Hoe nu verder met verwijderen GOMEO (Zie logfiles)?

Smakkie · 23 jul 2011

Beste leden,

Ik ben bezig met het verwijderen van het Gomeo virus. Overal lees ik dat je advies moet vragen over de logfiles van allerlij scans. Dus bij deze de logfiles en hoop dat iemand mij verder kan helpen!

Code:

Malwarebytes' Anti-Malware 1.51.1.1800
[url]www.malwarebytes.org[/url]

Databaseversie: 7224

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21-7-2011 22:51:53
mbam-log-2011-07-21 (22-51-53).txt

Scantype: Snelle scan
Objecten gescand: 190810
Verstreken tijd: 4 minuut/minuten, 15 seconde(n)

Geheugenprocessen geïnfecteerd: 3
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 23

Geheugenprocessen geïnfecteerd:
c:\Users\erwin\AppData\Roaming\dwm.exe (Trojan.Backdoor) -> 3156 -> Unloaded process successfully.
c:\Users\erwin\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 3380 -> Unloaded process successfully.
c:\Users\erwin\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ucuyago (Trojan.Agent.U) -> Value: Ucuyago -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\erwin\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\erwin\AppData\Roaming\dwm.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.15968218199349493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.286334795588543.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.3422659365800397.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.5883651228633061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup1983921216.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup3392497940.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup924099696.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\9WW6VVTG\windows-update-sp2-kb70929-setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\9WW6VVTG\windows-update-sp3-kb91846-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\BJM2X66C\windows-update-sp4-kb98283-setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\P3KWC4C0\windows-update-sp2-kb73760-setup[1].exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc100.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc141.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc180.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26489624.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26504320.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26926053.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc51.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3a0cd.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.1.1800
[url]www.malwarebytes.org[/url]

Databaseversie: 7224

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21-7-2011 22:51:53
mbam-log-2011-07-21 (22-51-53).txt

Scantype: Snelle scan
Objecten gescand: 190810
Verstreken tijd: 4 minuut/minuten, 15 seconde(n)

Geheugenprocessen geïnfecteerd: 3
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 23

