ajkappert

2 februari 2012

ComboFix 12-01-30.02 - toshiba 02-02-2012 8:50.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2546 [GMT 1:00]

Gestart vanuit: c:\users\toshiba\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\toshiba\Desktop\CFScript.txt.docx

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-02 to 2012-02-02 ))))))))))))))))))))))))))))))

.

2012-02-02 07:54 . 2012-02-02 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-31 16:45 . 2012-01-31 16:45 -------- d-----w- c:\program files (x86)\EZ-AIR

2012-01-26 17:14 . 2012-01-31 17:14 -------- d-----w- c:\program files (x86)\DealPly

2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon

2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro

2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia

2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite

2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia

2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX

2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll

2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia

2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON

2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon

2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ

2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL

2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL

2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL

2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL

2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL

2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL

2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL

2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon

2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help

2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache

2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google

2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat

2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat

2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd

2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM

2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail

2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail

2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files

2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-01-09 16:11 . 2012-02-02 07:23 -------- d-----w- c:\windows\system32\drivers\AVG

2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012

2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG

2012-01-09 16:08 . 2012-02-02 07:23 -------- d-----w- c:\programdata\MFAData

2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner

2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp

2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll

2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope

2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((( SnapShot_2012-01-30_17.46.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-02-02 07:57 33422 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-09 13:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-01-09 13:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-01-09 13:54 . 2012-01-30 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-01-09 13:54 . 2012-01-31 09:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-02-02 07:24 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 04:46 . 2012-01-27 06:45 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-01-09 15:06 . 2012-02-02 07:57 8440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573529791-4049238610-3989334239-1000_UserData.bin

- 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-02 07:56 . 2012-02-02 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-02 07:56 . 2012-02-02 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-10 10:54 . 2012-02-01 18:39 214872 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2011-02-11 08:50 . 2012-01-30 13:18 701564 c:\windows\system32\perfh013.dat

+ 2011-02-11 08:50 . 2012-02-01 18:41 701564 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-01-30 13:18 616008 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-01 18:41 616008 c:\windows\system32\perfh009.dat

- 2011-02-11 08:50 . 2012-01-30 13:18 133564 c:\windows\system32\perfc013.dat

+ 2011-02-11 08:50 . 2012-02-01 18:41 133564 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-02-01 18:41 106388 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-01-30 13:18 106388 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-02-02 07:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-30 17:44 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:45 . 2012-01-26 18:06 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-02-01 08:23 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2012-01-09 14:02 . 2012-01-30 17:44 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-01-09 14:02 . 2012-02-01 22:21 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-01-09 14:02 . 2012-02-02 07:55 4612276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1573529791-4049238610-3989334239-1000-8192.dat

+ 2012-02-02 07:23 . 2012-02-02 07:23 2833408 c:\windows\Installer\693ce.msi

+ 2006-12-02 06:09 . 2006-12-02 06:09 2818048 c:\windows\Installer\1b05a0.msi

+ 2012-02-01 15:57 . 2012-02-01 15:57 7629312 c:\windows\Installer\1a2e6b6.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]

"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]

.

c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\WLXPGSS.scr

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-02 09:00:37 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-02 08:00

ComboFix2.txt 2012-01-31 16:06

ComboFix3.txt 2012-01-30 17:49

ComboFix4.txt 2012-01-26 17:48

.

Pre-Run: 208.543.461.376 bytes beschikbaar

Post-Run: 208.519.135.232 bytes beschikbaar

.

- - End Of File - - 8FF9A7AAA7CC91F3345C01277533A2A6

1 februari 2012

Zeer geachte en geduldige hulp,

Wanneer ik combofix (4,291 kb)op de bovengenoemde locatie met de rechtermuisknop aanklik, dan heb ik de mogelijkheid om "te kopieëren naar" met daar achter "bureaublad (snelkoppeling maken), kennelijk moet dat dan anders, maar ik kan het niet bedenken. Het cfscript.txt heb ik in word gemaakt, hiervan maak ik een snelkoppeling naar mijn bureaublad en schuif (kopieër) daarna cfscript.txt over combofix, daarna begint automatisch de scan.

Gaarna nadere instructies v.w.b. mijn foutief handelen.

31 januari 2012

ComboFix 12-01-30.02 - toshiba 31-01-2012 16:56:48.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2313 [GMT 1:00]

Gestart vanuit: c:\users\toshiba\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\toshiba\Desktop\CFScript.txt - Snelkoppeling.lnk

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))

.

2012-01-31 16:01 . 2012-01-31 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-26 17:14 . 2012-01-30 17:14 -------- d-----w- c:\program files (x86)\DealPly