Mededeling

Collapse
No announcement yet.

Browsers werkten niet meer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Browsers werkten niet meer

    Hallo,

    Ik ben bezig met het opschonen van de laptop van mijn vader. Er staat een hoop rotzooi op waardoor internetbrowsers niet meer werkten. Chrome heb ik ondertussen verwijderd (die komt uiteraard weer terug) en na een grote schoonmaak werkt Explorer weer. Ik denk dat het nu al wel aardig schoon is. Echter, vorige week dacht ik even snel hetzelfde probleem op te lossen, maar toen kwam het binnen een dag weer terug. Dus voor de zekerheid hier even de logjes. Alvast bedankt voor degene die er naar wilt kijken!

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.08.01.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17207
    andré :: ANDRÉ-TOSH [administrator]

    1-8-2014 10:27:59
    mbam-log-2014-08-01 (10-27-59).txt

    Scan type: Volledige scan (C:\|D:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 430768
    Verstreken tijd: 56 minuut/minuten, 13 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 14
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~uninstall.exe.vir (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\FuzeZipSetup-r159-w-bi.exe (PUP.Optional.Koyote.A) -> Geen actie ondernomen.

    (einde)


    DDS (Ver_2012-11-05.02) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
    Run by andré at 12:08:44 on 2014-08-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.1815 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    c:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\HP\HP Photosmart 5520 series\Bin\HP Photosmart 5520 series.exe
    C:\Windows\SysWOW64\mshta.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\andré\Desktop\dds.pif
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.nl/
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe /install /silent
    dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Toevoegen aan TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.6.1
    TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5} : DHCPNameServer = 192.168.6.1
    TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\14C66627564602A4F646F636573702B47716B6 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\24564616E64626275616B66616374756E6B6865796A756E6E236F6D6 : DHCPNameServer = 10.158.209.122
    TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\65D2051627B6D2844627E6D22476D27333 : DHCPNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-29 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-29 224896]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-29 1041168]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-29 427360]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-6 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-29 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-29 92008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-6 50344]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe [2012-8-17 162824]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-17 2533400]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-8-17 38096]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-17 1103464]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-17 250984]
    S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-17 54136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-19 1255736]
    S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-08-01 10:08:45 -------- d-----w- C:\Users\andrÚ\AppData\Local\Microsoft
    2014-08-01 08:25:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
    2014-08-01 05:59:25 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
    2014-08-01 05:55:00 2620928 ----a-w- C:\Windows\System32\wucltux.dll
    2014-08-01 05:54:47 97792 ----a-w- C:\Windows\System32\wudriver.dll
    2014-08-01 05:54:47 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-08-01 05:54:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-08-01 05:54:35 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-08-01 05:54:35 198600 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-08-01 05:54:35 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2014-07-26 19:13:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-07-26 19:13:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-07-26 19:13:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-24 14:57:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-10 06:29:47 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-07-10 06:28:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-07-10 06:28:59 360960 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-07-10 06:28:57 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-07-10 06:28:57 293048 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-07-10 06:28:56 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-07-10 06:28:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-07-10 06:28:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-07-10 06:28:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-07-06 15:21:21 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-07-06 15:21:08 43152 ----a-w- C:\Windows\avastSS.scr
    .
    ==================== Find3M ====================
    .
    2014-07-08 18:10:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-08 18:10:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-07-06 15:21:09 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-07-06 15:21:09 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-07-06 15:21:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-07-06 15:21:09 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-07-06 15:21:09 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-07-06 15:21:09 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 12:09:16,68 ===============


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-08-01 12:37:21
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
    Running: kt057enl.exe; Driver: C:\Users\ANDR~1\AppData\Local\Temp\fgddykob.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002da9000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002da902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\System32\svchost.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\system32\winlogon.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\System32\svchost.exe[128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\system32\svchost.exe[352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\system32\svchost.exe[512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\System32\GFNEXSrv.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Windows\system32\TODDSrv.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2804] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\Explorer.EXE[3000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2472] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Windows\System32\hkcmd.exe[2996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[1144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[2524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastui.exe[4180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076608791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
    .text C:\Program Files\AVAST Software\Avast\avastui.exe[4180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastui.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76]
    .text C:\Program Files\AVAST Software\Avast\avastui.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[5112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[5084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text c:\Program Files (x86)\Nero\Update\NASvc.exe[1640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76]
    .text ... * 2
    .text C:\Windows\SysWOW64\mshta.exe[2256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077043b10 6 bytes {NOP ; JMP 0xffffffff8924cc4c}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077047ac0 6 bytes {NOP ; JMP 0xffffffff892488e4}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4320] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f5ef8d 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2296] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007723c4dd 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2296] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077241287 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2296] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007723c4dd 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4324] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077241287 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4324] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d91465 2 bytes [D9, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d914bb 2 bytes [D9, 76]
    .text ... * 2
    .text C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\kt057enl.exe[4944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007662a2fd 1 byte [62]

