Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

hier volgen de 3 logjes


VGB


[12/29/2007, 0:23:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Zjillbeare.com\Bureaublad\VirtumundoBeGone.exe" )
[12/29/2007, 0:24:04] - Detected System Information:
[12/29/2007, 0:24:04] - Windows Version: 5.1.2600,
[12/29/2007, 0:24:04] - Current Username: Zjillbeare.com (Admin)
[12/29/2007, 0:24:04] - Windows is in NORMAL mode.
[12/29/2007, 0:24:04] - Searching for Browser Helper Objects:
[12/29/2007, 0:24:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/29/2007, 0:24:04] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/29/2007, 0:24:04] - BHO 3: {6EB30177-3F8E-4288-9B3B-9E3C866EE126} ()
[12/29/2007, 0:24:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 0:24:04] - Checking for HKLM\...\Winlogon\Notify\mllig
[12/29/2007, 0:24:04] - Key not found: HKLM\...\Winlogon\Notify\mllig, continuing.
[12/29/2007, 0:24:04] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/29/2007, 0:24:04] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[12/29/2007, 0:24:04] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/29/2007, 0:24:04] - Finished Searching Browser Helper Objects
[12/29/2007, 0:24:04] - Finishing up...
[12/29/2007, 0:24:04] - Nothing found! Exiting...

RVAXO

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\tuvtrss.dll.vir
C:\WINDOWS\system32\gillm.ini2
C:\WINDOWS\system32\mswinup.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\winupsvc.exe
C:\WINDOWS\SYSTEM32\SSPRS.DLL
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL

Uninstallers Rogue scanners:


Folders Found:

C:\WINDOWS\system32\winsecurityxp

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

combo fix

ComboFix 07-12-21.4 - Zjillbeare.com 2007-12-28 19:49:51.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.130 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Zjillbeare.com\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\NTSVC.ocx

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
.

2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-28 16:36 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-28 16:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-28 16:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-28 16:36 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-28 16:27 . 2007-12-28 19:56 31,723 --ahs---- C:\WINDOWS\system32\gillm.ini2
2007-12-28 16:16 . 2007-12-28 16:17 <DIR> d-------- C:\RVAXO
2007-12-28 16:13 . 2007-12-28 09:55 575,630 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 16:13 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-28 14:07 . 2007-12-28 14:07 <DIR> d--hs---- C:\FOUND.002
2007-12-28 13:50 . 2007-12-28 13:51 <DIR> dr-h----- C:\Documents and Settings\Zjillbeare.com\Onlangs geopend
2007-12-28 12:21 . 2007-12-28 12:21 <DIR> d-------- C:\VundoFix Backups
2007-12-28 12:17 . 2007-12-28 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 22:31 . 2007-12-28 19:56 31,723 --ahs---- C:\WINDOWS\system32\gillm.ini
2007-12-27 21:38 . 2007-12-27 21:39 <DIR> d-------- C:\Documents and Settings\Zjillbeare.com\DoctorWeb
2007-12-27 19:04 . 2007-12-27 19:04 <DIR> d--hs---- C:\FOUND.001
2007-12-27 18:42 . 2007-12-27 18:42 <DIR> d--hs---- C:\FOUND.000
2007-12-27 18:37 . 2007-12-27 18:37 314,752 --a------ C:\WINDOWS\system32\mllig.dll
2007-12-08 12:17 . 2007-12-08 12:17 268 --ah----- C:\sqmdata00.sqm
2007-12-08 12:17 . 2007-12-08 12:17 244 --ah----- C:\sqmnoopt00.sqm
2007-12-01 17:08 . 2007-12-01 17:08 <DIR> d-------- C:\Program Files\LitexMedia
2007-12-01 11:54 . 2007-12-01 11:54 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\AVG7
2007-11-30 18:34 . 2007-11-30 18:34 <DIR> d-------- C:\Documents and Settings\Zjillbeare.com\Application Data\AVG7
2007-11-30 18:34 . 2007-11-30 18:34 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-30 18:33 . 2007-11-30 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 12:49 262,144 ----a-w C:\ntuser.dat
2007-10-28 13:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2006-07-18 18:16 266 --sh--w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( [email protected]_16.27.57.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2005-05-26 03:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-12-28 15:20:06 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-28 18:49:38 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2005-05-26 03:16:24 75,544 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2005-05-26 03:16:34 125,208 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2005-05-26 03:16:30 1,343,768 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:52 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2005-05-26 03:16:34 466,200 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-26 03:16:34 125,208 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-26 03:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-26 03:16:34 128,280 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-26 03:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-26 03:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2005-05-26 03:16:30 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 18:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E289319A-C673-4226-9A22-7DEC204CE86A}]
2007-12-27 18:37 314752 --a------ C:\WINDOWS\System32\mllig.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 11:00]
"explorer.exe"="c:\windows\explorer.exe" [2001-09-07 12:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-30 18:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\mllig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zjillbeare.com^Menu Start^Programma's^Opstarten^AdsGone.lnk]
path=
backup=C:\WINDOWS\pss\AdsGone.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
2005-05-25 12:12 517632 --a------ C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2001-09-07 12:00 13312 --a------ C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dvd plan noun inside]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Type City]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-09-23 19:30 292152 --------- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"szserver"=2 (0x2)
"gusvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)

