Antimalware doctor

[myself001]

Hey iedereen,

Sinds gisteren heb ik ineens dit programma op mijn laptop staan. Ik heb reeds geprobeerd om deze via verschillende aanbevolen manieren op het internet te verwijderen, maar helaas zonder resultaat.

Na het lezen op jullie forum, vroeg ik mij nu af of het steeds dezelfde files zijn die dienen verwijderd te worden of kan dit veranderen?

Ik heb ondertussen hijackthis geïnstalleerd en dit is de log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:52:04, on 26/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Registry Clean Expert\RCHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Thierry\Bureaublad\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0E9547A0-F1C2-49FD-8024-D74265298256} - c:\windows\system32\ijbfyiu.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL

O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\Toshiba\ConfigFree\CFSServ.exe -NoClient

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [nosrmwaxec.tmp] "C:\DOCUME~1\Thierry\LOCALS~1\Temp\nosrmwaxec.tmp"

O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe

O4 - HKLM\..\Run: [njwuhbna] C:\Documents and Settings\Thierry\Local Settings\Application Data\vsxdbsgkn\onpaabeshdw.exe

O4 - HKLM\..\Run: [upcrryjv] C:\Documents and Settings\Thierry\Local Settings\Application Data\msecbkhcq\ouuygnnshdw.exe

O4 - HKLM\..\Run: [mhypvgrg] C:\Documents and Settings\Administrator\Local Settings\Application Data\irmbpnxpe\uwjccklshdw.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Games\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [njwuhbna] C:\Documents and Settings\Thierry\Local Settings\Application Data\vsxdbsgkn\onpaabeshdw.exe

O4 - HKCU\..\Run: [upcrryjv] C:\Documents and Settings\Thierry\Local Settings\Application Data\msecbkhcq\ouuygnnshdw.exe

O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Iluwod.exe

O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\Thierry\LOCALS~1\Temp\Ird.exe

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "D:\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145870577076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 11070 bytes

Zelf ben ik nog bijlange geen expert of dergelijke, maar probeer nu al geruime tijd de pc-problemen een beetje op te lossen of erover te lezen, dus hopelijk kan iemand mij hier ook mee helpen.

Alvast bedankt en groetjes

[kweezie wabbit]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop CLTNetCnService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete CLTNetCnService

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista of windows 7 kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: (no name) - {0E9547A0-F1C2-49FD-8024-D74265298256} - c:\windows\system32\ijbfyiu.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [nosrmwaxec.tmp] "C:\DOCUME~1\Thierry\LOCALS~1\Temp\nosrmwaxec.tmp"

O4 - HKLM\..\Run: [njwuhbna] C:\Documents and Settings\Thierry\Local Settings\Application Data\vsxdbsgkn\onpaabeshdw.exe

O4 - HKLM\..\Run: [upcrryjv] C:\Documents and Settings\Thierry\Local Settings\Application Data\msecbkhcq\ouuygnnshdw.exe

O4 - HKLM\..\Run: [mhypvgrg] C:\Documents and Settings\Administrator\Local Settings\Application Data\irmbpnxpe\uwjccklshdw.ex

O4 - HKCU\..\Run: [njwuhbna] C:\Documents and Settings\Thierry\Local Settings\Application Data\vsxdbsgkn\onpaabeshdw.exe

O4 - HKCU\..\Run: [upcrryjv] C:\Documents and Settings\Thierry\Local Settings\Application Data\msecbkhcq\ouuygnnshdw.exe

O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Iluwod.exe

O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\Thierry\LOCALS~1\Temp\Ird.exe

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)

O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• 
  Download

Java Runtime Environment (JRE) 6 Update 21.

• Scroll omlaag naar : "Java SE Runtime Environment (JRE) 6 Update 21".
  
• Klik op de "Download" knop aan de rechterkant.
  
• In het uitklapmenu rechts naast Platform, selecteer Windows
  
• Vink aan: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement", en klik op Continue.
  
• De pagina zal herladen.
  
• Klik op de jre-6u21-windows-i586.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Dubbelklik vervolgens op jre-6u21-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.
  

[myself001]

Hey,

Bedankt alvast, heb deze stappen allemaal uitgevoerd zoals beschreven.

