adware probleem

[benno45]

hallo,

Ik heb last van adware and pop ups (ik gebruik firefox). Bijna telkens als ik ergens op klik verschijnt een (lege) pop up screen (met 'ads not by this site'), ook zijn er gemarkeerde woorden (tegenwoordig groen, dubbel onderlijnd) waarbij reclame verschijnt telkens je er over gaat met je cursor.

Kunnen jullie me helpen?

mijn rsit-log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Benoît at 2013-11-08 19:24:05

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 26 GB (11%) free of 238 GB

Total RAM: 4061 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:24:10, on 8/11/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Program Files\trend micro\Benoît.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: vpngui.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://vpn-stud-ssl.hogent.be/CACHE/sdesktop/install/binaries/instweb.cab

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab

O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} (Cisco AnyConnect VPN Client Web Control) - https://vpn-stud-ssl.hogent.be/CACHE/stc/13/binaries/vpnweb.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15483 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

winlogon.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\Dwm.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

"taskhost.exe"

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"

"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"

"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"

"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"

"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

C:\Windows\system32\TODDSrv.exe

"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 984

"c:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe"

"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"

"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files (x86)\iTunes\iTunes.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\303341091425361115226504908 --parentPipe

\??\C:\Windows\system32\conhost.exe "18882278528919925001711092486-1352235074-1062683296-847915277-3479960181401345897

"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"

\??\C:\Windows\system32\conhost.exe "1031546152-1100746460756014357843932604-211823723-1022719931-587192571318562512

"taskhost.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4464.184dc100.35510813 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4464 "\\.\pipe\gecko-crash-server-pipe.4464" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --proxy-stub-channel=Flash2168.5E8BCA40.7168 --host-broker-channel=Flash2168.5E8BCA40.27845 --host-pid=2168 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --channel=4924.0039F568.419645623 --proxy-stub-channel=Flash2168.5E8BCA40.7168 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" --host-npapi-version=27 --type=renderer

"d:\Users\Benoît\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Benoît\AppData\Roaming\Mozilla\Firefox\Profiles\b14723et.default-1375450550033

prefs.js - "browser.startup.homepage" - "www.google.be"

prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.117 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.117 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

C:\Program Files (x86)\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

QuickTimePlugin.class

C:\Users\Benoît\AppData\Roaming\Mozilla\Firefox\Profiles\b14723et.default-1375450550033\extensions\

35_qx@dsvtkx-.co.uk

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]

SimpleAdblock Class - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll [2012-09-20 997144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]

SimpleAdblock Class - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll [2012-09-20 872728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-08-03 709976]

"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 497504]

"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 909624]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1815848]

"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-07-29 238080]

"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-07-30 134032]

"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]

C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-26 1481568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]

C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-08-17 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2009-08-06 35160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]

C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-04 711000]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04 887432]

"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2009-10-26 103768]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2013-01-24 701872]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-10-23 152392]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

vpngui.exe.lnk - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

C:\Users\Benoît\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-08 19:24:05 ----D---- C:\rsit

2013-11-08 19:24:05 ----D---- C:\Program Files\trend micro

2013-11-06 15:37:38 ----D---- C:\Program Files (x86)\Mozilla Firefox

2013-11-05 17:59:28 ----D---- C:\ProgramData\Oracle

2013-11-05 17:59:12 ----A---- C:\Windows\SYSWOW64\javaws.exe

2013-11-05 17:59:02 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2013-11-05 17:59:02 ----A---- C:\Windows\SYSWOW64\javaw.exe

2013-11-05 17:59:02 ----A---- C:\Windows\SYSWOW64\java.exe

2013-11-05 15:08:25 ----D---- C:\Program Files\iPod

2013-11-05 15:08:23 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-05 15:08:23 ----D---- C:\Program Files\iTunes

2013-11-05 15:08:23 ----D---- C:\Program Files (x86)\iTunes

2013-10-30 08:25:33 ----A---- C:\Windows\system32\FNTCACHE.DAT

2013-10-12 12:11:23 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-10-12 12:11:23 ----A---- C:\Windows\system32\ieui.dll