S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-09-06 19:49]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 19:57:41
Windows 5.1.2600 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\WINDOWS\System32\mllig.dll
.
Voltooingstijd: 2007-12-28 19:58:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-12-27 20:47
C:\ComboFix3.txt ... 2007-12-27 20:47
C:\ComboFix2.txt ... 2007-12-28 16:28

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

problemen zijn over met explorer

hier volge nog de logjes

combo

ComboFix 07-12-21.4 - Zjillbeare.com 2007-12-30 13:13:27.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.140 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Zjillbeare.com\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zjillbeare.com\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\system32\gillm.ini
C:\WINDOWS\system32\gillm.ini2
C:\WINDOWS\system32\mllig.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\VundoFix Backups
C:\WINDOWS\system32\gillm.ini
C:\WINDOWS\system32\gillm.ini2
C:\WINDOWS\system32\mllig.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
.

2007-12-30 13:02 . 2007-12-30 13:02 <DIR> d-------- C:\!KillBox
2007-12-28 20:59 . 2007-12-28 20:59 <DIR> d--hs---- C:\FOUND.003
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-28 16:36 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-28 16:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-28 16:36 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-28 16:36 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-28 13:50 . 2007-12-28 13:51 <DIR> dr-h----- C:\Documents and Settings\Zjillbeare.com\Onlangs geopend
2007-12-28 12:17 . 2007-12-28 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 21:38 . 2007-12-27 21:39 <DIR> d-------- C:\Documents and Settings\Zjillbeare.com\DoctorWeb
2007-12-08 12:17 . 2007-12-08 12:17 268 --ah----- C:\sqmdata00.sqm
2007-12-08 12:17 . 2007-12-08 12:17 244 --ah----- C:\sqmnoopt00.sqm
2007-12-01 17:08 . 2007-12-01 17:08 <DIR> d-------- C:\Program Files\LitexMedia
2007-12-01 11:54 . 2007-12-01 11:54 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\AVG7
2007-11-30 18:34 . 2007-11-30 18:34 <DIR> d-------- C:\Documents and Settings\Zjillbeare.com\Application Data\AVG7
2007-11-30 18:34 . 2007-11-30 18:34 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-30 18:33 . 2007-11-30 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-07 12:48 . 2007-11-07 12:48 <DIR> d-------- C:\Documents and Settings\Zjillbeare.com\Incomplete

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 12:49 262,144 ----a-w C:\ntuser.dat
2007-10-28 13:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 16:18 49,152 ----a-w C:\WINDOWS\deskspace15.dll
2006-07-18 18:16 266 --sh--w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2007-12-28_19.58.05.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-28 18:49:38 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-30 12:13:08 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-09-07 13:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-30 18:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\mllig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zjillbeare.com^Menu Start^Programma's^Opstarten^AdsGone.lnk]
path=
backup=C:\WINDOWS\pss\AdsGone.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
2005-05-25 12:12 517632 --a------ C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2001-09-07 12:00 13312 --a------ C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer.exe]
2001-09-07 12:00 1004544 --a------ c:\windows\explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Type City]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-09-23 19:30 292152 --------- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"szserver"=2 (0x2)
"gusvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)

S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-09-06 19:49]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 13:20:37
Windows 5.1.2600 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-30 13:21:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-12-27 20:47
C:\ComboFix3.txt ... 2007-12-28 16:28
C:\ComboFix2.txt ... 2007-12-28 19:58

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:01, on 30-12-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\problemen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://planet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d7282cf2641257ef05/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198856011410
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 4098 bytes

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

controle logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:53, on 30-12-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\problemen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://planet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d7282cf2641257ef05/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198856011410
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{01056F7B-400B-44F2-9277-9A4E8EB603DA}: NameServer = 192.168.1.254,192.169.1.254
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5201 bytes

Logje lijkt me schoon

Ik zie trouwens geen virusscanner in je logje staan?

AVG tog ?

kzie hem bij processen wel staan boven aan anyway, kheb AVG anti virus dus
bedankt man

Graag gedaan hoor

Inderdaad AVG, hij staat echter niet bij de services?
Werkt hij wel goed?

kan mss zijn dat ik hem toen ff had uitgezatte ofsow,

ben verder ook nie zo tevreden over avg maar die werkt wel ut snelst op men computer, is namelijk un oud ding en alleen avg en kaspersky draaide beetje redelijk, of heb je mss nog een aanbeveling van een virusscanner die niet zoveel geheugen gebruikt ?

doet sinds gister ook moeilijk met update dus kmoet hem zo wie zo re-installen

Ik hielp gisteren iemand die ernstige vertraging kreeg met AVG.
Avast draaide daar wel lekker soepel, die zou je dus ook kunnen proberen.

okee computer werkt weer soepel, kheb avg eraf gegooid en avast erop gedaan ( draait lekker)

bedankt voor de hulp

Graag gedaan hoor