zou er eens iemand willen kijken of alles inorde is want als de pc opstart komt er iets op het scherm dat mijne pc geinfecteerd is en dat ik problemen ga krijgen als ik dat niet installeer.
Ik heb al altijd op anuleren geklikt en in de balk de kant van het uurwerk komt er dan een groene bol met een rode bol in en ik klik dan op close

Bedankt
Carine

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:20, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {508C4DD0-1B03-469C-B539-63BE73C5A2D1} - C:\WINDOWS\system32\ofmqefcu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DDB87187-F57A-47F1-AD28-40B0372ADE02} - C:\WINDOWS\system32\geeby.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxoc.dll,startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: gos2E0 - gos2E0.tmp (file missing)
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7865 bytes

dat behoort tot diene groene bol met die rode bol met daarin een uitroep teken
"security warning:your computer may be infected with harmful or unwanted software!"

Carine

http://antivirusscherm.com/scherm/index.php?00170d59104259464a6a52013a5f5c3b04415e4c 67574452001553110a08010050553b050c6a0b090b066f5556 07063b560f016759596810504054045b45476b505755515b02 0e080d0d160516500d554758445d0507115742430f51531354 595c55

dat is de site waar ik naartoe ga als ik erop klik.
Misschien is het niets maar toch betrouw ik het niet

Carine

Hoi,

Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.

Dubbelklik VundoFix.exe om het te starten.
Klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.

Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Click the Scan for Vundo."

dit is van vundofix

VundoFix V6.6.2
Checking Java version...
Scan started at 10:25:58 18/11/2007
Listing files found while scanning....
C:\windows\system32\drvxocr.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\TEMP\gos8A.tmp
Beginning removal...
Attempting to delete C:\windows\system32\drvxocr.dll
C:\windows\system32\drvxocr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!
Performing Repairs to the registry.
Done!

en dit is van hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:35, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {508C4DD0-1B03-469C-B539-63BE73C5A2D1} - C:\WINDOWS\system32\aphdhgeg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {78718607-E7DA-4466-AD16-E8F40903C36C} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DDB87187-F57A-47F1-AD28-40B0372ADE02} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: gos2E0 - gos2E0.tmp (file missing)
O20 - Winlogon Notify: gos8A - gos8A.tmp (file missing)
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8632 bytes


Groetjes
Carine

Hoi,
dat ziet er al beter uit.

Open HijackThis, klik do a scan only[/b en vink volgende regels aan:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {508C4DD0-1B03-469C-B539-63BE73C5A2D1} - C:\WINDOWS\system32\aphdhgeg.dll
O2 - BHO: (no name) - {78718607-E7DA-4466-AD16-E8F40903C36C} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DDB87187-F57A-47F1-AD28-40B0372ADE02} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: gos2E0 - gos2E0.tmp (file missing)
O20 - Winlogon Notify: gos8A - gos8A.tmp (file missing)
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll

Sluit alle open vensters, behalve HijackThis, en klik op [b]Fix Checked. Sluit HijackThis.

* Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad.
Dubbelklik combofix.exe
Volg de instructies.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw hijackthislog

heb problemen met combofix hij zegt dat ik een verouderde versie heeft en hij doet uit zichzelf unistall en verder gebeurd er niks meer

Carine

Doe eens eerst de stappen in HijackThis en doe dan volgende:

Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) naar je Bureaublad:
Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Indien een popup verschijnt met het voorstel tot kopen/50% korting,
mag je deze sluiten met het kruisje.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9 en kies daarna voor Acties en stel daar het volgende in onder Malware :
Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij "Prompt bij actie".
Druk dan op OK.
Druk op F9 en kies daarna voor Scan en verwijder het vinkje bij Heuristische analyse en klik op OK.
Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
Selecteer hier alle stations. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is.
Nadat de scan gedaan is, in het menu bovenaan, klik Bestand en kies Rapportage lijst opslaan. Bewaar het op je Bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post samen met een nieuw HijackThis log.

Groet,
Rosty.