2013-10-12 12:11:21 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-10-12 12:11:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-10-12 12:11:21 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-10-12 12:11:21 ----A---- C:\Windows\system32\iesetup.dll

2013-10-12 12:11:21 ----A---- C:\Windows\system32\iernonce.dll

2013-10-12 12:11:20 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-10-12 12:11:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-12 12:11:20 ----A---- C:\Windows\system32\iesysprep.dll

2013-10-12 12:11:20 ----A---- C:\Windows\system32\ie4uinit.exe

2013-10-12 12:11:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-10-12 12:11:19 ----A---- C:\Windows\system32\iertutil.dll

2013-10-12 12:11:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-10-12 12:11:16 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-10-12 12:11:16 ----A---- C:\Windows\system32\msfeeds.dll

2013-10-12 12:11:16 ----A---- C:\Windows\system32\jscript.dll

2013-10-12 12:11:15 ----A---- C:\Windows\system32\jscript9.dll

2013-10-12 12:11:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-10-12 12:11:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-10-12 12:11:12 ----A---- C:\Windows\system32\urlmon.dll

2013-10-12 12:11:10 ----A---- C:\Windows\system32\jsproxy.dll

2013-10-12 12:11:09 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-10-12 12:11:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-10-12 12:11:08 ----A---- C:\Windows\system32\wininet.dll

2013-10-12 12:11:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-10-12 12:11:05 ----A---- C:\Windows\system32\ieframe.dll

2013-10-12 12:11:03 ----A---- C:\Windows\system32\mshtml.dll

2013-10-12 12:11:00 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-10-11 14:27:58 ----A---- C:\Windows\system32\comctl32.dll

2013-10-11 14:27:57 ----A---- C:\Windows\SYSWOW64\comctl32.dll

2013-10-11 14:27:55 ----A---- C:\Windows\system32\atmfd.dll

2013-10-11 14:27:54 ----A---- C:\Windows\SYSWOW64\lpk.dll

2013-10-11 14:27:54 ----A---- C:\Windows\SYSWOW64\fontsub.dll

2013-10-11 14:27:54 ----A---- C:\Windows\SYSWOW64\dciman32.dll

2013-10-11 14:27:54 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2013-10-11 14:27:54 ----A---- C:\Windows\system32\lpk.dll

2013-10-11 14:27:54 ----A---- C:\Windows\system32\fontsub.dll

2013-10-11 14:27:54 ----A---- C:\Windows\system32\dciman32.dll

2013-10-11 14:27:53 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2013-10-11 14:27:53 ----A---- C:\Windows\system32\atmlib.dll

2013-10-11 14:27:52 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2013-10-11 14:27:52 ----A---- C:\Windows\system32\drivers\usbvideo.sys

2013-10-11 14:27:52 ----A---- C:\Windows\system32\drivers\usbcir.sys

2013-10-11 14:27:50 ----A---- C:\Windows\system32\drivers\usbscan.sys

2013-10-11 14:27:50 ----A---- C:\Windows\system32\drivers\hidparse.sys

2013-10-11 14:27:50 ----A---- C:\Windows\system32\drivers\hidclass.sys

2013-10-11 14:27:49 ----A---- C:\Windows\SYSWOW64\WebClnt.dll

2013-10-11 14:27:49 ----A---- C:\Windows\system32\WebClnt.dll

2013-10-11 14:27:49 ----A---- C:\Windows\system32\davclnt.dll

2013-10-11 14:27:48 ----A---- C:\Windows\SYSWOW64\davclnt.dll

2013-10-11 14:27:48 ----A---- C:\Windows\system32\drivers\mrxdav.sys

2013-10-11 14:27:46 ----A---- C:\Windows\SYSWOW64\mswsock.dll

2013-10-11 14:27:46 ----A---- C:\Windows\system32\mswsock.dll

2013-10-11 14:27:46 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-10-11 14:27:46 ----A---- C:\Windows\system32\drivers\afd.sys