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3432:4256] 000007fefb142bf8
    ---- Processes - GMER 2.1 ----

    Process C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\kt057enl.exe (*** suspicious ***) @ C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\kt057enl.exe [4944](2014-08-01 10:10:32) 0000000000400000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5003ba
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x43 0x38 0x42 0x73 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5003ba (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x43 0x38 0x42 0x73 ...

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi rick_klein en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.

    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hoi Emphyrio,

      Bedankt voor je reactie. Onderstaand alle logjes.



      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2014.08.01.01

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17207
      andré :: ANDRÉ-TOSH [administrator]

      2-8-2014 11:09:53
      mbam-log-2014-08-02 (11-09-53).txt

      Scan type: Volledige scan (C:\|D:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 440388
      Verstreken tijd: 53 minuut/minuten, 34 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 14
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.6.9.12\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.3.8\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.8.7.2\~uninstall.exe.vir (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\FuzeZipSetup-r159-w-bi.exe (PUP.Optional.Koyote.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      (einde)


      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2014.08.01.01

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17207
      andré :: ANDRÉ-TOSH [administrator]

      2-8-2014 12:07:04
      mbam-log-2014-08-02 (12-07-04).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 290456
      Verstreken tijd: 9 minuut/minuten, 2 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)


      # AdwCleaner v3.302 - Rapport aangemaakt 02/08/2014 op 12:56:28
      # Laatste Update 30/07/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : andré - ANDRÉ-TOSH
      # Gestart vanuit : C:\Users\andré\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRGBPGCP\adwcleaner_3.302.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\apn
      Map Verwijderd : C:\Program Files (x86)\File Type Assistant
      Map Verwijderd : C:\Users\andré\AppData\Local\FileTypeAssistant
      Map Verwijderd : C:\Users\ANDR~1\AppData\Local\Temp\apn
      Map Verwijderd : C:\Users\andré\AppData\Roaming\incredibar

      ***** [ Taken ] *****

      Taak Verwijderd : DSite
      Taak Verwijderd : EPUpdater
      Taak Verwijderd : Funmoods
      Taak Verwijderd : Lyrics Finder Update
      Taak Verwijderd : PC Optimizer Pro Updates
      Taak Verwijderd : PC Optimizer Pro64 Scan
      Taak Verwijderd : ProgramRefresh-ATFST

      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
      Sleutel Verwijderd : HKCU\Software\qtrax
      Sleutel Verwijderd : HKLM\Software\Driver-Soft
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Speedchecker Limited

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17207


      *************************

      AdwCleaner[R0].txt - [14392 octets] - [29/01/2014 19:30:30]
      AdwCleaner[R1].txt - [2602 octets] - [02/08/2014 12:27:02]
      AdwCleaner[S0].txt - [14129 octets] - [29/01/2014 19:31:23]
      AdwCleaner[S1].txt - [2526 octets] - [02/08/2014 12:56:28]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2586 octets] ##########