En probeer deze van Combofix eens :

Verwijder eens je ComboFix versie van je Bureaublad,
en download en run daarna deze versie :

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

dit is van combofix
ComboFix 07-11-08.3 - Roubedou 2007-11-18 13:19:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.506 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Roubedou\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\drvjubr.dll
C:\WINDOWS\system32\drvluxr.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-18 to 2007-11-18 ))))))))))))))))))))))))))))))
.
2007-11-18 12:16 <DIR> d-------- C:\Documents and Settings\Roubedou\DoctorWeb
2007-11-18 11:49 104,448 --a------ C:\WINDOWS\system32\drvlux.dll
2007-11-18 11:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 16:53 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-17 16:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-17 15:18 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Lavasoft
2007-11-17 15:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-17 15:12 164 --a------ C:\install.dat
2007-11-17 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-17 15:03 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-11-17 15:03 <DIR> d-------- C:\Program Files\Hitman Pro
2007-11-17 14:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-11-17 13:01 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-17 12:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 11:13 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Intervideo
2007-11-17 02:05 101,971 ---hs---- C:\WINDOWS\system32\ybeeg.bak1
2007-11-17 01:38 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Azureus
2007-11-17 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 00:15 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Grisoft
2007-11-17 00:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-16 22:10 <DIR> d-------- C:\Documents and Settings\Roubedou\Bluetooth Software
2007-11-16 22:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-16 22:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-16 22:08 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-16 22:08 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-16 22:08 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-16 22:08 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-16 22:06 <DIR> d-------- C:\Program Files\ANYCOM
2007-11-16 22:06 77,824 --a------ C:\WINDOWS\system32\btw_ci.dll
2007-11-16 22:06 67,384 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2007-11-16 22:06 19,436 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys
2007-11-16 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-16 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-16 11:53 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-11-16 11:51 <DIR> d-------- C:\Program Files\EPSON
2007-11-16 11:51 <DIR> d-------- C:\EPSON
2007-11-15 12:52 <DIR> d-------- C:\Program Files\Teach2000
2007-11-15 11:58 <DIR> d-------- C:\WINDOWS\pss
2007-11-15 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 15:14 <DIR> d-------- C:\Program Files\Didascalia
2007-11-11 16:59 <DIR> d-------- C:\Program Files\MindJET
2007-11-10 17:12 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-10 17:12 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-10 17:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Shared
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Incomplete
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\LimeWire
2007-11-10 13:11 <DIR> d-------- C:\Documents and Settings\Roubedou\Contacts
2007-11-10 13:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-10 13:08 <DIR> d-------- C:\Program Files\Windows Live
2007-11-10 13:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-10 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-10 11:58 <DIR> d-------- C:\Program Files\LimeWire
2007-11-10 11:47 <DIR> d-------- C:\Program Files\Azureus
2007-11-10 11:20 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-11-10 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-11-10 11:11 <DIR> d-------- C:\Program Files\Zylom Games
2007-11-10 00:53 <DIR> d-------- C:\WINDOWS\Sun
2007-11-10 00:53 <DIR> d-------- C:\Program Files\Java
2007-11-10 00:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-10 00:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-11-10 00:12 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-10 00:12 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-10 00:12 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-10 00:12 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-10 00:12 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-10 00:12 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-10 00:12 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-10 00:12 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-10 00:07 <DIR> d--hs---- C:\Documents and Settings\Roubedou\UserData
2007-11-09 23:40 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-11-09 23:22 <DIR> d-------- C:\Program Files\TextBridge Classic
2007-11-09 23:22 <DIR> d-------- C:\Documents and Settings\Roubedou\WINDOWS
2007-11-09 23:21 <DIR> d-------- C:\Program Files\Flatbed Scanner
2007-11-09 23:15 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-09 22:59 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2007-11-09 22:59 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2007-11-09 22:58 <DIR> d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2007-11-09 22:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-09 22:58 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-11-09 22:54 70,924 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2007-11-09 22:54 56,832 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-11-09 22:54 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-11-09 22:54 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-11-09 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-09 22:18 <DIR> d-------- C:\Program Files\Google
2007-11-09 22:17 45,056 --a------ C:\WINDOWS\system32\drivers\iviVD.sys
2007-11-09 22:01 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-11-09 21:37 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-09 20:44 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\AVG7
2007-11-09 20:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-09 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-09 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-09 20:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-09 20:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-09 20:34 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\AdobeUM
2007-11-09 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-09 22:36 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-09 19:12 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35]
"nwiz"="nwiz.exe" [2006-10-30 23:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 10:40]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]
winmbj32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Roubedou^Menu Start^Programma's^Opstarten^Watch.lnk]
path=C:\Documents and Settings\Roubedou\Menu Start\Programma's\Opstarten\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkStartup
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
.
************************************************** ************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 13:22:30
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-11-18 13:24:28 - machine was rebooted
.
--- E O F ---

