Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virus - bestanden zijn verborgen

None
61 antwoorden
  • [i:8034734c23]
  • U kunt beter deze onderwerp plaatsen in

    Beveiliging & privacy

    Daar kunnen ze u beter helpen.
  • Hallo KS, verwijder Spyhunter.
    De reputatie van dit tool is maar matig.

    [b:18405c541f]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:18405c541f]
  • Hee Abraham54

    FF goed kijken tis geen Ks maar thuatha die deze onderwerp plaatste. :roll:
  • Hallo Abraham,

    Ik heb inmiddels wat veranderd aan de pc, ik heb updates laten lopen, ik plaats nu een nieuwe Hijackthislog en ga dan dat andere doen.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:35:20, on 15-4-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Anna\Desktop\DOWNLOADS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ixquick.com/ned/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-543510411-2024222560-3779819271-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-543510411-2024222560-3779819271-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


    End of file - 5859 bytes


  • Het TDSSKStarter log

    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_15-04-2012_1843_.log
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Sorry klaas.

    Hoi thuatha, dat eerste log is prima, nu ComboFix doen.
  • Hoi Abraham,

    Zit nu op de pc van mijn dochter, combofix loopt al een tijdje, er staat dat het normaal zo'n 10 minuten duurt en bij zwaar besmette pc's het dubbele.
    Hij is nu al een uur bezig….
  • Hier dan eindelijk de log van ComboFix.


    ComboFix 12-04-15.02 - Anna 15-04-2012 19:13:21.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3262.2227 [GMT 2:00]
    Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\izzdYgKFlIx4ij
    c:\windows\system32\muzapp.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-15 17:57 . 2012-04-15 17:57 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-15 17:57 . 2012-04-15 17:57 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-04-15 16:42 . 2012-04-15 16:52 ——– d—–w- C:\TDSSStarter
    2012-04-15 15:14 . 2012-04-15 15:14 29904 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\MpKsle2883095.sys
    2012-04-15 15:14 . 2012-04-15 15:14 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\offreg.dll
    2012-04-15 00:50 . 2012-03-13 17:15 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\mpengine.dll
    2012-04-14 12:04 . 2012-04-15 15:14 ——– d—–w- c:\windows\system32\wbem\repository
    2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- C:\sh4ldr
    2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- c:\program files\Enigma Software Group
    2012-04-14 08:58 . 2012-04-14 08:58 ——– d—–w- c:\users\Anna\EurekaLog
    2012-04-13 00:26 . 2012-04-13 00:26 ——– d—–w- c:\programdata\Colibri Games
    2012-04-03 23:14 . 2012-04-14 11:47 ——– d—–w- c:\users\Anna\AppData\Roaming\TOMI3
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-10 17:28 . 2012-02-10 17:29 713784 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B1E7EA-0C93-4701-849A-3113DF7BBEE8}\gapaengine.dll
    2012-01-31 12:44 . 2011-10-13 19:59 237072 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-03-29 17834880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Anna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MSN Pictures Displayer.lnk]
    path=c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk
    backup=c:\windows\pss\MSN Pictures Displayer.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-11-17 19:29 75048 —-a-w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2008-08-26 13:58 206064 —-a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2010-10-13 07:47 3366200 —-a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
    2011-08-03 11:50 309352 —-a-w- c:\windows\System32
    vhotkey.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2007-05-09 15:01 36864 —-a-w- c:\windows\OEM02Mon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
    2010-02-02 22:08 87336 —-a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    2012-03-29 15:58 17834880 —-a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S1 MpKsle2883095;MpKsle2883095;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\MpKsle2883095.sys [2012-04-15 29904]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/13 22:53];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 19:29 87536]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 95568]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-08-03 379496]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-10 1044808]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 18120]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS
    etw5v32.sys [2009-07-13 4231168]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - MPKSLE2883095
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = https://ixquick.com/ned/
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-04-15 20:20:44
    ComboFix-quarantined-files.txt 2012-04-15 18:20
    .
    Pre-Run: 123.701.510.144 bytes beschikbaar
    Post-Run: 123.454.201.856 bytes beschikbaar
    .
    - - End Of File - - BF548501A3AF22D712CB32C6E408D07F


  • Ik heb even gekeken of er iets veranderd is.

    Op de E schijf zijn de wanneer verborgen bestanden zijn uitgevinkt toch weer zichtbaar.
    Alleen de inhoud niet.
    Wanneer ik de verborgen bestanden aanvink, dan is alles weer zichtbaar, alleen doorzichtig.
    Dus de mappen van de E schijf zijn weer op de normale manier zichtbaar zonder inhoud.
    Op de C schijf: geen favorieten, afbeeldingen zijn nog doorzichtig.
    Dat lijkt mij hetgeen er nu anders is.
  • Doe nu eerst het volgende:

    open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:92c1a4b401]Kladblok (of Notepad)[/b:92c1a4b401]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:92c1a4b401]
  • ComboFix draait opnieuw.
  • Hier de nieuwe Combofixlog.


    ComboFix 12-04-15.02 - Anna 15-04-2012 23:09:44.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3262.2191 [GMT 2:00]
    Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Anna\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    .
    FILE ::
    "c:\windows\system32\drivers\pavboot.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\sh4ldr
    c:\sh4ldr\initrd.gz
    c:\sh4ldr\shldr
    c:\sh4ldr\shldr.mbr
    c:\sh4ldr\vmlinuz
    c:\windows\system32\drivers\pavboot.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_PAVBOOT
    ——-\Service_pavboot
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-15 21:52 . 2012-04-15 21:52 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-15 21:52 . 2012-04-15 21:52 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-04-15 19:18 . 2012-04-15 22:00 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\offreg.dll
    2012-04-15 19:18 . 2012-04-15 19:18 29904 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\MpKsl4878a576.sys
    2012-04-15 19:15 . 2012-03-13 17:15 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\mpengine.dll
    2012-04-15 16:42 . 2012-04-15 16:52 ——– d—–w- C:\TDSSStarter
    2012-04-14 12:04 . 2012-04-15 22:00 ——– d—–w- c:\windows\system32\wbem\repository
    2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- c:\program files\Enigma Software Group
    2012-04-14 08:58 . 2012-04-14 08:58 ——– d—–w- c:\users\Anna\EurekaLog
    2012-04-13 00:26 . 2012-04-13 00:26 ——– d—–w- c:\programdata\Colibri Games
    2012-04-03 23:14 . 2012-04-14 11:47 ——– d—–w- c:\users\Anna\AppData\Roaming\TOMI3
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-13 17:15 . 2011-10-13 23:45 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-10 17:28 . 2012-02-10 17:29 713784 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B1E7EA-0C93-4701-849A-3113DF7BBEE8}\gapaengine.dll
    2012-01-31 12:44 . 2011-10-13 19:59 237072 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-15_18.01.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-13 19:43 . 2012-04-15 18:36 35760 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2012-04-15 22:02 51466 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-10-13 19:28 . 2012-04-15 22:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-10-13 19:28 . 2012-04-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-10-13 19:28 . 2012-04-15 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-13 19:28 . 2012-04-15 15:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2012-04-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2012-04-15 22:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:34 . 2012-04-15 18:42 87224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-10-13 19:37 . 2012-04-15 22:02 9344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-543510411-2024222560-3779819271-1001_UserData.bin
    - 2011-10-13 19:37 . 2012-04-15 03:58 9344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-543510411-2024222560-3779819271-1001_UserData.bin
    + 2012-04-15 18:34 . 2012-04-15 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-15 15:13 . 2012-04-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-15 18:34 . 2012-04-15 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-15 15:13 . 2012-04-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 08:27 . 2012-04-15 15:18 703664 c:\windows\System32\perfh013.dat
    + 2009-07-14 08:27 . 2012-04-15 22:05 703664 c:\windows\System32\perfh013.dat
    + 2009-07-14 02:05 . 2012-04-15 22:05 618108 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2012-04-15 15:18 618108 c:\windows\System32\perfh009.dat
    + 2009-07-14 08:27 . 2012-04-15 22:05 134564 c:\windows\System32\perfc013.dat
    - 2009-07-14 08:27 . 2012-04-15 15:18 134564 c:\windows\System32\perfc013.dat
    - 2009-07-14 02:05 . 2012-04-15 15:18 107388 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:05 . 2012-04-15 22:05 107388 c:\windows\System32\perfc009.dat
    + 2009-07-14 04:47 . 2012-04-15 18:32 252228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:47 . 2012-04-15 04:57 252228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-19 22:44 . 2012-04-15 18:32 1767048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-543510411-2024222560-3779819271-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-03-29 17834880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Anna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MSN Pictures Displayer.lnk]
    path=c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk
    backup=c:\windows\pss\MSN Pictures Displayer.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-11-17 19:29 75048 —-a-w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2008-08-26 13:58 206064 —-a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2010-10-13 07:47 3366200 —-a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
    2011-08-03 11:50 309352 —-a-w- c:\windows\System32
    vhotkey.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2007-05-09 15:01 36864 —-a-w- c:\windows\OEM02Mon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
    2010-02-02 22:08 87336 —-a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    2012-03-29 15:58 17834880 —-a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S1 MpKsl4878a576;MpKsl4878a576;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\MpKsl4878a576.sys [2012-04-15 29904]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/13 22:53];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 19:29 87536]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 95568]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-08-03 379496]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-10 1044808]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 18120]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS
    etw5v32.sys [2009-07-13 4231168]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = https://ixquick.com/ned/
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(3856)
    c:\program files\RocketDock\RocketDock.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32
    vvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\NVIDIA Corporation\Display
    vxdsync.exe
    c:\windows\system32
    vvsvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-04-16 00:21:04 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-04-15 22:20
    ComboFix2.txt 2012-04-15 18:20
    .
    Pre-Run: 122.981.560.320 bytes beschikbaar
    Post-Run: 122.635.878.400 bytes beschikbaar
    .
    - - End Of File - - 2936091D50E3CBB123D3293EE3259B7E





  • Laat nu unhide draaien.
  • Hier dan de Unhide-log.


    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 04/16/2012 12:26:22 AM
    Windows Version: Windows 7

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 192116 files processed.

    Processing the E:\ drive
    Finished processing the E:\ drive. 1783 files processed.

    The C:\Users\Anna\AppData\Local\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    * Start_TrackDocs was set to 0! It was set back to 1!
    * Start_TrackProgs was set to 0! It was set back to 1!

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 04/16/2012 12:31:17 AM
    Execution time: 0 hours(s), 4 minute(s), and 54 seconds(s)


    Ik start de pc hierna even opnieuw op en laat weten hoe het eruit ziet.
    Zie al dat vele dingen zichtbaar zijn….
  • Abraham, je bent geweldig!!
    Zo te zien heb ik alles weer op de normale manier zichtbaar.
    Echt heel hartelijk dank dat u mij hebt willen helpen.
    Ik heb die logs zelf ook bekeken en hoe is het mogelijk dat u hier een probleem uit kunt halen, vind het echt heel bijzonder

    Alleen heb ik toch nog wat vraagjes.
    Wat was het probleem, was het die sh4ldr?
    Enig idee hoe ik hieraan gekomen ben?
    Installeert dit programma stiekem op de achtergrond zonder er iets van te vernemen?
    Misschien kunt u mij hier antwoord opgeven zodat ik het de volgende keer kan voorkomen.
    In de combofixlog las ik iets over "ORPHANS verwijderd" wat bedoelen ze hier mee?
    Dit ging allemaal over SAMSUNG USB drivers.

    Kan ik er nu vanuit gaan dat het virus of trojan verwijderd is en dat de pc weer veilig is?
  • Abraham, ik bemerk toch nog één probleempje, misschien heeft u hier ook een oplossing voor.
    Wanneer ik een map open waar afbeeldingen in staan, dan zie ik geen voorbeeldafbeeldingen meer.
    Niet bij grote en ook niet bij extra grote pictogrammen, normaal krijg je dan van die kleine afbeeldingen.
    Hoop dat u hier ook nog een oplossing voor weet.
  • Ga naar Configuratiescherm\Mapopties en klik vervolgens op de tab Weergave.

    Controleer nu of [b:1e904c6ca2]Altijd pictogrammen weergeven, nooit miniaturen[/b:1e904c6ca2] van een vinkje is voorzien.
    Zoja, dan het vinkje weghalen.

    Malware kan via vele wegen in Windows terchtkomen.
    Enerzijds gebeurt dat middels het gebruik van bijvoorbeeld keygens e.d.
    Anderzijds gebeurt dat doordat applicatie-software in Windows niet up to date is.
    Daarbij moet je vooral denken aan Java en Adobes Flashplayer en Reader.

    [b:1e904c6ca2]Doe de ESET online scan (Klik).[/b:1e904c6ca2]
    [list:1e904c6ca2]
    [*:1e904c6ca2]Klik op de knop [b:1e904c6ca2]ESET Online Scanner[/b:1e904c6ca2]
    [*:1e904c6ca2]Zet een vinkje bij [b:1e904c6ca2]YES, I accept the Terms of Use[/b:1e904c6ca2]
    [*:1e904c6ca2]Klik op [b:1e904c6ca2]Start[/b:1e904c6ca2]
    [*:1e904c6ca2]Sta het ActiveX control toe om te installeren.
    [*:1e904c6ca2]Zet een vinkje bij de volgende opties:
    [list:1e904c6ca2][*:1e904c6ca2][b:1e904c6ca2]Remove found threats[/b:1e904c6ca2]
    [*:1e904c6ca2][b:1e904c6ca2]Scan archives[/b:1e904c6ca2][/list:u:1e904c6ca2]
    [*:1e904c6ca2]Klik vervolgens op [b:1e904c6ca2]
  • Hallo Abraham,

    Alles zag er heel goed uit, en toen heb iets doms gedaan.
    Ik heb de windows updates uitgevoerd en daar ging het mis.
    Achteraf besefte ik dat u nog duidelijk was geweest en ben in mijn enthousiasme regel 4 van u vergeten.
    Het spijt me echt heel erg en wanneer u besluit om uw handen hiervan terug te trekken, dan kan ik dat zeker begrijpen.
    Het spijt mij echt oprecht.
  • Maak je niet zo druk hoor, patchday was verleden week al.
    En aangezien we al ver zijn opgeschoten maakt het nu niet uit.
    Maar wat is er nu misgegaan met het updaten?

    Download MiniToolBox en plaats dit tool op jouw bureaublad.

    [b:1535409900]"Farbar MiniToolBox" gebruiken[/b:1535409900]:
    [list:1535409900][*:1535409900] [b:1535409900]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.