Geheugenprocessen geïnfecteerd:
c:\Users\erwin\AppData\Roaming\dwm.exe (Trojan.Backdoor) -> 3156 -> Unloaded process successfully.
c:\Users\erwin\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 3380 -> Unloaded process successfully.
c:\Users\erwin\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ucuyago (Trojan.Agent.U) -> Value: Ucuyago -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\erwin\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\erwin\AppData\Roaming\dwm.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.15968218199349493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.286334795588543.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.3422659365800397.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\0.5883651228633061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup1983921216.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup3392497940.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Local\Temp\setup924099696.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\9WW6VVTG\windows-update-sp2-kb70929-setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\9WW6VVTG\windows-update-sp3-kb91846-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\BJM2X66C\windows-update-sp4-kb98283-setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\erwin\local settings\temporary internet files\Content.IE5\P3KWC4C0\windows-update-sp2-kb73760-setup[1].exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc100.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc141.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc180.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26489624.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26504320.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc26926053.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\erwin\AppData\Roaming\Adobe\plugs\mmc51.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3a0cd.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by erwin at 15:05:57 on 2011-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.3836.2809 [GMT 2:00]
.
AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:57535
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110723103618.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; MATM)" -"http://idesign.saninet.eu/?id=WBR17IH775V68VK5"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.nl/SnapfishActivia3.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1120/Navigram.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{E811AD58-B4F5-4D66-AC33-C72D117F03C7} : DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-4-9 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-4-9 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-23 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-22 21:03:41	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2011-07-22 21:03:39	--------	d-----w-	C:\Windows\System32\wbem\en-US
2011-07-22 20:32:13	--------	d-----w-	C:\Windows\System32\SPReview
2011-07-22 19:14:20	48976	----a-w-	C:\Windows\System32\netfxperf.dll
2011-07-22 19:14:20	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2011-07-22 19:14:10	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2011-07-22 19:14:05	59392	----a-w-	C:\Windows\System32\drivers\TsUsbFlt.sys
2011-07-22 19:14:05	3715584	----a-w-	C:\Windows\System32\mstscax.dll
2011-07-22 19:14:05	12288	----a-w-	C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-07-22 19:14:04	1838080	----a-w-	C:\Windows\System32\d3d10warp.dll
2011-07-22 19:14:04	14967808	----a-w-	C:\Program Files\DVD Maker\OmdBase.dll
2011-07-22 19:14:01	3215872	----a-w-	C:\Windows\SysWow64\mstscax.dll
2011-07-22 19:12:59	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-07-22 19:11:59	98816	----a-w-	C:\Windows\SysWow64\Robocopy.exe
2011-07-22 19:10:59	9728	----a-w-	C:\Windows\SysWow64\sscore.dll
2011-07-22 19:09:52	606208	----a-w-	C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-22 19:09:52	363008	----a-w-	C:\Windows\SysWow64\wbemcomn.dll
2011-07-22 19:07:22	529408	----a-w-	C:\Windows\System32\wbemcomn.dll