      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
      Run by andré at 13:02:00 on 2014-08-02
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.1945 [GMT 2:00]
      .
      AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      C:\Windows\System32\GFNEXSrv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\system32\TODDSrv.exe
      C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskhost.exe
      C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
      C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
      C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
      C:\Windows\system32\igfxext.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files\AVAST Software\Avast\avastui.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
      C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
      C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      c:\Program Files (x86)\Nero\Update\NASvc.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
      C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\andré\Desktop\dds.scr
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxps://www.google.nl/
      uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
      mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
      mWinlogon: Userinit = userinit.exe,
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
      mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Toevoegen aan TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
      IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
      DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
      DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
      DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
      TCP: NameServer = 10.158.209.122
      TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5} : DHCPNameServer = 10.158.209.122
      TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\14C66627564602A4F646F636573702B47716B6 : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\65D2051627B6D2844627E6D22476D27333 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\755637475627E6449676964716C6 : DHCPNameServer = 192.168.6.1
      Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      SSODL: WebCheck - <orphaned>
      x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
      x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
      x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
      x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
      x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
      x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
      x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
      x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-29 65776]
      R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-29 224896]
      R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-29 1041168]
      R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-29 427360]
      R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-6 29208]
      R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-29 79184]
      R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-29 92008]
      R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-6 50344]
      R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
      R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
      R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe [2012-8-17 162824]
      R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
      R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-17 2533400]
      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-17 56344]
      R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
      R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-8-17 38096]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
      R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-17 1103464]
      R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
      S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
      S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-17 250984]
      S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
      S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-17 54136]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-19 1255736]
      S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
      .
      =============== Created Last 30 ================
      .
      2014-08-02 07:30:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\offreg.dll
      2014-08-01 10:08:45 -------- d-----w- C:\Users\andrÚ\AppData\Local\Microsoft
      2014-08-01 08:25:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
      2014-08-01 05:59:25 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
      2014-08-01 05:55:00 2620928 ----a-w- C:\Windows\System32\wucltux.dll
      2014-08-01 05:54:47 97792 ----a-w- C:\Windows\System32\wudriver.dll
      2014-08-01 05:54:47 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
      2014-08-01 05:54:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
      2014-08-01 05:54:35 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
      2014-08-01 05:54:35 198600 ----a-w- C:\Windows\System32\wuwebv.dll
      2014-08-01 05:54:35 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
      2014-07-26 19:13:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-07-26 19:13:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-07-26 19:13:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-07-24 14:57:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-07-10 06:29:47 624128 ----a-w- C:\Windows\System32\qedit.dll
      2014-07-10 06:28:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2014-07-10 06:28:59 360960 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
      2014-07-10 06:28:57 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
      2014-07-10 06:28:57 293048 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
      2014-07-10 06:28:56 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-07-10 06:28:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-07-10 06:28:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-07-10 06:28:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-07-06 15:21:21 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
      2014-07-06 15:21:08 43152 ----a-w- C:\Windows\avastSS.scr
      .
      ==================== Find3M ====================
      .
      2014-07-08 18:10:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-07-08 18:10:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-07-06 15:21:09 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
      2014-07-06 15:21:09 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
      2014-07-06 15:21:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
      2014-07-06 15:21:09 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
      2014-07-06 15:21:09 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
      2014-07-06 15:21:09 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
      2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
      2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
      2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
      2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
      2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
      2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
      2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
      2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
      2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
      2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
      2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
      2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
      .
      ============= FINISH: 13:03:44,20 ===============


      Results of screen317's Security Check version 0.99.86
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      avast! Antivirus
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Java(TM) 6 Update 20
      Java 7 Update 65
      Adobe Reader XI
      ````````Process Check: objlist.exe by Laurent````````
      AVAST Software Avast AvastSvc.exe
      AVAST Software Avast avastui.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 1%
      ````````````````````End of Log``````````````````````

      Comment


      • #4
        Deze mag je verwijderen van je pc via Programma's en Onderdelen: Java(TM) 6 Update 20
        PC herstarten hierna.


        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

        .


        Download Combofix naar je bureaublad.
        (Dus niet naar een download map of temp map)

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Hierbij twee nieuwe logjes:

          ComboFix 14-08-02.02 - andré 02-08-2014 14:33:24.1.4 - x64
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2335 [GMT 2:00]
          Gestart vanuit: c:\users\andrÚ\Desktop\ComboFix.exe
          AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
          SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .
          .
          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          c:\programdata\909
          c:\programdata\909\158225293.dat
          c:\programdata\909\158225293.dll
          c:\programdata\909\ccdxmmde.dat
          c:\programdata\909\drss.dat
          c:\programdata\909\sysprep.exe
          c:\programdata\909\tpedh.dat
          c:\programdata\d479ae83-b0a7-4847-8033-dcb870990fe0
          .
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2014-07-02 to 2014-08-02 ))))))))))))))))))))))))))))))
          .
          .
          2014-08-02 12:39 . 2014-08-02 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
          2014-08-02 12:18 . 2014-08-02 12:18 -------- d-----w- c:\program files\CCleaner
          2014-08-02 07:30 . 2014-08-02 12:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\offreg.dll
          2014-08-01 10:08 . 2014-08-01 10:08 -------- d-----w- c:\users\andrÚ
          2014-08-01 08:25 . 2014-08-01 08:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
          2014-08-01 05:59 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
          2014-08-01 05:55 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
          2014-08-01 05:55 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
          2014-08-01 05:55 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
          2014-08-01 05:55 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
          2014-08-01 05:54 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
          2014-08-01 05:54 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
          2014-08-01 05:54 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
          2014-08-01 05:54 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
          2014-08-01 05:54 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
          2014-08-01 05:54 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
          2014-08-01 05:54 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
          2014-08-01 05:54 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
          2014-08-01 05:54 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
          2014-08-01 05:54 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
          2014-07-26 19:13 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
          2014-07-26 19:13 . 2014-07-26 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
          2014-07-26 19:13 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
          2014-07-24 14:57 . 2014-07-24 14:57 -------- d-----w- c:\program files (x86)\Common Files\Java
          2014-07-24 14:57 . 2014-07-11 01:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
          2014-07-10 06:29 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
          2014-07-10 06:28 . 2014-06-19 00:41 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
          2014-07-10 06:28 . 2014-06-18 22:23 360960 ----a-w- c:\program files\Internet Explorer\IEShims.dll
          2014-07-10 06:28 . 2014-06-18 23:53 195584 ----a-w- c:\windows\system32\msrating.dll
          2014-07-10 06:28 . 2014-06-20 20:14 293048 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
          2014-07-10 06:28 . 2014-06-18 23:50 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
          2014-07-10 06:28 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
          2014-07-10 06:28 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll
          2014-07-10 06:28 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
          2014-07-10 06:28 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
          2014-07-10 06:28 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
          2014-07-06 15:26 . 2014-08-02 10:05 -------- d-----w- c:\program files\Google
          2014-07-06 15:21 . 2014-07-06 15:21 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
          2014-07-06 15:21 . 2014-07-06 15:21 43152 ----a-w- c:\windows\avastSS.scr
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2014-07-14 08:28 . 2012-08-22 08:01 96441528 ----a-w- c:\windows\system32\MRT.exe
          2014-07-08 18:10 . 2012-09-05 16:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-07-08 18:10 . 2012-09-05 16:48 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
          2014-07-06 15:21 . 2014-01-29 16:10 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
          2014-07-06 15:21 . 2014-01-29 16:10 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
          2014-07-06 15:21 . 2014-01-29 16:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
          2014-07-06 15:21 . 2014-01-29 16:10 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
          2014-07-06 15:21 . 2014-01-29 16:10 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
          2014-07-06 15:21 . 2014-01-29 16:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
          2014-07-06 15:21 . 2014-01-29 16:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
          2014-07-06 15:21 . 2014-01-29 16:10 307344 ----a-w- c:\windows\system32\aswBoot.exe
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
          "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
          .
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
          .
          c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
          TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 5 (0x5)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableUIADesktopToggle"= 0 (0x0)
          "EnableLinkedConnections"= 1 (0x1)
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
          "LoadAppInit_DLLs"=1 (0x1)
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
          @=""
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
          @=""
          .
          R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
          R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
          S0 aswRvrt;avast! Revert; [x]
          S0 aswVmm;avast! VM Monitor; [x]
          S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
          S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
          S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
          S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt .sys [x]
          S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
          S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
          S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
          S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
          S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
          .
          .
          Inhoud van de 'Gedeelde Taken' map
          .
          2014-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 18:10]
          .
          2013-01-20 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
          - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
          .
          .
          --------- X64 Entries -----------
          .
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
          @="{472083B0-C522-11CF-8763-00608CC02F24}"
          [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
          2014-07-06 15:21 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
          "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-30 162328]
          "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 386584]
          "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-30 417304]
          "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
          "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
          "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
          "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
          "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
          .
          ------- Bijkomende Scan -------
          .
          uLocal Page = c:\windows\system32\blank.htm
          uStart Page = https://www.google.nl/
          mLocal Page = c:\windows\SysWOW64\blank.htm
          mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
          IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
          IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
          TCP: DhcpNameServer = 10.158.209.122
          .
          - - - - ORPHANS VERWIJDERD - - - -
          .
          Toolbar-Locked - (no file)
          Wow6432Node-HKLM-Run-<NO NAME> - (no file)
          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
          Toolbar-Locked - (no file)
          HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
          HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
          HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
          HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
          AddRemove-Media Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
          .
          .
          .
          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Shockwave Flash Object"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
          @="0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
          @="ShockwaveFlash.ShockwaveFlash.14"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="ShockwaveFlash.ShockwaveFlash"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Macromedia Flash Factory Object"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
          @="FlashFactory.FlashFactory.1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="FlashFactory.FlashFactory"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
          "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
          @Denied: (Full) (Everyone)
          .
          Voltooingstijd: 2014-08-02 14:41:23
          ComboFix-quarantined-files.txt 2014-08-02 12:41
          .
          Pre-Run: 188.994.920.448 bytes beschikbaar
          Post-Run: 188.620.161.024 bytes beschikbaar
          .
          - - End Of File - - 38AD6BDA4C9429914A4F2C4701908768