dit is van dr web
drvjub.dll;c:\windows\system32;Waarschijnlijk BACKDOOR.Trojan;Verwijderd.;lo1[1];C:\Documents and Settings\Roubedou\Local Settings\Temporary Internet Files\Content.IE5\FK8182J4;Trojan.Virtumod;Verwijd erd.;backup-20071118-114439-691.dll;C:\Program Files\Trend Micro\HijackThis\backups;Adware.Crew;Verplaatst.;A 0000034.dll;C:\System Volume Information\_restore{0F5E125D-A734-4B24-B7B3-BFC63AF26D7F}\RP2;Trojan.Mezzia.77;Verwijderd.;A00 00035.dll;C:\System Volume Information\_restore{0F5E125D-A734-4B24-B7B3-BFC63AF26D7F}\RP2;Adware.Crew;Verplaatst.;aphdhgeg .dll;C:\WINDOWS\system32;Adware.Crew;Verplaatst.;

dit is van hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:56, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7187 bytes

Carine

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\ybeeg.bak1

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]

Sla dit op op je Bureaublad als CFScript .Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje.

ik heb gedaan wat je hebt gezegd maar heb weer het probleem met combo fix dat hij verouderd is en doet zichzelf weer unistall

Carine

kan er mij iemand een nieuwe combo fix geven aub dan kan ik verder doen met hetgeen rosty heeft gezegd
Alvast bedankt
Carine

Hoi smurfke,

de reden waarom combofix het niet daad was omdat sUBs, de maker van het tooltje, afwezig was. Hij heeft er een veiligheid van 10 dagen geldigheid ingebouwd.

* Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad.
en doe dan verder met de instructies die ik je gaf!