2011-07-22 19:07:22	524288	----a-w-	C:\Windows\System32\wmicmiplugin.dll
2011-07-22 19:07:22	1225216	----a-w-	C:\Windows\System32\wbem\wbemcore.dll
2011-07-22 19:07:06	933376	----a-w-	C:\Windows\System32\SmiEngine.dll
2011-07-22 19:06:55	199168	----a-w-	C:\Windows\System32\PkgMgr.exe
2011-07-22 19:06:09	422912	----a-w-	C:\Windows\System32\drvstore.dll
2011-07-22 19:06:08	399872	----a-w-	C:\Windows\System32\dpx.dll
2011-07-21 21:13:33	--------	d-----w-	C:\Users\erwin\AppData\Local\Diagnostics
2011-07-21 20:59:40	--------	d-----w-	C:\Windows\System32\EventProviders
2011-07-21 20:59:21	--------	d-----w-	C:\cd3f07bf00e4d2d027fe163fd81c
2011-07-21 20:37:38	--------	d-----w-	C:\Users\erwin\AppData\Roaming\Malwarebytes
2011-07-21 20:37:06	41272	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-21 20:37:04	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-07-21 20:37:01	25912	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-07-21 20:37:00	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-02 08:47:52	64512	----a-w-	C:\Windows\SysWow64\devobj.dll
.
==================== Find3M  ====================
.
2011-07-22 20:44:00	175616	----a-w-	C:\Windows\System32\msclmd.dll
2011-07-22 20:44:00	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2011-06-11 03:07:25	3137536	----a-w-	C:\Windows\System32\win32k.sys
2011-06-03 06:57:45	362496	----a-w-	C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45	243200	----a-w-	C:\Windows\System32\wow64.dll
2011-06-03 06:57:45	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44	214528	----a-w-	C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38	421888	----a-w-	C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33	338944	----a-w-	C:\Windows\System32\conhost.exe
2011-06-03 06:00:53	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11	272384	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31	2048	----a-w-	C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55	404480	----a-w-	C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05	44544	----a-w-	C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38	145920	----a-w-	C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54	252928	----a-w-	C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03	2315776	----a-w-	C:\Windows\System32\tquery.dll
2011-05-04 05:22:25	778752	----a-w-	C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25	2223616	----a-w-	C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24	75264	----a-w-	C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24	491520	----a-w-	C:\Windows\System32\mssph.dll
2011-05-04 05:22:24	288256	----a-w-	C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28	591872	----a-w-	C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28	249856	----a-w-	C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28	113664	----a-w-	C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43	1549312	----a-w-	C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02	666624	----a-w-	C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01	337408	----a-w-	C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01	197120	----a-w-	C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01	1401344	----a-w-	C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00	59392	----a-w-	C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31	86528	----a-w-	C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31	427520	----a-w-	C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31	164352	----a-w-	C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29	976896	----a-w-	C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10	467456	----a-w-	C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49	410112	----a-w-	C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37	168448	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40	289280	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51	1923968	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03	499200	----a-w-	C:\Windows\System32\drivers\afd.sys
2007-03-12 17:59:00	299008	----a-w-	C:\Program Files (x86)\navigram_register.exe
.
============= FINISH: 15:07:10,68 ===============