          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
          Run by andré at 14:49:14 on 2014-08-02
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2141 [GMT 2:00]
          .
          AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Program Files\AVAST Software\Avast\AvastSvc.exe
          C:\Windows\System32\GFNEXSrv.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Windows\system32\TODDSrv.exe
          C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\system32\wbem\unsecapp.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\system32\taskhost.exe
          C:\Windows\system32\Dwm.exe
          C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
          C:\Windows\System32\igfxtray.exe
          C:\Windows\System32\hkcmd.exe
          C:\Windows\System32\igfxpers.exe
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
          C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
          C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
          C:\Windows\system32\igfxext.exe
          C:\Windows\system32\igfxsrvc.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
          C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
          C:\Program Files\AVAST Software\Avast\avastui.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\system32\wbem\unsecapp.exe
          C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
          C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
          C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
          c:\Program Files (x86)\Nero\Update\NASvc.exe
          C:\Windows\System32\svchost.exe -k secsvcs
          C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
          C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
          C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
          C:\Windows\explorer.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          C:\Users\andré\Desktop\dds.scr
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxps://www.google.nl/
          mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
          BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
          BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
          BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
          mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
          dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
          uPolicies-Explorer: NoDrives = dword:0
          mPolicies-Explorer: NoDrives = dword:0
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableUIADesktopToggle = dword:0
          IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
          IE: Toevoegen aan TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
          IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
          IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
          DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
          DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
          DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
          DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
          TCP: NameServer = 10.158.209.122
          TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5} : DHCPNameServer = 10.158.209.122
          TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\14C66627564602A4F646F636573702B47716B6 : DHCPNameServer = 192.168.2.254
          TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\65D2051627B6D2844627E6D22476D27333 : DHCPNameServer = 192.168.0.1
          TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\755637475627E6449676964716C6 : DHCPNameServer = 192.168.6.1
          Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
          Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
          Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
          Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
          SSODL: WebCheck - <orphaned>
          x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
          x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
          x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
          x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
          x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
          x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
          x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
          x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
          x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
          x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
          x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
          x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
          x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
          x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
          x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
          x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
          x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
          x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
          x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
          x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
          x64-Notify: igfxcui - igfxdev.dll
          x64-SSODL: WebCheck - <orphaned>
          x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-29 65776]
          R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-29 224896]
          R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-29 1041168]
          R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-29 427360]
          R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-6 29208]
          R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-29 79184]
          R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-6 50344]
          R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
          R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
          R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe [2012-8-17 162824]
          R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
          R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-17 2533400]
          R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-17 56344]
          R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
          R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-8-17 38096]
          R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
          R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-17 1103464]
          R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
          S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-29 92008]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
          S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
          S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
          S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
          S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-17 250984]
          S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
          S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-17 54136]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-19 1255736]
          S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
          S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
          SUnknown McMPFSvc;McMPFSvc; [x]
          .
          =============== Created Last 30 ================
          .
          2014-08-02 12:41:28 -------- d-sh--w- C:\$RECYCLE.BIN
          2014-08-02 12:41:25 -------- d-----w- C:\Users\andrÚ\AppData\Local\temp
          2014-08-02 12:32:07 98816 ----a-w- C:\Windows\sed.exe
          2014-08-02 12:32:07 256000 ----a-w- C:\Windows\PEV.exe
          2014-08-02 12:32:07 208896 ----a-w- C:\Windows\MBR.exe
          2014-08-02 12:18:02 -------- d-----w- C:\Program Files\CCleaner
          2014-08-02 07:30:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\offreg.dll
          2014-08-01 10:08:45 -------- d-----w- C:\Users\andrÚ\AppData\Local\Microsoft
          2014-08-01 08:25:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
          2014-08-01 05:59:25 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
          2014-08-01 05:55:00 2620928 ----a-w- C:\Windows\System32\wucltux.dll
          2014-08-01 05:54:47 97792 ----a-w- C:\Windows\System32\wudriver.dll
          2014-08-01 05:54:47 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
          2014-08-01 05:54:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
          2014-08-01 05:54:35 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
          2014-08-01 05:54:35 198600 ----a-w- C:\Windows\System32\wuwebv.dll
          2014-08-01 05:54:35 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
          2014-07-26 19:13:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
          2014-07-26 19:13:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
          2014-07-26 19:13:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
          2014-07-24 14:57:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-07-10 06:29:47 624128 ----a-w- C:\Windows\System32\qedit.dll
          2014-07-10 06:28:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
          2014-07-10 06:28:59 360960 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
          2014-07-10 06:28:57 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
          2014-07-10 06:28:57 293048 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
          2014-07-10 06:28:56 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-07-10 06:28:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
          2014-07-10 06:28:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
          2014-07-10 06:28:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
          2014-07-06 15:21:21 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
          2014-07-06 15:21:08 43152 ----a-w- C:\Windows\avastSS.scr
          .
          ==================== Find3M ====================
          .
          2014-07-08 18:10:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-07-08 18:10:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2014-07-06 15:21:09 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
          2014-07-06 15:21:09 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
          2014-07-06 15:21:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
          2014-07-06 15:21:09 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
          2014-07-06 15:21:09 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
          2014-07-06 15:21:09 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
          2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
          2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
          2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
          2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
          2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
          2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
          2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
          2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
          2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
          2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
          2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
          2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
          2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
          2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
          2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
          2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
          2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
          2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
          2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
          2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
          2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
          2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
          2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
          2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
          2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
          2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
          2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
          2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
          .
          ============= FINISH: 14:49:26,77 ===============

