Vraag & Antwoord

Beveiliging & privacy

Virus - bestanden zijn verborgen

Anoniem
None
61 antwoorden
 • Hallo KS, verwijder Spyhunter.
  De reputatie van dit tool is maar matig.

  [b:18405c541f]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:18405c541f]
 • [i:8034734c23]
 • U kunt beter deze onderwerp plaatsen in

  Beveiliging & privacy

  Daar kunnen ze u beter helpen.
 • Hee Abraham54

  FF goed kijken tis geen Ks maar thuatha die deze onderwerp plaatste. :roll:
 • Hallo Abraham,

  Ik heb inmiddels wat veranderd aan de pc, ik heb updates laten lopen, ik plaats nu een nieuwe Hijackthislog en ga dan dat andere doen.


  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 18:35:20, on 15-4-2012
  Platform: Windows 7 SP1 (WinNT 6.00.3505)
  MSIE: Internet Explorer v9.00 (9.00.8112.16421)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\taskhost.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Unlocker\UnlockerAssistant.exe
  C:\Program Files\Microsoft Security Client\msseces.exe
  C:\Program Files\RocketDock\RocketDock.exe
  C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\system32\wuauclt.exe
  C:\Windows\system32\taskhost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Users\Anna\Desktop\DOWNLOADS\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ixquick.com/ned/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
  O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
  O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-543510411-2024222560-3779819271-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
  O4 - HKUS\S-1-5-21-543510411-2024222560-3779819271-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
  O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
  O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
  O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
  O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
  O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
  O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
  O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
  O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


  End of file - 5859 bytes
 • Het TDSSKStarter log

  .
  ==============================================
  System Restore Point Check:
  .
  TDSSKiller Starter Restore Point Created Succesfully
  ==============================================
  .
  ==============================================
  C:\TDSSStarter\Report_15-04-2012_1843_.log
  ==============================================
  Registry Export
  .
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  ==============================================
  EOF
 • Sorry klaas.

  Hoi thuatha, dat eerste log is prima, nu ComboFix doen.
 • Hoi Abraham,

  Zit nu op de pc van mijn dochter, combofix loopt al een tijdje, er staat dat het normaal zo'n 10 minuten duurt en bij zwaar besmette pc's het dubbele.
  Hij is nu al een uur bezig….
 • Hier dan eindelijk de log van ComboFix.


