Destke

Rechtermuisklik op het icoon van internet explorer en selecteer "Eigenschappen" In dit venster staat "uitvoeren" Klik op het menu daar en selecteer gemaximaliseerd.

Je kunt het natuurlijk altijd eens proberen.

Ik hoop voor jou dat het lukt. Hieraan had ik zelf niet gedacht.

SMC SMC2802W Driver Download Driver voor windows vista. Beperkt zich wel tot de home basic versie.

Dat heb je als je in béta werkt

Niet De 64bit versie zoeken en anders zal je je erbij neer moeten leggen.

Ik denk van wel, ik weet het niet zeker natuurlijk maar wat ik op andere forums lees is 70-80° toch licht alarmerend.

Ik zal dit volgende keer als ik de laptop nog is in handen krijg nakijken.

Al proberen er volledig af te gooien en opnieuw te installeren?

Hier al naartoe gesurfed? Probleemoplossing voor foutberichten met 'Stop 0x0000007B' in Windows XP

Probleem gevonden lijkt me zo... Uw grafische kaart raakt oververhit en uw pc slaagt tilt.

Zat een dvd bij maar stond nix van webcam op

Dat weet ik niet, ik denk het niet.

Ik denk dat kweezie wabbit gelijk heeft, heb ook een soortgelijk probleem gehad.

Raar genoeg staat hij er niet bij in aparaatbeheer :s

Er zat één file bij namelijk een readme met daarin: This device used native driver bundled in OS. ¦¹¸Ë¸m¨Ï¥Î§@·~¨t²Î¤º«ØªºÅX°Êµ{¦¡

Hello De laptop/notebook van mijn vriendin herkent sinds kort de ingebouwde webcam niet meer. Nergens te bespeuren. Het laptoptype is een MSI CR700 (Windows Vista editie) Iemand raad?

32bit werkt gewoon perfect onder 64bit.

Inderdaad. Heb er dan maar op haar nieuwe harde schijf bitdefender op gesmeten. Kwestie van deze keer toch iets of wat veilig te zijn. Maar alvast bedankt voor de wijze raad.

Dus harde schijf aankoppelen om de jpg bestanden eraf te halen is verloren moeite daar mijn nieuwe harde schijf geïnfecteerd zal raken? Of kan dit nog? Heb reeds een nieuwe windows instalatie op een nieuwe harde schijf gedaan.

combofix log ComboFix 09-11-18.01 - Thalassa 17/12/2009 19:28.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.177 [GMT 1:00] Running from: c:\documents and settings\Thalassa\Desktop\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\desktop.ini c:\documents and settings\Thalassa\Application Data\.# Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - c:\windows\system32\drivers\ndis(2).sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 ))))))))))))))))))))))))))))))) . 2009-12-17 13:39 . 2009-12-17 13:39 -------- d-----w- c:\documents and settings\Thalassa\Application Data\Malwarebytes 2009-12-17 13:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-17 13:39 . 2009-12-17 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-17 13:38 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-17 13:38 . 2009-12-17 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-17 12:28 . 2009-12-17 12:28 0 ----a-w- C:\pcwords2.dat 2009-12-17 12:28 . 2009-12-17 12:28 0 ----a-w- C:\pcwords.dat 2009-12-17 12:22 . 2009-12-17 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\documents and settings\Thalassa\Application Data\BitDefender 2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\program files\BitDefender 2009-12-17 12:20 . 2009-12-17 12:22 -------- d-----w- c:\program files\Common Files\BitDefender 2009-12-16 22:43 . 2009-12-16 22:43 -------- d-----w- c:\windows\system32\wbem\Repository 2009-12-16 22:37 . 2009-12-16 22:37 -------- d-----w- c:\program files\WomensMurderClub2_at 2009-12-16 17:40 . 2009-12-16 17:40 212480 ----a-w- c:\windows\system32\dllcache\ndis.sys 2009-12-16 17:37 . 2009-12-16 17:37 299 ----a-w- c:\windows\system32\uses32.dat 2009-12-16 16:57 . 2009-12-16 16:57 -------- d-----w- c:\documents and settings\Thalassa\Application Data\BSplayer PRO 2009-12-16 16:51 . 2009-12-16 16:51 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-16 22:43 . 2009-11-05 20:18 -------- d-----w- c:\program files\Portal 2009-12-16 22:39 . 2009-10-04 19:15 -------- d-----w- c:\documents and settings\Thalassa\Application Data\SystemRequirementsLab 2009-12-16 22:39 . 2009-09-19 18:04 -------- d-----w- c:\program files\Ubisoft 2009-12-16 22:39 . 2009-03-24 17:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-16 22:37 . 2009-10-04 18:37 -------- d-----w- c:\program files\MagicMus 2009-12-16 17:40 . 2006-01-13 01:23 212480 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-11-16 10:33 . 2009-03-06 22:13 -------- d-----w- c:\documents and settings\Thalassa\Application Data\LimeWire 2009-11-13 17:44 . 2009-11-13 10:29 22051 ----a-w- c:\documents and settings\Thalassa\Application Data\settings.dat 2009-11-13 10:23 . 2009-11-13 10:23 -------- d-----w- c:\program files\AutomationLabs 2009-11-11 19:08 . 2009-10-04 19:15 -------- d-----w- c:\program files\SystemRequirementsLab 2009-11-10 16:04 . 2009-11-10 16:04 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys 2009-11-10 16:03 . 2009-11-10 16:03 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys 2009-11-03 20:45 . 2009-05-13 18:15 -------- d-----w- c:\program files\LG Media Center 2009-10-04 22:15 . 2006-01-13 02:00 4252160 ----a-w- c:\windows\system32\logonuiX.exe 2009-10-04 21:37 . 2009-10-04 21:37 154128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-04 21:25 . 2009-10-04 21:25 152576 ----a-w- c:\documents and settings\Thalassa\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-04 19:48 . 2009-03-05 23:33 66144 ----a-w- c:\documents and settings\Thalassa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-04 19:15 . 2009-10-04 19:15 290816 ----a-w- c:\documents and settings\Thalassa\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll 2009-10-04 19:15 . 2009-10-04 19:15 290816 ----a-w- c:\documents and settings\Thalassa\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll 2009-10-04 19:15 . 2009-10-04 19:15 290816 ----a-w- c:\documents and settings\Thalassa\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll 2009-10-04 19:15 . 2009-10-04 19:15 290816 ----a-w- c:\documents and settings\Thalassa\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll 2009-10-19 17:59 . 2009-12-17 12:27 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ------- Sigcheck ------- [-] 2009-12-16 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2009-12-16 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\DllCache\ndis.sys [-] 2008-04-13 . 558635D3AF1C7546D26067D5D9B6959E . 182656 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe [-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-01-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-20 198160] "VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-22 1118144] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonuiX.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [4/10/2009 19:37 6528] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [10/11/2009 17:04 152456] R3 tcpsr;tcpsr;\??\c:\windows\System32\drivers\tcpsr.sys --> c:\windows\System32\drivers\tcpsr.sys [?] S2 gupdate1c9f8eeaa411bf1;Google Updateservice (gupdate1c9f8eeaa411bf1);c:\program files\Google\Update\GoogleUpdate.exe [29/06/2009 20:20 133104] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 16:06 183880] --- Other Services/Drivers In Memory --- *NewlyCreated* - TCPSR *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 19:20] 2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 19:20] 2009-12-17 c:\windows\Tasks\User_Feed_Synchronization-{D01867D1-169D-4540-97BF-8A3FEA45F837}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Thalassa\Application Data\Mozilla\Firefox\Profiles\3ghvl9fg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-17 19:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe >>UNKNOWN [0x822F6500]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf857afc3 \Driver\ACPI -> ACPI.sys @ 0xf84edcb8 \Driver\atapi -> atapi.sys @ 0xf847f816 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x8056d57b \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x8056d57b NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0x822ddba0 PacketIndicateHandler -> NDIS.sys @ 0x822eab21 SendHandler -> NDIS.sys @ 0x822c887b user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5896) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-12-17 19:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-17 18:52 Pre-Run: 22.546.190.336 bytes free Post-Run: 22.987.878.400 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 88473AC28B4D0377C98BED3B57B1251C

Het zit zo, de vriendin zit met een illegale kopij van windows en kan dus zoizo al niet veel doen qua updates. Hoegenaamd sinds ik Windows vista/7 heb aangekocht heb ik dus mijn legale windows xp nog. Dus ik dacht dat het misschien beter was deze op een harddisk te zetten. Nu weet ik wel niet of het zo verstandig is om van de disk met al die rootkits dan dingen af te halen zoals leuke afbeeldingen enzo. Maar hoegenaamd hier het hjt logje na de fixes. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07:21, on 17/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MagicMus\MulMouse.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MagicMus\MagicWl.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Thalassa\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Magic-Pro VideoCam 300Pro O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Google Updateservice (gupdate1c9f8eeaa411bf1) (gupdate1c9f8eeaa411bf1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- End of file - 5881 bytes

Hey allen, Ik zit op mijn vriendin haar pc na deze gisteren gecrashed is. Heb een full mallwarebytes scan gedaan. Vreselijk was deze, en vele rootkits en worms, virussen en trojans werden gevonden. Een complete hel dus. Nu was mijn vraag. Herinstalatie en erna van die schijf haar foto's halen of gwn herinstalatie en die schijf weggooien omdat er anders virussen op de nieuwe pc komen? Hier alvast de logjes: HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:45, on 17/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Thalassa\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Magic-Pro VideoCam 300Pro O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Google Updateservice (gupdate1c9f8eeaa411bf1) (gupdate1c9f8eeaa411bf1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Thalassa/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 6309 bytes Mallwarebytes: Malwarebytes' Anti-Malware 1.41 Database versie: 3186 Windows 5.1.2600 Service Pack 2 17/12/2009 18:09:14 mbam-log-2009-12-17 (18-09-14).txt Scan type: Volledige Scan (C:\|) Objecten gescand: 184184 Verstreken tijd: 3 hour(s), 12 minute(s), 16 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 3 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 21 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\Local Settings\Temp\WinRAR-Updates.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\Local Settings\Temp\150.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\Local Settings\Temp\170.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\Local Settings\Temp\652.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\Local Settings\Temp\821.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe.delme70 (Worm.Autorun. -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP134\A0035247.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP134\A0035140.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP134\A0035191.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035274.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035283.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035297.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035300.exe (Worm.Kolab) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035304.sys (Rootkit.Otlard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035307.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP135\A0035311.exe (Worm.Kolab) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A34C74E8-8DA9-4196-AEE1-A792283C4786}\RP136\A0035690.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\a99k.bin (Trojan.Goldun) -> Quarantined and deleted successfully. C:\Documents and Settings\Thalassa\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pxysdb.dat (Trojan.Goldun) -> Quarantined and deleted successfully.

Zo nieuw logje waarin nix te zien is eigenlijk maar goed. mbam-log-2009-11-15 (19-01-11).txt

Ja dit is mogelijk