          Comment


          • #6
            Schakel je beveiligingssoftware uit.

            Note: Dit script is speciaal bedoeld voor deze PC,
            gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


            Open een kladblokbestand.
            Kopieer het onderstaande en plak dit in het kladblokbestand.
            Sla het kladblokbestand op als CFScript.txt
            Code:
            KillAll::
            ClearJavaCache::
            AtJob::
            DDS::
            Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
            Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
            SSODL: WebCheck - <orphaned>
            x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
            x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
            x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
            x64-SSODL: WebCheck - <orphaned>
            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



            ComboFix zal opnieuw starten.
            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

            Maak een nieuwe DDS log en post deze ook.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Dank je wel. Hierbij weer de nieuwe logjes.


              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
              Run by andré at 17:32:00 on 2014-08-02
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2143 [GMT 2:00]
              .
              AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Program Files\AVAST Software\Avast\AvastSvc.exe
              C:\Windows\System32\GFNEXSrv.exe
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Windows\system32\TODDSrv.exe
              C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\system32\wbem\unsecapp.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\Dwm.exe
              C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
              C:\Windows\System32\igfxtray.exe
              C:\Windows\System32\hkcmd.exe
              C:\Windows\System32\igfxpers.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
              C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
              C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
              C:\Windows\system32\igfxext.exe
              C:\Windows\system32\igfxsrvc.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
              C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
              C:\Program Files\AVAST Software\Avast\avastui.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\system32\wbem\unsecapp.exe
              C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
              C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
              c:\Program Files (x86)\Nero\Update\NASvc.exe
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
              C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
              C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
              C:\Windows\explorer.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              C:\Users\andré\Desktop\dds.scr
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxps://www.google.nl/
              mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
              BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
              BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
              BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
              mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
              dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
              IE: Toevoegen aan TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
              IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
              IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
              IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
              DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
              DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
              DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
              DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
              TCP: NameServer = 10.158.209.122
              TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5} : DHCPNameServer = 10.158.209.122
              TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\14C66627564602A4F646F636573702B47716B6 : DHCPNameServer = 192.168.2.254
              TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\65D2051627B6D2844627E6D22476D27333 : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{9DAB00DE-D8AF-4040-8C4B-AAAD7CB83EB5}\755637475627E6449676964716C6 : DHCPNameServer = 192.168.6.1
              Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
              Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
              SSODL: WebCheck - <orphaned>
              x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
              x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
              x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
              x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
              x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
              x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
              x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
              x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
              x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
              x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
              x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
              x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
              x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
              x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
              x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-29 65776]
              R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-29 224896]
              R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-29 1041168]
              R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-29 427360]
              R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-6 29208]
              R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-29 79184]
              R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-6 50344]
              R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
              R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
              R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe [2012-8-17 162824]
              R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
              R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-17 2533400]
              R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-17 56344]
              R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
              R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-8-17 38096]
              R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
              R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-17 1103464]
              R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
              S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-29 92008]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
              S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
              S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
              S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
              S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-17 250984]
              S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
              S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-17 54136]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
              S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-19 1255736]
              S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
              S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
              SUnknown McMPFSvc;McMPFSvc; [x]
              .
              =============== Created Last 30 ================
              .
              2014-08-02 15:24:56 -------- d-sh--w- C:\$RECYCLE.BIN
              2014-08-02 15:24:53 -------- d-----w- C:\Users\andrÚ\AppData\Local\temp
              2014-08-02 12:32:07 98816 ----a-w- C:\Windows\sed.exe
              2014-08-02 12:32:07 256000 ----a-w- C:\Windows\PEV.exe
              2014-08-02 12:32:07 208896 ----a-w- C:\Windows\MBR.exe
              2014-08-02 12:18:02 -------- d-----w- C:\Program Files\CCleaner
              2014-08-02 07:30:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\offreg.dll
              2014-08-01 10:08:45 -------- d-----w- C:\Users\andrÚ\AppData\Local\Microsoft
              2014-08-01 08:25:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
              2014-08-01 05:59:25 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
              2014-08-01 05:55:00 2620928 ----a-w- C:\Windows\System32\wucltux.dll
              2014-08-01 05:54:47 97792 ----a-w- C:\Windows\System32\wudriver.dll
              2014-08-01 05:54:47 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
              2014-08-01 05:54:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
              2014-08-01 05:54:35 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
              2014-08-01 05:54:35 198600 ----a-w- C:\Windows\System32\wuwebv.dll
              2014-08-01 05:54:35 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
              2014-07-26 19:13:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
              2014-07-26 19:13:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
              2014-07-26 19:13:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
              2014-07-24 14:57:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2014-07-10 06:29:47 624128 ----a-w- C:\Windows\System32\qedit.dll
              2014-07-10 06:28:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
              2014-07-10 06:28:59 360960 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
              2014-07-10 06:28:57 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
              2014-07-10 06:28:57 293048 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
              2014-07-10 06:28:56 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-07-10 06:28:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
              2014-07-10 06:28:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
              2014-07-10 06:28:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
              2014-07-06 15:21:21 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
              2014-07-06 15:21:08 43152 ----a-w- C:\Windows\avastSS.scr
              .
              ==================== Find3M ====================
              .
              2014-07-08 18:10:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-07-08 18:10:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-07-06 15:21:09 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
              2014-07-06 15:21:09 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
              2014-07-06 15:21:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
              2014-07-06 15:21:09 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
              2014-07-06 15:21:09 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
              2014-07-06 15:21:09 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
              2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
              2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
              2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
              2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
              2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
              2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
              2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
              2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
              2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
              2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
              2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
              2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
              2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
              2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
              2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
              2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
              2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
              2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
              2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
              2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
              2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
              2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
              2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
              2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
              2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
              2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
              2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
              .
              ============= FINISH: 17:32:13,34 ===============