hier een file van combofix

ComboFix 07-11-19.3 - Roubedou 2007-11-22 12:37:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.454 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Roubedou\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roubedou\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\WINDOWS\system32\ybeeg.bak1
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsx187.dll
C:\WINDOWS\system32\ybeeg.bak1
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))
.
2007-11-20 15:04 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\FrostWire
2007-11-18 14:38 <DIR> d-------- C:\Program Files\printercode
2007-11-18 12:16 <DIR> d-------- C:\Documents and Settings\Roubedou\DoctorWeb
2007-11-17 18:26 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-17 16:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-17 15:18 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Lavasoft
2007-11-17 15:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-17 15:12 164 --a------ C:\install.dat
2007-11-17 15:11 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-17 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-17 15:03 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-11-17 15:03 <DIR> d-------- C:\Program Files\Hitman Pro
2007-11-17 14:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-11-17 13:01 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-17 12:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 11:13 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Intervideo
2007-11-17 02:05 105,331 ---hs---- C:\WINDOWS\system32\ybeeg.ini
2007-11-17 01:38 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Azureus
2007-11-17 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 00:15 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\Grisoft
2007-11-17 00:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-16 22:10 <DIR> d-------- C:\Documents and Settings\Roubedou\Bluetooth Software
2007-11-16 22:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-16 22:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-16 22:06 <DIR> d-------- C:\Program Files\ANYCOM
2007-11-16 22:06 77,824 --a------ C:\WINDOWS\system32\btw_ci.dll
2007-11-16 22:06 67,384 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2007-11-16 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-16 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-16 11:53 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-11-16 11:51 <DIR> d-------- C:\Program Files\EPSON
2007-11-16 11:51 <DIR> d-------- C:\EPSON
2007-11-15 12:52 <DIR> d-------- C:\Program Files\Teach2000
2007-11-15 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 15:14 <DIR> d-------- C:\Program Files\Didascalia
2007-11-11 16:59 <DIR> d-------- C:\Program Files\MindJET
2007-11-10 17:12 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-10 17:12 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-10 17:12 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-10 17:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Shared
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Incomplete
2007-11-10 16:25 <DIR> d-------- C:\Documents and Settings\Roubedou\Application Data\LimeWire
2007-11-10 13:11 <DIR> d-------- C:\Documents and Settings\Roubedou\Contacts
2007-11-10 13:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-10 13:08 <DIR> d-------- C:\Program Files\Windows Live
2007-11-10 13:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-10 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-10 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-11-10 11:11 <DIR> d-------- C:\Program Files\Zylom Games
2007-11-10 00:53 <DIR> d-------- C:\WINDOWS\Sun
2007-11-10 00:53 <DIR> d-------- C:\Program Files\Java
2007-11-10 00:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 00:53 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-10 00:53 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-10 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-10 00:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-11-10 00:12 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-10 00:12 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-10 00:07 <DIR> d--hs---- C:\Documents and Settings\Roubedou\UserData
2007-11-09 23:40 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-11-09 23:40 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-11-09 23:40 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-11-09 23:37 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-11-09 23:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-11-09 23:37 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2007-11-09 23:37 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-09 23:37 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-11-09 23:37 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2007-11-09 23:37 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-09 23:37 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2007-11-09 23:37 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2007-11-09 23:37 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2007-11-09 23:37 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-11-09 23:37 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-09 23:37 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2007-11-09 23:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-09 23:37 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys
2007-11-09 23:36 16,125,440 -ra------ C:\WINDOWS\RTHDCPL.EXE
2007-11-09 23:36 9,709,568 -ra------ C:\WINDOWS\RTLCPL.EXE
2007-11-09 23:36 2,879,488 -ra------ C:\WINDOWS\SkyTel.exe
2007-11-09 23:36 2,808,832 -ra------ C:\WINDOWS\ALCWZRD.EXE
2007-11-09 23:36 2,157,568 -ra------ C:\WINDOWS\MicCal.exe
2007-11-09 23:36 1,191,936 -ra------ C:\WINDOWS\RtlUpd.exe
2007-11-09 23:36 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-09 23:36 282,624 -ra------ C:\WINDOWS\system32\RTSndMgr.CPL
2007-11-09 23:36 86,016 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2007-11-09 23:36 69,632 -ra------ C:\WINDOWS\ALCMTR.EXE
2007-11-09 23:22 <DIR> d-------- C:\WINDOWS\pixtran
2007-11-09 23:22 <DIR> d-------- C:\Program Files\TextBridge Classic
2007-11-09 23:22 <DIR> d-------- C:\Documents and Settings\Roubedou\WINDOWS
2007-11-09 23:22 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-09 23:22 174,080 --a------ C:\WINDOWS\system32\PIXDFLTN.DLL
2007-11-09 23:22 152,576 --a------ C:\WINDOWS\system32\PIXDFLT.DLL
2007-11-09 23:22 26,112 --a------ C:\WINDOWS\system32\PIXTHK32.DLL
2007-11-09 23:22 24,624 --a------ C:\WINDOWS\system32\PIXTHK16.DLL
2007-11-09 23:22 24,064 --a------ C:\WINDOWS\system32\PIXPERM.DLL
2007-11-09 23:22 17,920 --a------ C:\WINDOWS\system32\PIXPERMN.DLL
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-09 19:12 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-30 23:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 10:40]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 10:40]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]
winmbj32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Roubedou^Menu Start^Programma's^Opstarten^Watch.lnk]
path=C:\Documents and Settings\Roubedou\Menu Start\Programma's\Opstarten\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkStartup
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
.
************************************************** ************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 12:40:30
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-11-22 12:42:21 - machine was rebooted
.
--- E O F ---


en hier ene van hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:28, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7161 bytes


Carine

Hoi,

volgende regel mag je Fixen in HijackThis:

O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.

Herstart je PC en post een nieuw HijackThis logje. Laat me weten hoe alles werkt.

heb gedaan wat je zei en alles werkt momenteel naar behoren en is ook al veel sneller met opstarten.
hier nog het gevraagde logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:14, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7065 bytes


Nu heb ik nog een vraagje ik zit nu met ad-aware, spybotSD en avg anti spyware maar deze is maar 30dagen geldig.
Ben ik nu goed met deze programmas of zeg je er zijn er nog die je moet hebben.Zo ja de welke?
Als antivirus heb ik avg zitten.

Alvast bedankt voor de hulp die je hebt gegeven en informatie
Vriendelijke groeten
Carine

Hoi,


Nu heb ik nog een vraagje ik zit nu met ad-aware, spybotSD en avg anti spyware maar deze is maar 30dagen geldig.
Ben ik nu goed met deze programmas of zeg je er zijn er nog die je moet hebben.Zo ja de welke?
Als antivirus heb ik avg zitten.

Deze zijn goed hoor, gewoon zorgen dat je ze wekelijks manueel up-to-dat houd en wekelijks een scan uitvoeren!!

Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt
Hier nog wat tips. tips (http://www.jawwi.nl/tips/beveiligen.html)

bedankt ga dat zeker doen, en ook bedankt voor de hulp.

groeten
Carine

PS.mag een slotje op

Graag gedaan hoor.:good: