Goejedag
mijn dochter hare laptop is besmet met het windows antidanger center
heb een hijack this log + een combofix log gemaakt
willen jullie deze nakijken
alvast bedankt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:01, on 20/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files (x86)\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10835 bytes
ComboFix 11-06-19.0r1 - kris 20/06/2011 19:57:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3964.2640 [GMT 2:00]
Gestart vanuit: c:\users\kris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\britt\.COMMgr
c:\users\britt\AppData\Roaming\Microsoft\tbslxr.ex e
c:\users\britt\AppData\Roaming\Microsoft\uaclfo.ex e
c:\users\britt\AppData\Roaming\Microsoft\yroycn.ex e
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-20 to 2011-06-20 ))))))))))))))))))))))))))))))
.
.
2011-06-20 18:02 . 2011-06-20 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-20 18:02 . 2011-06-20 18:02 -------- d-----w- c:\users\britt\AppData\Local\temp
2011-06-20 17:16 . 2011-06-20 17:44 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-06-20 09:37 . 2011-06-20 09:37 -------- d-----w- c:\users\britt\AppData\Local\{82491062-B6AA-4084-89C6-25136AE5ED28}
2011-06-19 13:18 . 2011-06-19 13:19 -------- d-----w- c:\users\britt\AppData\Local\{A8CDABE4-2473-4234-8544-35FF042044AE}
2011-06-18 10:37 . 2011-06-18 10:37 -------- d-----w- c:\users\britt\AppData\Local\{F355E915-F797-4104-A2D8-8E43538E4A6B}
2011-06-17 14:02 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E006CF-7F02-4C8C-BEF2-742291F58FD7}\mpengine.dll
2011-06-17 11:03 . 2011-06-17 11:03 -------- d-----w- c:\users\britt\AppData\Local\{2D941FA9-CCF1-47C4-84A4-C7109BB6CB18}
2011-06-16 17:44 . 2011-06-16 17:44 -------- d-----w- c:\users\britt\.jenny
2011-06-16 09:24 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 09:23 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 09:23 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-16 09:14 . 2011-06-16 09:14 -------- d-----w- c:\users\britt\AppData\Local\{7E129E8A-B304-4A1A-B5D1-0506C46CBB4B}
2011-06-14 09:34 . 2011-06-14 09:34 -------- d-----w- c:\users\britt\AppData\Local\{CA18E998-C0DF-4807-9D2B-6BB7FF4EFCAE}
2011-06-12 13:28 . 2011-06-12 13:30 -------- d-----w- c:\users\britt\AppData\Local\{4DEB08F7-090D-458E-8FD8-975EEDBBF6D6}
2011-06-11 18:14 . 2011-06-11 18:15 -------- d-----w- c:\users\britt\AppData\Local\{9E1A95EB-AFAE-4C4D-B55F-61DF6FDB8929}
2011-06-11 12:35 . 2011-06-11 12:35 -------- d-----w- c:\users\britt\AppData\Local\{3BF7AD17-D1C2-4529-BC23-C2AA821B29B7}
2011-06-10 09:28 . 2011-06-10 09:28 -------- d-----w- c:\users\britt\AppData\Local\{F3AFCA91-6F23-41B6-8895-D7B0EDB243E3}
2011-06-08 10:57 . 2011-06-08 10:57 -------- d-----w- c:\users\britt\AppData\Local\{52AE17CB-AA64-457D-BA1B-12BE00F0BEA4}
2011-06-07 10:17 . 2011-06-07 10:17 -------- d-----w- c:\users\britt\AppData\Local\{69D7A40F-019F-4D88-A113-727D84988683}
2011-06-06 18:02 . 2011-06-06 18:02 -------- d-----w- c:\users\britt\AppData\Local\{64B020F4-C2FD-4654-9865-59FC271F8411}
2011-06-06 17:58 . 2011-06-06 17:58 -------- d-----w- c:\users\britt\AppData\Local\{DB5DB8C2-B782-4407-A47B-EE4252773EBD}
2011-06-05 10:33 . 2011-06-05 10:33 -------- d-----w- c:\users\britt\AppData\Local\{8724B8EB-5B8D-428A-84AD-2FE4E8F02370}
2011-06-04 09:25 . 2011-06-04 09:25 -------- d-----w- c:\users\britt\AppData\Local\{E9537829-E82D-4B06-ABAC-5DCFEF8D1414}
2011-06-03 10:58 . 2011-06-03 10:58 -------- d-----w- c:\users\britt\AppData\Local\{4A1A7EB4-1AE7-4AAD-868C-E7D89F6BC0CF}
2011-06-02 08:54 . 2011-06-02 08:54 -------- d-----w- c:\users\britt\AppData\Local\{B66EA8D4-16D7-4A94-9189-E86DA3109DDA}
2011-06-01 12:00 . 2011-06-01 12:00 -------- d-----w- c:\users\britt\AppData\Local\{40667FDA-FF3D-4BD2-82D2-C95BAE266FFC}
2011-05-31 15:53 . 2011-05-31 15:53 -------- d-----w- c:\users\britt\AppData\Local\{C3F5CC9B-1B6B-43A4-A4BF-7E93835BD94A}
2011-05-30 18:50 . 2011-05-30 18:50 -------- d-----w- c:\users\britt\AppData\Local\{4EBFD95C-7F70-4D43-9A70-4D062AD79E31}
2011-05-29 10:28 . 2011-05-29 10:28 -------- d-----w- c:\users\britt\AppData\Local\{A46A00B8-A697-4688-88D1-D5EA0BFDC812}
2011-05-26 15:27 . 2011-05-26 15:27 -------- d-----w- c:\users\britt\AppData\Local\{34AC5177-376A-4733-AC90-7FE903F57245}
2011-05-25 15:23 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 15:17 . 2011-05-25 15:17 -------- d-----w- c:\users\britt\AppData\Local\{9E1BC092-08E7-43AB-BD9E-1576A299AB5F}
2011-05-23 15:35 . 2011-06-20 17:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-23 15:35 . 2011-05-23 15:36 -------- d-----w- c:\users\britt\AppData\Local\{F6D102FC-B57D-4480-BD23-BC3E8962584F}
2011-05-22 16:00 . 2011-05-22 16:00 -------- d-----w- c:\program files\7-Zip
2011-05-22 15:55 . 2011-05-22 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-05-22 15:51 . 2011-05-22 15:55 -------- d-----w- c:\users\kris\AppData\Local\Adobe
2011-05-22 11:23 . 2011-05-22 11:23 -------- d-----w- c:\users\britt\AppData\Local\{AECE5090-8B7B-47F6-9134-104EE9A31F0B}
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-14 18:22 . 2011-05-14 18:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-14 18:22 . 2011-05-14 18:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-14 18:22 . 2011-05-14 18:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-14 18:22 . 2011-05-14 18:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-14 18:22 . 2011-05-14 18:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-14 18:22 . 2011-05-14 18:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-14 18:22 . 2011-05-14 18:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-14 18:22 . 2011-05-14 18:22 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-14 18:22 . 2011-05-14 18:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-14 18:22 . 2011-05-14 18:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-14 18:22 . 2011-05-14 18:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-14 18:22 . 2011-05-14 18:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-14 18:22 . 2011-05-14 18:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-14 18:22 . 2011-05-14 18:22 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-14 18:22 . 2011-05-14 18:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-14 18:22 . 2011-05-14 18:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-14 18:22 . 2011-05-14 18:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-14 18:22 . 2011-05-14 18:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-14 18:22 . 2011-05-14 18:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-14 18:22 . 2011-05-14 18:22 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-14 18:22 . 2011-05-14 18:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-14 18:22 . 2011-05-14 18:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-14 18:22 . 2011-05-14 18:22 448512 ----a-w- c:\windows\system32\html.iec
2011-05-14 18:22 . 2011-05-14 18:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-14 18:22 . 2011-05-14 18:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-14 18:22 . 2011-05-14 18:22 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-14 18:22 . 2011-05-14 18:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-14 18:22 . 2011-05-14 18:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-14 18:22 . 2011-05-14 18:22 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-14 18:22 . 2011-05-14 18:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-14 18:22 . 2011-05-14 18:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-14 18:22 . 2011-05-14 18:22 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-14 18:22 . 2011-05-14 18:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-14 18:22 . 2011-05-14 18:22 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-14 18:22 . 2011-05-14 18:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-14 18:22 . 2011-05-14 18:22 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-14 18:22 . 2011-05-14 18:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-14 18:22 . 2011-05-14 18:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-09 06:58 . 2011-05-19 18:18 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 11:48 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 11:48 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 11:48 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 18:18 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-03-29 03:32 . 2011-05-11 11:48 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:32 . 2011-05-11 11:48 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:32 . 2011-05-11 11:48 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:32 . 2011-05-11 11:48 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:32 . 2011-05-11 11:48 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:32 . 2011-05-11 11:48 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:32 . 2011-05-11 11:48 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"ccleaner"="c:\program files (x86)\CCleaner\ccleaner.exe" [2010-08-24 1779512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 16:17]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 16:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent 64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\kris\AppData\Roaming\Mozilla\Firefox\Prof iles\ef1gcw9y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2349712450-2485103154-950872310-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2349712450-2485103154-950872310-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00, 72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-06-20 20:10:42 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-20 18:10
.
Pre-Run: 51.356.700.672 bytes beschikbaar
Post-Run: 51.182.272.512 bytes beschikbaar
.
- - End Of File - - D91ED4F598F96004D289A5ACDDBAE662

na het heropstarten deze melding
er is een probleem opgetreden tijdens het starten van
users\britt\appdata\local\fwicmp.dll
kan opgegeven module niet vinden

bij google ingegeven maar niet echt een bruikbaar antwoord
bedankt

Hoi,

Combofix gebruiken op eigen initiatief is niet erg verstandig. Combofix is niet zomaar om even mee te scannen en kan serieuze schade aanbrengen.

1.
Download MalwareBytes' Anti-Malware (http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Er zal een pupup vensterje komen met de vraag of je MBAM wil evalueren.
http://img30.imageshack.us/img30/3928/mbam2.png
Klik hier op "Weigeren".

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.
De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!! (Lees de onderstaande instructies)


Problemen bij het installeren van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3419)
Problemen bij het updaten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3420)
Problemen bij het starten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3421)



2.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) naar het bureaublad.

Dubbelklik op "aswMBR.exe" om de tool te starten.
Vista en Windows 7 gebruikers: Reschtsklik -> uitvoeren als Administrator.
Klik op de knop "scan"
http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif
Als de scan gereed is klikt u op de knop "save log"
http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif
Plaats dit log bestand in het volgende bericht.


Succes,
Eveline.

bedankt Eveline dat je wilt helpen
hier de gevraagde logs
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6911

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

21/06/2011 20:37:27
mbam-log-2011-06-21 (20-37-27).txt

Scantype: Snelle scan
Objecten gescand: 186128
Verstreken tijd: 3 minuut/minuten, 20 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\Users\britt\AppData\Roaming\perfdiskv.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6911

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

21/06/2011 20:37:27
mbam-log-2011-06-21 (20-37-27).txt

Scantype: Snelle scan
Objecten gescand: 186128
Verstreken tijd: 3 minuut/minuten, 20 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\Users\britt\AppData\Roaming\perfdiskv.dll (Trojan.Agent) -> Quarantined and deleted successfully.


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 21:06:54
-----------------------------
21:06:54.401 OS Version: Windows x64 6.1.7601 Service Pack 1
21:06:54.401 Number of processors: 2 586 0x170A
21:06:54.401 ComputerName: KRIS-TOSH UserName: kris
21:06:54.823 Initialize success
21:07:00.860 AVAST engine defs: 11062100
21:07:05.399 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:07:05.399 Disk 0 Vendor: TOSHIBA_ GH01 Size: 305245MB BusType: 3
21:07:05.415 Disk 0 MBR read successfully
21:07:05.431 Disk 0 MBR scan
21:07:05.431 Disk 0 Windows 7 default MBR code
21:07:05.431 Service scanning
21:07:07.037 Disk 0 trace - called modules:
21:07:07.053 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:07:07.053 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579a060]
21:07:07.069 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046bf050]
21:07:07.568 AVAST engine scan C:\Windows
21:16:08.265 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
21:16:08.296 The log file has been saved successfully to "D:\aswMBR.txt"


alvast bedankt voor het nakijken
mvg

Dat ziet er goed uit. Krijg je nu nog rare meldingen?

bedankt Eveline om na te kijken:thx:
geen rare meldingen meer(y)
denk dat het opgelost is
thnx
mvg
mag slotje op

Graag gedaan.

1.
Download of Update Ccleaner (http://www.piriform.com/ccleaner/download/slim)
Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK


2.
Systeemherstel.
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier. (http://www.malwareinfo.nl/malware/systeemherstel.html)

3.
Meer informatie over het op to date houden van uw software en tips om herinfectie te voorkomen vind u oa hier:
http://www.malwareinfo.nl/handigetips/updates.html en hier: http://users.telenet.be/marcvn/spyware/1564073.htm
Voorkomen is immers beter dan genezen.

Kunnen we deze als opgelost beschouwen?