              ComboFix 14-08-02.02 - andré 02-08-2014 17:18:18.2.4 - x64
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2205 [GMT 2:00]
              Gestart vanuit: c:\users\andrÚ\Desktop\ComboFix.exe
              gebruikte Opdracht switches :: c:\users\andrÚ\Desktop\CFScript.txt
              AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
              SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2014-07-02 to 2014-08-02 ))))))))))))))))))))))))))))))
              .
              .
              2014-08-02 15:23 . 2014-08-02 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
              2014-08-02 12:18 . 2014-08-02 12:18 -------- d-----w- c:\program files\CCleaner
              2014-08-02 07:30 . 2014-08-02 12:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\offreg.dll
              2014-08-01 10:08 . 2014-08-01 10:08 -------- d-----w- c:\users\andrÚ
              2014-08-01 08:25 . 2014-08-01 08:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
              2014-08-01 05:59 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C921BD87-7A76-4122-AC79-ECD0F1795A4B}\mpengine.dll
              2014-08-01 05:55 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
              2014-08-01 05:55 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
              2014-08-01 05:55 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
              2014-08-01 05:55 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
              2014-08-01 05:54 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
              2014-08-01 05:54 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
              2014-08-01 05:54 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
              2014-08-01 05:54 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
              2014-08-01 05:54 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
              2014-08-01 05:54 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
              2014-08-01 05:54 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
              2014-08-01 05:54 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
              2014-08-01 05:54 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
              2014-08-01 05:54 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
              2014-07-26 19:13 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
              2014-07-26 19:13 . 2014-07-26 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
              2014-07-26 19:13 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
              2014-07-24 14:57 . 2014-07-24 14:57 -------- d-----w- c:\program files (x86)\Common Files\Java
              2014-07-24 14:57 . 2014-07-11 01:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
              2014-07-10 06:29 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
              2014-07-10 06:28 . 2014-06-19 00:41 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
              2014-07-10 06:28 . 2014-06-18 22:23 360960 ----a-w- c:\program files\Internet Explorer\IEShims.dll
              2014-07-10 06:28 . 2014-06-18 23:53 195584 ----a-w- c:\windows\system32\msrating.dll
              2014-07-10 06:28 . 2014-06-20 20:14 293048 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
              2014-07-10 06:28 . 2014-06-18 23:50 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
              2014-07-10 06:28 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
              2014-07-10 06:28 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll
              2014-07-10 06:28 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
              2014-07-10 06:28 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
              2014-07-10 06:28 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
              2014-07-06 15:26 . 2014-08-02 10:05 -------- d-----w- c:\program files\Google
              2014-07-06 15:21 . 2014-07-06 15:21 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
              2014-07-06 15:21 . 2014-07-06 15:21 43152 ----a-w- c:\windows\avastSS.scr
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2014-07-14 08:28 . 2012-08-22 08:01 96441528 ----a-w- c:\windows\system32\MRT.exe
              2014-07-08 18:10 . 2012-09-05 16:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-07-08 18:10 . 2012-09-05 16:48 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
              2014-07-06 15:21 . 2014-01-29 16:10 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
              2014-07-06 15:21 . 2014-01-29 16:10 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
              2014-07-06 15:21 . 2014-01-29 16:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
              2014-07-06 15:21 . 2014-01-29 16:10 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
              2014-07-06 15:21 . 2014-01-29 16:10 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
              2014-07-06 15:21 . 2014-01-29 16:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
              2014-07-06 15:21 . 2014-01-29 16:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
              2014-07-06 15:21 . 2014-01-29 16:10 307344 ----a-w- c:\windows\system32\aswBoot.exe
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
              "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
              .
              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
              .
              c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              "EnableLinkedConnections"= 1 (0x1)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
              "LoadAppInit_DLLs"=1 (0x1)
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
              R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
              S0 aswRvrt;avast! Revert; [x]
              S0 aswVmm;avast! VM Monitor; [x]
              S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
              S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
              S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
              S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt .sys [x]
              S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
              S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
              S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
              S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
              S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
              .
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2014-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 18:10]
              .
              2013-01-20 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
              - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
              @="{472083B0-C522-11CF-8763-00608CC02F24}"
              [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
              2014-07-06 15:21 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
              "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-30 162328]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 386584]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-30 417304]
              "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
              "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
              "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
              "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
              "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
              "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
              "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
              "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
              .
              ------- Bijkomende Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              uStart Page = https://www.google.nl/
              mLocal Page = c:\windows\SysWOW64\blank.htm
              mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
              IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
              IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
              TCP: DhcpNameServer = 10.158.209.122
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              Toolbar-Locked - (no file)
              Wow6432Node-HKLM-Run-<NO NAME> - (no file)
              .
              .
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.14"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
              "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
              00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              Voltooingstijd: 2014-08-02 17:24:51
              ComboFix-quarantined-files.txt 2014-08-02 15:24
              ComboFix2.txt 2014-08-02 12:41
              .
              Pre-Run: 188.686.106.624 bytes beschikbaar
              Post-Run: 188.384.108.544 bytes beschikbaar
              .
              - - End Of File - - F0436E57DE8657DE18DD6571B298AB98

              Comment


              • #8
                Dit ziet er goed uit.


                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....


                Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                en reset je Systeemherstel opnieuw.




                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .

                Vertel nu eens even of er nog problemen zijn?

                Emphyrio
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Hmm.. uninstall van ComboFix lukt niet. "Kan het bestand CombiFix niet vinden".

                  Comment


                  • #10
                    Oorspronkelijk geplaatst door rick_klein Bekijk Berichten
                    Hmm.. uninstall van ComboFix lukt niet. "Kan het bestand CombiFix niet vinden".
                    Staat toch op je bureaublad?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Ja klopt, staat gewoon op het bureaublad.

                      Comment


                      • #12
                        Heb je gelet op de spatie in ComboFix /Uninstall tussen de x en de / ?

                        Anders voer je volgend commando uit:

                        c:\users\andrÚ\Desktop\ComboFix.exe /Uninstall
                        Last edited by Emphyrio; 02-08-14, 17:31.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Top, dank je wel! Andere commando werkte inderdaad wel. Vooralsnog lijken alle problemen verholpen en zit er ook weer een beetje tempo in de laptop. Nogmaals bedankt!

                          Comment


                          • #14
                            Graag gedaan

                            1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                            2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                            Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                            3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                            4) Allerlei tips en hints kan je hier raadplegen.


                            Ik zet het topic op opgelost.

                            Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                            naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                            Dit is gedaan om het forum netjes en overzichtelijk te houden.

                            Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                            Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                            Emphyrio
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X