Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

irritante pop-ups en trojan horse meldingen

None
12 antwoorden
  • ik krijg sinds kort irritante pop-ups van internet beveiling, lotto en muziek sites verder geeft mijn virusscanner (AVG) aan dat er trojan horses op mijn pc staan. hier mijn log file:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:41:47, on 25-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Daemon tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Hijackthis\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.americasarmy.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.53.4.174:255
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {50E8DE18-E9D9-4848-A814-98AE3663D757} - C:\WINDOWS\system32\gebca.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {ACAE4599-3304-4D8B-BA5F-A968D650EF9F} - C:\WINDOWS\system32
    nnomjg.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [\\Harold-re1wechy\EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P44 "\\Harold-re1wechy\EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dphqiboy.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\spybot S&D 1.3\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.raketnet.nl
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
    O20 - Winlogon Notify: nnnomjg - C:\WINDOWS\SYSTEM32
    nnomjg.dll
    O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6743 bytes


  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:779ee0fe46]
    O2 - BHO: (no name) - {50E8DE18-E9D9-4848-A814-98AE3663D757} - C:\WINDOWS\system32\gebca.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {ACAE4599-3304-4D8B-BA5F-A968D650EF9F} - C:\WINDOWS\system32
    nnomjg.dll
    O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
    O20 - Winlogon Notify: nnnomjg - C:\WINDOWS\SYSTEM32
    nnomjg.dll
    O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
    [/b:779ee0fe46]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:779ee0fe46]Combofix[/b:779ee0fe46] naar je Bureaublad.
    Dubbelklik [b:779ee0fe46]Combofix.exe[/b:779ee0fe46]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:779ee0fe46]NIET[/b:779ee0fe46] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:779ee0fe46]combofix.txt[/b:779ee0fe46] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

  • log van combofix:
    "Camillo" - 2007-05-25 15:00:11 Service Pack 2
    ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Camillo\Bureaublad\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dphqiboy.dll
    C:\WINDOWS\system32\yobiqhpd.ini
    C:\WINDOWS\system32\acbeg.bak1
    C:\WINDOWS\system32\acbeg.bak2
    C:\WINDOWS\system32\acbeg.ini
    C:\WINDOWS\system32\acbeg.bak1
    C:\WINDOWS\system32\acbeg.bak2
    C:\WINDOWS\system32\acbeg.ini
    C:\WINDOWS\system32\gebca.dll
    C:\WINDOWS\system32
    nnomjg.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\NDNuninstall4_85.exe"
    "C:\WINDOWS\DOWNLO~1.\rave\avirexe.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\avirscr.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\base.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\daily.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\daily.vdt"
    "C:\WINDOWS\DOWNLO~1.\rave\filters.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\kernel.vdk"
    "C:\WINDOWS\DOWNLO~1.\rave\keyring.vdk"
    "C:\WINDOWS\DOWNLO~1.\rave\mapi_vdm.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\modules.vdk"
    "C:\WINDOWS\DOWNLO~1.\rave\rav8def.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\rufs.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\rufsplg.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\unarch.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\unmail.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave\unpack.vdm"
    "C:\WINDOWS\DOWNLO~1.\rave"


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_NWSAPAGENT
    ——-
    m
    ——-\NwSapAgent


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


    2007-05-25 12:40 <DIR> d——– C:\Hijackthis
    2007-05-20 13:01 <DIR> dr-h—– C:\DOCUME~1\Camillo\Onlangs geopend
    2007-05-09 15:19 22,584 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-05-08 22:22 99,904 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-05-08 22:22 63,040 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-05-08 22:12 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2007-05-08 19:32 <DIR> d——– C:\Program Files\America's Army Server Manager
    2007-05-07 07:48 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-05-06 21:57 <DIR> d——– C:\DOCUME~1\Camillo\APPLIC~1\Ahead
    2007-05-06 21:54 <DIR> d——– C:\Program Files\Nero
    2007-05-06 21:54 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-05-06 21:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-05-06 21:14 <DIR> d——– C:\Nero 7
    2007-05-05 21:07 <DIR> d——– C:\Program Files\Gabest
    2007-05-05 18:02 <DIR> d——– C:\Vobsub
    2007-05-05 17:59 <DIR> d——– C:\Virtual dub


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-18 09:20:43 ——– d—–w C:\DOCUME~1\Camillo\APPLIC~1\Azureus
    2007-05-08 20:05:23 ——– d—–w C:\Program Files\America's Army
    2007-05-06 19:42:51 ——– d—–w C:\Program Files\Ahead
    2007-04-23 17:19:31 ——– d—–w C:\Program Files\PokerStars
    2007-04-20 17:07:14 3,082 —-a-w C:\WINDOWS\system32\affv9553p4now.sys
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-10 08:58:21 921 —-a-w C:\WINDOWS\QSFVExit.bat
    2007-04-08 19:25:17 ——– d—–w C:\Program Files\Activision Value
    2007-03-25 09:04:48 53,418 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-25 09:04:48 364,330 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 17:27:58 972,336 —-a-w C:\WINDOWS\UNRecode.exe
    2007-03-14 17:20:38 133,168 —-a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-03-14 17:20:36 11,568 —-a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2007-03-14 17:19:26 972,336 —-a-w C:\WINDOWS\UNNeroBackItUp.exe
    2007-03-12 11:51:08 972,336 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-03-10 16:56:43 ——– d—–w C:\DOCUME~1\Camillo\APPLIC~1\Netscape
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-02-28 18:53:50 972,336 —-a-w C:\WINDOWS\UNNeroVision.exe
    2007-02-28 13:41:02 972,336 —-a-w C:\WINDOWS\UNNeroShowTime.exe
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll
    2005-05-15 13:05:19 10,022 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2004-09-03 15:08:11 57,344 –sha-w C:\WINDOWS\lbbho.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" []
    "DAEMON Tools-1033"="C:\Daemon tools\daemon.exe" [2003-10-02 03:20]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-22 10:32]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-29 21:08]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
    "\\Harold-re1wechy\EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-03-08 06:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2005-08-17 23:06]
    "SpybotSD TeaTimer"="C:\spybot S&D 1.3\Spybot - Search & Destroy\TeaTimer.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Symantec NetDriver Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afe0c459-a412-11d9-a978-000c764295f9}]
    AutoRun\command- G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3eae022-a339-11db-82ff-000c764295f9}]
    AutoRun\command- G:\LaunchU3.exe -a



