012-09-21 18:34

ComboFix2.txt 2012-09-21 12:26

ComboFix3.txt 2012-07-01 22:17

.

Pre-Run: 21,454,270,464 bytes beschikbaar

Post-Run: 21,429,854,208 bytes beschikbaar

.

- - End Of File - - 0045D0F671C8BC9F81A2D55E96ADBD87

21 september 2012

ComboFix 12-09-20.03 - Tiemen De Winter 21/09/2012 14:07:43.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1453 [GMT 2:00]

Gestart vanuit: c:\users\Tiemen De Winter\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Public\Documents\bootracer.tmp

c:\users\Tiemen De Winter\AppData\Roaming\spynet

c:\users\Tiemen De Winter\AppData\Roaming\spynet\server.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))

.

2012-09-21 12:20 . 2012-09-21 12:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-09-21 12:20 . 2012-09-21 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-21 11:47 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D02DED49-FA5B-4975-B4B2-ED1E73030C02}\mpengine.dll

2012-09-21 11:40 . 2012-09-21 11:40 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-09-19 12:34 . 2012-09-20 13:44 -------- d-----w- c:\users\Tiemen De Winter\AppData\Local\Smartbar