Dit zijn de nieuwe logs:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:51:08, on 26/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Thierry\Bureaublad\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL

O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\Toshiba\ConfigFree\CFSServ.exe -NoClient

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Games\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "D:\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145870577076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: yotamtt - yotamtt.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 8757 bytes

Malware 1ste scan:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4483

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

26/08/2010 16:02:44

mbam-log-2010-08-26 (16-02-44).txt

Scantype: Snelle scan

Objecten gescand: 185728

Verstreken tijd: 20 minuut/minuten, 12 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 7

Registerwaarden geïnfecteerd: 4

Registerdata geïnfecteerd: 2

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 41

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e9547a0-f1c2-49fd-8024-d74265298256} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0e9547a0-f1c2-49fd-8024-d74265298256} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\WINDOWS\system32\ijbfyiu.dll (Trojan.BHO.H) -> Delete on reboot.

C:\RECYCLER\S-1-5-21-4140126541-2688736630-3646312564-1005\Dc1\SYSTEM.EXE (Worm.Autorun. -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\dtrycr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\eqhff.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\Ird.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\4D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\4F.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\51.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\762717.exe (Worm.Kolab) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\eqhff.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\Ird.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\Ire.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\nosrmwaxec.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temp\unqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\016BWX27\evwdlf[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\016BWX27\rp020832[1].exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01MZSTQZ\loaderadv600[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTUFKPAJ\vmdkfnhp[1].htm (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ST67O92J\bbvmus[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\01MZSTQZ\bbvmus[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\01MZSTQZ\evwdlf[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\01MZSTQZ\vmdkfnhp[1].htm (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\3RCKN9DF\dhojrcwrm[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\3RCKN9DF\dhojrcwrm[3].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\3RCKN9DF\newsecureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\3RCKN9DF\oytnvg[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\3RCKN9DF\qhysq[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\EY8I4CGE\cgbvd[1].htm (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\EY8I4CGE\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\G0CE7100\cgbvd[1].htm (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Temporary Internet Files\Content.IE5\G0CE7100\qhysq[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Application Data\ohydy.exe (Worm.Palevo) -> Delete on reboot.

C:\Documents and Settings\Administrator\Application Data\ohydy.exe (Worm.Palevo) -> Delete on reboot.

C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Thierry\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Thierry\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Malware 2de scan:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4483

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

26/08/2010 16:50:46

mbam-log-2010-08-26 (16-50-46).txt

Scantype: Snelle scan

Objecten gescand: 185234

Verstreken tijd: 18 minuut/minuten, 20 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Greetz

[kape]

Heb je ondertussen de PC al opnieuw opgestart ? Een aantal van de aangeduide items worden pas verwijderd na een nieuwe start "Delete on reboot".

En blijkbaar heb je de update van JAVA nog niet uitgevoerd. Om veiligheidsredenen kan je dit best wel uitvoeren.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop “Application Updater”

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete “Application Updater”

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - Winlogon Notify: yotamtt - yotamtt.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Laat even weten og je nog merkbare problemen hebt met onze vriend "Antimalware Doctor" ... en hang een nieuw log van HijackThis en Malwarebytes - ter controle - in je volgende bericht.

[myself001]

Hey,

Sorry voor de late reactie, maar mijn pc is ondertussen niet meer op te starten geweest. Na het aanpassen en het doorsturen van de nieuwe logs, heb ik Java geupdate en de pc heropgestart. Ondertussen had AVG ook wel een scan uitgevoerd, die volgens mij bepaalde zaken moet gedelete hebben.

Probleem was dus bij de heropstart dat ik vlak voor mijn Windows kon openen een onvermijdbare fout had (c00021 als ik het nog goed herinner) en een blauw scherm kreeg, waarop de pc vervolgens alleen nog maar pogingen deed tot heropstarten. Veilige modus en dergelijke werkten niet meer.

Een reparatie van Windows lukte mij al evenmin, dus heb een extra partitie gemaakt en daarop voorlopig een nieuwe, draaiende XP kunnen zetten.

Nu vroeg ik mij echter af of het mogelijk was om de oude Windows nog te repareren en dus alles te kunnen herstellen zoals voorheen ofdat ik wel degelijk alles opnieuw zal moeten installeren en alle data overzetten?

Mvg

Thierry

[kweezie wabbit]

Ik denk dat je beter alles kunt overzetten naar de nieuwe installatie en dan de partitie van de "kapotte" windows opnieuw formatteren.

Dan ben je zeker dat je een werkende installatie hebt en het is nog de vraag of de oude te herstellen valt.

[myself001]

Ok, dan doe ik het zo.

Enorm bedankt voor de snelle reacties en de duidelijke hulp.

Groetjes