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070525-145726-887
    O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwly32]
    "Asynchronous"=dword:00000001
    "DllName"="winwly32.dll"
    "Impersonate"=dword:00000000
    "Startup"="EvtStartup"
    "Shutdown"="EvtShutdown"



    backup-20070525-145725-920
    O20 - Winlogon Notify: nnnomjg - C:\WINDOWS\SYSTEM32
    nnomjg.dll

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    nnomjg]
    "Asynchronous"=dword:00000001
    "DllName"="nnnomjg.dll"
    "Impersonate"=dword:00000000
    "Logon"="Logon"
    "Logoff"="Logoff"



    backup-20070525-145724-720
    O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebca]
    "Asynchronous"=dword:00000001
    "DllName"="C:\\WINDOWS\\system32\\gebca.dll"
    "Impersonate"=dword:00000000
    "Startup"="RealLogon"
    "Logoff"="RealLogoff"



    backup-20070525-145724-636
    O2 - BHO: (no name) - {ACAE4599-3304-4D8B-BA5F-A968D650EF9F} - C:\WINDOWS\system32
    nnomjg.dll

    backup-20070525-145724-856
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    backup-20070525-145724-378
    O2 - BHO: (no name) - {50E8DE18-E9D9-4848-A814-98AE3663D757} - C:\WINDOWS\system32\gebca.dll
    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-25 15:11:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …


    ********************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\Harold-re1wechy\\EPSON Stylus DX4200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAEE.EXE /P44 \"\Harold-re1wechy\\EPSON Stylus DX4200 Series\" /O6 \"USB001\" /M \"Stylus DX4200\""

    Completion time: 2007-05-25 15:12:24 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-05-25 15:11

    — E O F —




  • log van Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:16:11, on 25-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Daemon tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
    C:\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Hijackthis\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.americasarmy.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.53.4.174:255
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [\\Harold-re1wechy\EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P44 "\\Harold-re1wechy\EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\spybot S&D 1.3\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.raketnet.nl
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6245 bytes
  • Download en plaats het op je bureaublad:[list:1984935d69]Start OTMoveIt door dubbel te klikken op [b:1984935d69]OTMoveIt.exe[/b:1984935d69]
    [*:1984935d69]Kopiëer (selecteren en druk Ctrl-C) de onderstaande, vetgedrukte tekst:
    [b:1984935d69]

    C:\WINDOWS\lbbho.dll
    [/b:1984935d69]
    [*:1984935d69]Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster.
    [*:1984935d69]Klik daarna op de
  • C:\WINDOWS\lbbho.dll unregistered successfully.
    C:\WINDOWS\lbbho.dll moved successfully.

    Created on 05-25-2007 19:33:03


    log van DrWeb:

    backup-20070525-145724-378.dll;C:\Hijackthis\backups;Trojan.Virtumod;Deleted.;
    backup-20070525-145724-636.dll;C:\Hijackthis\backups;Trojan.Virtumod;Deleted.;
    NDNuninstall4_85.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Adware.NewDotNet;Incurable.Moved.;
    dphqiboy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    gebca.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    nnnomjg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    s4Setp.exe\data001;C:\WINDOWS\s4Setp.exe;Adware.MyWay;;
    s4Setp.exe\data002;C:\WINDOWS\s4Setp.exe;Adware.MyWay;;
    s4Setp.exe;C:\WINDOWS;Archive contains infected objects;Moved.;
    lbbho.dll;C:\_OTMoveIt\MovedFiles\WINDOWS;Adware.Neobar;Incurable.Moved.;
  • Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:54:47, on 26-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Daemon tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
    C:\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Hijackthis\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.americasarmy.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.53.4.174:255
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [\\Harold-re1wechy\EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P44 "\\Harold-re1wechy\EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\spybot S&D 1.3\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.raketnet.nl
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6167 bytes
  • Ga naar start > configuratiescherm > software en verwijder uit de lijst indien nog aanwezig

    [b:d38febe390]MyWay[/b:d38febe390]

    start je verkenner en zoek naar onderstaande map en verwijder die.

    C:\[b:d38febe390]QooBox[/b:d38febe390] (dikgedrukt)
  • heb ik gedaan, bedankt voor de hulp juisterr :D
    kan ik nu combofix, moveIt en Drweb weer verwijderen ?
  • Ja spongebobsquarepants, je mag alle aangeboden tools verwijderen.

    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips

    Als je nog vragen hebt, nu is je kans.
  • systeem herstel stond bij mij al uit, heb ik zelf ooit een keer gedaan.
    dus dan is herinfectie niet mogelijk toch ?
  • Niet door systeemherstel iig. Zet je het nu wel weer aan dan?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.