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by erwin at 15:05:57 on 2011-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.3836.2809 [GMT 2:00]
.
AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:57535
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110723103618.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; MATM)" -"http://idesign.saninet.eu/?id=WBR17IH775V68VK5"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.nl/SnapfishActivia3.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1120/Navigram.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{E811AD58-B4F5-4D66-AC33-C72D117F03C7} : DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-4-9 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-4-9 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-23 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-22 21:03:41	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2011-07-22 21:03:39	--------	d-----w-	C:\Windows\System32\wbem\en-US
2011-07-22 20:32:13	--------	d-----w-	C:\Windows\System32\SPReview
2011-07-22 19:14:20	48976	----a-w-	C:\Windows\System32\netfxperf.dll
2011-07-22 19:14:20	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2011-07-22 19:14:10	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2011-07-22 19:14:05	59392	----a-w-	C:\Windows\System32\drivers\TsUsbFlt.sys
2011-07-22 19:14:05	3715584	----a-w-	C:\Windows\System32\mstscax.dll
2011-07-22 19:14:05	12288	----a-w-	C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-07-22 19:14:04	1838080	----a-w-	C:\Windows\System32\d3d10warp.dll
2011-07-22 19:14:04	14967808	----a-w-	C:\Program Files\DVD Maker\OmdBase.dll
2011-07-22 19:14:01	3215872	----a-w-	C:\Windows\SysWow64\mstscax.dll
2011-07-22 19:12:59	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-07-22 19:11:59	98816	----a-w-	C:\Windows\SysWow64\Robocopy.exe
2011-07-22 19:10:59	9728	----a-w-	C:\Windows\SysWow64\sscore.dll
2011-07-22 19:09:52	606208	----a-w-	C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-22 19:09:52	363008	----a-w-	C:\Windows\SysWow64\wbemcomn.dll
2011-07-22 19:07:22	529408	----a-w-	C:\Windows\System32\wbemcomn.dll
2011-07-22 19:07:22	524288	----a-w-	C:\Windows\System32\wmicmiplugin.dll
2011-07-22 19:07:22	1225216	----a-w-	C:\Windows\System32\wbem\wbemcore.dll
2011-07-22 19:07:06	933376	----a-w-	C:\Windows\System32\SmiEngine.dll
2011-07-22 19:06:55	199168	----a-w-	C:\Windows\System32\PkgMgr.exe
2011-07-22 19:06:09	422912	----a-w-	C:\Windows\System32\drvstore.dll
2011-07-22 19:06:08	399872	----a-w-	C:\Windows\System32\dpx.dll
2011-07-21 21:13:33	--------	d-----w-	C:\Users\erwin\AppData\Local\Diagnostics
2011-07-21 20:59:40	--------	d-----w-	C:\Windows\System32\EventProviders
2011-07-21 20:59:21	--------	d-----w-	C:\cd3f07bf00e4d2d027fe163fd81c
2011-07-21 20:37:38	--------	d-----w-	C:\Users\erwin\AppData\Roaming\Malwarebytes
2011-07-21 20:37:06	41272	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-21 20:37:04	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-07-21 20:37:01	25912	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-07-21 20:37:00	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-02 08:47:52	64512	----a-w-	C:\Windows\SysWow64\devobj.dll
.
==================== Find3M  ====================
.
2011-07-22 20:44:00	175616	----a-w-	C:\Windows\System32\msclmd.dll
2011-07-22 20:44:00	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2011-06-11 03:07:25	3137536	----a-w-	C:\Windows\System32\win32k.sys
2011-06-03 06:57:45	362496	----a-w-	C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45	243200	----a-w-	C:\Windows\System32\wow64.dll
2011-06-03 06:57:45	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44	214528	----a-w-	C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38	421888	----a-w-	C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33	338944	----a-w-	C:\Windows\System32\conhost.exe
2011-06-03 06:00:53	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11	272384	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31	2048	----a-w-	C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55	404480	----a-w-	C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05	44544	----a-w-	C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38	145920	----a-w-	C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54	252928	----a-w-	C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03	2315776	----a-w-	C:\Windows\System32\tquery.dll
2011-05-04 05:22:25	778752	----a-w-	C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25	2223616	----a-w-	C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24	75264	----a-w-	C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24	491520	----a-w-	C:\Windows\System32\mssph.dll
2011-05-04 05:22:24	288256	----a-w-	C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28	591872	----a-w-	C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28	249856	----a-w-	C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28	113664	----a-w-	C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43	1549312	----a-w-	C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02	666624	----a-w-	C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01	337408	----a-w-	C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01	197120	----a-w-	C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01	1401344	----a-w-	C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00	59392	----a-w-	C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31	86528	----a-w-	C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31	427520	----a-w-	C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31	164352	----a-w-	C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29	976896	----a-w-	C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10	467456	----a-w-	C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49	410112	----a-w-	C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37	168448	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40	289280	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51	1923968	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03	499200	----a-w-	C:\Windows\System32\drivers\afd.sys
2007-03-12 17:59:00	299008	----a-w-	C:\Program Files (x86)\navigram_register.exe
.
============= FINISH: 15:07:10,68 ===============