2013-10-11 14:27:44 ----A---- C:\Windows\system32\win32k.sys

2013-10-11 14:27:40 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-10-11 14:27:39 ----A---- C:\Windows\system32\advapi32.dll

2013-10-11 14:27:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2013-10-11 14:27:38 ----A---- C:\Windows\system32\tdh.dll

2013-10-11 14:27:37 ----A---- C:\Windows\SYSWOW64\tdh.dll

2013-10-11 14:27:37 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2013-10-11 14:27:36 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2013-10-11 14:27:36 ----A---- C:\Windows\SYSWOW64\advapi32.dll

2013-10-11 14:27:36 ----A---- C:\Windows\system32\ntdll.dll

2013-10-11 14:27:35 ----A---- C:\Windows\system32\wow64.dll

2013-10-11 14:27:32 ----A---- C:\Windows\SYSWOW64\wow32.dll

2013-10-11 14:27:32 ----A---- C:\Windows\SYSWOW64\user.exe

2013-10-11 14:27:32 ----A---- C:\Windows\SYSWOW64\setup16.exe

2013-10-11 14:27:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2013-10-11 14:27:32 ----A---- C:\Windows\SYSWOW64\instnm.exe

2013-10-11 14:27:18 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-11 14:27:18 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-11 14:27:16 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-10-11 14:27:15 ----A---- C:\Windows\system32\scavengeui.dll

======List of files/folders modified in the last 1 month======

2013-11-08 19:24:05 ----RD---- C:\Program Files

2013-11-08 19:20:03 ----D---- C:\Windows\Temp

2013-11-08 18:42:05 ----D---- C:\Program Files (x86)\Steam

2013-11-08 18:12:14 ----D---- C:\Users\Benoît\AppData\Roaming\Skype

2013-11-08 17:34:19 ----D---- C:\Users\Benoît\AppData\Roaming\vlc

2013-11-08 16:51:05 ----D---- C:\Windows\system32\config

2013-11-08 16:36:03 ----D---- C:\Windows\Tasks

2013-11-08 16:34:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-07 19:25:10 ----D---- C:\Users\Benoît\AppData\Roaming\BitTorrent

2013-11-06 15:43:08 ----RD---- C:\Program Files (x86)

2013-11-05 18:05:34 ----D---- C:\Windows\Prefetch

2013-11-05 18:05:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-11-05 17:59:28 ----HD---- C:\ProgramData

2013-11-05 17:59:26 ----SHD---- C:\Windows\Installer

2013-11-05 17:59:25 ----D---- C:\Program Files (x86)\Common Files

2013-11-05 17:59:12 ----D---- C:\Windows\SysWOW64

2013-11-05 17:59:02 ----D---- C:\Program Files (x86)\Java

2013-11-05 17:56:45 ----SHD---- C:\System Volume Information

2013-11-05 15:10:00 ----D---- C:\Windows\System32

2013-11-02 09:36:48 ----D---- C:\Windows\inf

2013-11-02 09:36:48 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-11-01 09:28:59 ----D---- C:\Windows\system32\Tasks