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by erwin at 15:05:57 on 2011-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.3836.2809 [GMT 2:00]
.
AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:57535
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110723103618.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; MATM)" -"http://idesign.saninet.eu/?id=WBR17IH775V68VK5"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.nl/SnapfishActivia3.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1120/Navigram.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{E811AD58-B4F5-4D66-AC33-C72D117F03C7} : DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-4-9 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-4-9 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-4-9 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-23 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-22 21:03:41	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2011-07-22 21:03:39	--------	d-----w-	C:\Windows\System32\wbem\en-US
2011-07-22 20:32:13	--------	d-----w-	C:\Windows\System32\SPReview
2011-07-22 19:14:20	48976	----a-w-	C:\Windows\System32\netfxperf.dll
2011-07-22 19:14:20	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2011-07-22 19:14:10	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2011-07-22 19:14:05	59392	----a-w-	C:\Windows\System32\drivers\TsUsbFlt.sys
2011-07-22 19:14:05	3715584	----a-w-	C:\Windows\System32\mstscax.dll
2011-07-22 19:14:05	12288	----a-w-	C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-07-22 19:14:04	1838080	----a-w-	C:\Windows\System32\d3d10warp.dll
2011-07-22 19:14:04	14967808	----a-w-	C:\Program Files\DVD Maker\OmdBase.dll
2011-07-22 19:14:01	3215872	----a-w-	C:\Windows\SysWow64\mstscax.dll
2011-07-22 19:12:59	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-07-22 19:11:59	98816	----a-w-	C:\Windows\SysWow64\Robocopy.exe
2011-07-22 19:10:59	9728	----a-w-	C:\Windows\SysWow64\sscore.dll
2011-07-22 19:09:52	606208	----a-w-	C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-22 19:09:52	363008	----a-w-	C:\Windows\SysWow64\wbemcomn.dll
2011-07-22 19:07:22	529408	----a-w-	C:\Windows\System32\wbemcomn.dll
2011-07-22 19:07:22	524288	----a-w-	C:\Windows\System32\wmicmiplugin.dll
2011-07-22 19:07:22	1225216	----a-w-	C:\Windows\System32\wbem\wbemcore.dll
2011-07-22 19:07:06	933376	----a-w-	C:\Windows\System32\SmiEngine.dll
2011-07-22 19:06:55	199168	----a-w-	C:\Windows\System32\PkgMgr.exe
2011-07-22 19:06:09	422912	----a-w-	C:\Windows\System32\drvstore.dll
2011-07-22 19:06:08	399872	----a-w-	C:\Windows\System32\dpx.dll
2011-07-21 21:13:33	--------	d-----w-	C:\Users\erwin\AppData\Local\Diagnostics
2011-07-21 20:59:40	--------	d-----w-	C:\Windows\System32\EventProviders
2011-07-21 20:59:21	--------	d-----w-	C:\cd3f07bf00e4d2d027fe163fd81c
2011-07-21 20:37:38	--------	d-----w-	C:\Users\erwin\AppData\Roaming\Malwarebytes
2011-07-21 20:37:06	41272	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-21 20:37:04	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-07-21 20:37:01	25912	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-07-21 20:37:00	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-02 08:47:52	64512	----a-w-	C:\Windows\SysWow64\devobj.dll
.
==================== Find3M  ====================
.
2011-07-22 20:44:00	175616	----a-w-	C:\Windows\System32\msclmd.dll
2011-07-22 20:44:00	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2011-06-11 03:07:25	3137536	----a-w-	C:\Windows\System32\win32k.sys
2011-06-03 06:57:45	362496	----a-w-	C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45	243200	----a-w-	C:\Windows\System32\wow64.dll
2011-06-03 06:57:45	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44	214528	----a-w-	C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38	421888	----a-w-	C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33	338944	----a-w-	C:\Windows\System32\conhost.exe
2011-06-03 06:00:53	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11	272384	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31	2048	----a-w-	C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55	404480	----a-w-	C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05	44544	----a-w-	C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38	145920	----a-w-	C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54	252928	----a-w-	C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03	2315776	----a-w-	C:\Windows\System32\tquery.dll
2011-05-04 05:22:25	778752	----a-w-	C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25	2223616	----a-w-	C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24	75264	----a-w-	C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24	491520	----a-w-	C:\Windows\System32\mssph.dll
2011-05-04 05:22:24	288256	----a-w-	C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28	591872	----a-w-	C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28	249856	----a-w-	C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28	113664	----a-w-	C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43	1549312	----a-w-	C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02	666624	----a-w-	C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01	337408	----a-w-	C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01	197120	----a-w-	C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01	1401344	----a-w-	C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00	59392	----a-w-	C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31	86528	----a-w-	C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31	427520	----a-w-	C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31	164352	----a-w-	C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29	976896	----a-w-	C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10	467456	----a-w-	C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49	410112	----a-w-	C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37	168448	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40	289280	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51	1923968	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03	499200	----a-w-	C:\Windows\System32\drivers\afd.sys
2007-03-12 17:59:00	299008	----a-w-	C:\Program Files (x86)\navigram_register.exe
.
============= FINISH: 15:07:10,68 ===============

coenraad · 23 jul 2011

Ik geloof niet dat er iemand is die dit allemaal uit gaat spitten.
Je hebt MBAM gebruikt, maar gebruik ook eens een virusscanner en laat die je machine eens volledig scannen.

quikfit · 23 jul 2011

Hier:http://www.pc-helpforum.be/forum/ en
hier:http://www.nucia.eu/forum/index.php kijken ze wel logfiles na:thumb:

Hoe nu verder met verwijderen GOMEO (Zie logfiles)?

Smakkie

Gebruiker

coenraad

Terugkerende gebruiker

quikfit

Gebruiker

Nieuwste berichten

Wij waarderen jouw privacy