2013-10-30 14:19:18 ----D---- C:\Windows\system32\LogFiles

2013-10-30 08:25:51 ----D---- C:\Windows

2013-10-29 21:50:50 ----D---- C:\Windows\Panther

2013-10-29 21:50:40 ----D---- C:\Windows\debug

2013-10-29 21:43:48 ----D---- C:\Program Files (x86)\CCleaner

2013-10-28 00:38:23 ----D---- C:\Windows\system32\catroot2

2013-10-16 08:44:02 ----D---- C:\Windows\system32\drivers

2013-10-16 08:44:02 ----D---- C:\Windows\system32\catroot

2013-10-16 08:43:59 ----D---- C:\Program Files\Microsoft Security Client

2013-10-16 08:43:59 ----D---- C:\Program Files (x86)\Microsoft Security Client

2013-10-15 16:53:25 ----D---- C:\Windows\rescache

2013-10-14 16:07:13 ----RSD---- C:\Windows\assembly

2013-10-14 16:07:13 ----D---- C:\Windows\Microsoft.NET

2013-10-12 12:21:49 ----D---- C:\Windows\winsxs

2013-10-12 12:18:23 ----D---- C:\Program Files (x86)\Internet Explorer

2013-10-12 12:18:21 ----D---- C:\Program Files\Internet Explorer

2013-10-12 12:18:16 ----D---- C:\Windows\AppPatch

2013-10-12 12:18:10 ----D---- C:\Windows\system32\DriverStore

2013-10-12 12:15:20 ----D---- C:\ProgramData\Microsoft Help

2013-10-12 12:09:06 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-12 12:09:05 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2013-10-12 12:05:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2013-10-12 11:55:04 ----D---- C:\Windows\system32\MRT

2013-10-12 11:54:59 ----A---- C:\Windows\system32\MRT.exe

2013-10-11 22:47:56 ----D---- C:\Windows\system32\nl-NL

2013-10-11 19:33:57 ----D---- C:\ProgramData\Skype

2013-10-11 19:33:53 ----RD---- C:\Program Files (x86)\Skype

2013-10-09 22:00:27 ----D---- C:\Program Files (x86)\DVDVideoSoft

2013-10-09 21:59:42 ----D---- C:\Users\Benoît\AppData\Roaming\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-10-26 526392]

R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2009-10-19 87600]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2010-02-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6037504]

R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2010-03-23 304784]

R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624]

R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]

R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]

R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 274480]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 A38CCID;CCID USB Smart Card Reader; C:\Windows\system32\DRIVERS\a38ccid.sys [2013-01-30 46720]

S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2013-01-24 112080]

S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]

S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]

S3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []

S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64.sys [2013-01-24 27048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]

R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-07-23 75136]

R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-10-23 641352]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696]

S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[juisterr]

Download Zoek.zip naar het bureaublad.

1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
   
2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
   

• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  torpigcheck;
  emptyclsid;
  emptyfolderscheck;delete
  firefoxlook; 
  Chromelook; 
  autoclean; 
  iedefaults; 
  filesrcm;
  
  
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

[benno45]

hierbij de zoek log

zoek-results.log

[juisterr]

Dat ruimt goed op zo, nog klachten?

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[benno45]

hmm de problemen zijn niet verholpen

# AdwCleaner v3.011 - Report created 09/11/2013 at 13:09:27

# Updated 03/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Benoît - BENOÎT-TOSH

# Running from : D:\Users\Benoît\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Benoît\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Benoît\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Benoît\AppData\Roaming\337

Folder Deleted : C:\Users\Benoît\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\Benoît\AppData\Roaming\Desk 365

Folder Deleted : C:\Users\Benoît\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Benoît\AppData\Roaming\eIntaller

Folder Deleted : C:\Users\Benoît\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Benoît\AppData\Roaming\SimilarSites

Folder Deleted : C:\Users\Benoît\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\Users\Benoît\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Benoît\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Benoît\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Benoît\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_blu-ray-player-for-windows_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_blu-ray-player-for-windows_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\omigaplusSvc

Key Deleted : HKLM\Software\portaldositesSoftware

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\winzipersvc

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v25.0 (nl)

[ File : C:\Users\Benoît\AppData\Roaming\Mozilla\Firefox\Profiles\b14723et.default-1375450550033\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("extensions.gNeW.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.google.com,www.wikipedia.org,ww[...]

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [6897 octets] - [09/11/2013 12:00:30]

AdwCleaner[s0].txt - [5760 octets] - [09/11/2013 13:09:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5820 octets] ##########

[juisterr]

Wil je opnieuw zoek.exe runnen zoals in mijn eerste post aub.

[benno45]

Zoek.exe Version 4.0.0.5 Updated 09-November-2013

Tool run by BenoŒt on za 09/11/2013 at 14:01:08,90.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: d:\Users\Benoît\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2012-06-15-104801.log 318 bytes

C:\zoek-results2013-11-08-211609.log 110792 bytes

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

==== Empty Folders Check ======================

C:\Users\BenoŒt\AppData\Roaming\fltk.org deleted successfully

C:\Users\BenoŒt\AppData\Roaming\ISP Monitor deleted successfully

C:\Users\BenoŒt\AppData\Roaming\Windows Live Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Benoît\AppData\Roaming\ATI" not found

"C:\Users\Benoît\AppData\Roaming\vlc" not found

"C:\Users\Benoît\AppData\Roaming\Cisco" not found

"C:\Users\Benoît\AppData\Roaming\Orbit" not found

"C:\Users\Benoît\AppData\Roaming\SecuROM" not found

"C:\Users\Benoît\AppData\Roaming\Toshiba" not found

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\BENOT~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-11-05 16:59:12 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2013-11-05 16:59:02 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2013-11-05 16:59:02 9B0B14B405E0EDF76B5F5E31A49EB753 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-05 16:59:02 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-10-30 07:25:33 0972E7C844225277BCA82B3954BDFC06 444288 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT

====== C:\Windows\Sysnative\drivers =====

2013-10-11 13:27:52 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys

2013-10-11 13:27:52 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys

2013-10-11 13:27:52 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\Sysnative\drivers\usbvideo.sys

2013-10-11 13:27:50 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\Sysnative\drivers\usbscan.sys

2013-10-11 13:27:50 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys

2013-10-11 13:27:50 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys

2013-10-11 13:27:48 1A4F75E63C9FB84B85DFFC6B63FD5404 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys

2013-10-11 13:27:46 40AF23633D197905F03AB5628C558C51 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-10-11 13:27:46 314C17917AC8523EC77A710215012A65 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-10-11 13:27:16 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

====== C:\Windows\Tasks ======

2013-11-08 21:17:20 2A553C3F52FD27C2490247F66FE6AD2B 2896 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-08 18:24:05 -------- d-----w- C:\Program Files\trend micro

2013-11-05 14:08:25 -------- d-----w- C:\Program Files\iPod

2013-11-05 14:08:23 -------- d-----w- C:\Program Files\iTunes

======= C:\PROGRA~2 =====

2013-11-05 16:59:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2013-11-05 14:08:23 -------- d-----w- C:\PROGRA~2\iTunes

======= C: =====

====== C:\Users\BenoŒt\AppData\Roaming ======

2013-11-08 21:14:23 -------- d-----w- C:\Users\Beno¯t\AppData\Locallow\Sun

2013-11-08 21:14:23 -------- d-----w- C:\Users\Benoît\AppData\Local\Temp

2013-10-30 07:26:16 187971C9D3335AEEFBBCFB3431D39E7E 117072 ----a-w- C:\Users\Benoît\AppData\Local\GDIPFONTCACHEV1.DAT

====== C:\Users\BenoŒt ======

2013-11-05 17:00:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2013-11-05 16:59:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2013-11-05 14:10:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2013-11-05 14:08:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-10-31 19:21:04 -------- d-----w- C:\Users\Benoît\openvr

====== C: exe-files ==

2013-11-08 18:24:06 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Benoît.exe

=== C: other files ==

==== Folders in C:\ProgramData 0-6 Months Old ======================

2013-06-08 16:43:10 -------- d-----w- C:\ProgramData\iSkysoft Application Common Data

2013-06-08 16:43:13 -------- d-----w- C:\ProgramData\iSkysoft iTube Studio

2013-09-22 18:05:29 -------- d-----w- C:\ProgramData\Cisco

2013-11-05 14:08:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{A691605E-3596-4DA3-A411-69219952621C} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"

{C86116C3-B475-4BE9-96F8-D7EB066E7B9A} eBay Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Beno¯t\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Beno¯t\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Benoît\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Benoît\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\BENOT~2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\BENOT~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 09/11/2013 at 14:25:36,47 ======================

[juisterr]

Gaat het intussen beter?

[benno45]

nee spijtig genoeg niet : d

[smeenk]

Probeer de volgende code eens met zoek.exe:

C:\Users\BENOT~1\AppData\Roaming\Mozilla\Firefox\Profiles\b14723et.default-1375450550033\extensions\*;fs