  ComboFix 12-04-15.02 - Anna 15-04-2012 19:13:21.1.2 - x86
  Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3262.2227 [GMT 2:00]
  Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe
  AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  .
  .
  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  c:\programdata\izzdYgKFlIx4ij
  c:\windows\system32\muzapp.exe
  .
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))
  .
  .
  2012-04-15 17:57 . 2012-04-15 17:57 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
  2012-04-15 17:57 . 2012-04-15 17:57 ——– d—–w- c:\users\Default\AppData\Local\temp
  2012-04-15 16:42 . 2012-04-15 16:52 ——– d—–w- C:\TDSSStarter
  2012-04-15 15:14 . 2012-04-15 15:14 29904 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\MpKsle2883095.sys
  2012-04-15 15:14 . 2012-04-15 15:14 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\offreg.dll
  2012-04-15 00:50 . 2012-03-13 17:15 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\mpengine.dll
  2012-04-14 12:04 . 2012-04-15 15:14 ——– d—–w- c:\windows\system32\wbem\repository
  2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- C:\sh4ldr
  2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- c:\program files\Enigma Software Group
  2012-04-14 08:58 . 2012-04-14 08:58 ——– d—–w- c:\users\Anna\EurekaLog
  2012-04-13 00:26 . 2012-04-13 00:26 ——– d—–w- c:\programdata\Colibri Games
  2012-04-03 23:14 . 2012-04-14 11:47 ——– d—–w- c:\users\Anna\AppData\Roaming\TOMI3
  .
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2012-02-10 17:28 . 2012-02-10 17:29 713784 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B1E7EA-0C93-4701-849A-3113DF7BBEE8}\gapaengine.dll
  2012-01-31 12:44 . 2011-10-13 19:59 237072 ——w- c:\windows\system32\MpSigStub.exe
  .
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4
  .
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
  "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-03-29 17834880]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "ConsentPromptBehaviorAdmin"= 0 (0x0)
  "ConsentPromptBehaviorUser"= 0 (0x0)
  "EnableLUA"= 0 (0x0)
  "EnableUIADesktopToggle"= 0 (0x0)
  "PromptOnSecureDesktop"= 0 (0x0)
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  @="Service"
  .
  [HKLM\~\startupfolder\C:^Users^Anna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MSN Pictures Displayer.lnk]
  path=c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk
  backup=c:\windows\pss\MSN Pictures Displayer.lnk.Startup
  backupExtension=.Startup
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
  2010-11-17 19:29 75048 —-a-w- c:\program files\CyberLink\Shared files\brs.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
  2008-08-26 13:58 206064 —-a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
  2010-10-13 07:47 3366200 —-a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
  2011-08-03 11:50 309352 —-a-w- c:\windows\System32\nvhotkey.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
  2007-05-09 15:01 36864 —-a-w- c:\windows\OEM02Mon.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
  2010-02-02 22:08 87336 —-a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
  2012-03-29 15:58 17834880 —-a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  .
  R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
  R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
  R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
  R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
  R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
  R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
  R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
  S1 MpKsle2883095;MpKsle2883095;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE798FB-EB66-43C8-8C56-BBB2859173B0}\MpKsle2883095.sys [2012-04-15 29904]
  S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/13 22:53];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 19:29 87536]
  S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
  S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 95568]
  S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
  S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
  S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
  S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-10 1044808]
  S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 18120]
  S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
  S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
  S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
  S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
  .
  .
  — Andere Services/Drivers In Geheugen —
  .
  *NewlyCreated* - MPKSLE2883095
  .
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = https://ixquick.com/ned/
  IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  TCP: DhcpNameServer = 192.168.1.1
  .
  - - - - ORPHANS VERWIJDERD - - - -
  .
  AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
  AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
  AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
  AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
  AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
  AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
  AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
  AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
  AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
  AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
  AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
  AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
  AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
  AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
  AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
  AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
  AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
  AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
  AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
  AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
  AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
  .
  .
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
  "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  @Denied: (Full) (Everyone)
  .
  Voltooingstijd: 2012-04-15 20:20:44
  ComboFix-quarantined-files.txt 2012-04-15 18:20
  .
  Pre-Run: 123.701.510.144 bytes beschikbaar
  Post-Run: 123.454.201.856 bytes beschikbaar
  .
  - - End Of File - - BF548501A3AF22D712CB32C6E408D07F
 • Ik heb even gekeken of er iets veranderd is.

  Op de E schijf zijn de wanneer verborgen bestanden zijn uitgevinkt toch weer zichtbaar.
  Alleen de inhoud niet.
  Wanneer ik de verborgen bestanden aanvink, dan is alles weer zichtbaar, alleen doorzichtig.
  Dus de mappen van de E schijf zijn weer op de normale manier zichtbaar zonder inhoud.
  Op de C schijf: geen favorieten, afbeeldingen zijn nog doorzichtig.
  Dat lijkt mij hetgeen er nu anders is.
 • Doe nu eerst het volgende:

  open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:92c1a4b401]Kladblok (of Notepad)[/b:92c1a4b401]".

  Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


  [b:92c1a4b401]
 • ComboFix draait opnieuw.
 • Hier de nieuwe Combofixlog.


  ComboFix 12-04-15.02 - Anna 15-04-2012 23:09:44.2.2 - x86
  Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3262.2191 [GMT 2:00]
  Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe
  gebruikte Opdracht switches :: c:\users\Anna\Desktop\CFScript.txt
  AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  .
  FILE ::
  "c:\windows\system32\drivers\pavboot.sys"
  .
  .
  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  C:\sh4ldr
  c:\sh4ldr\initrd.gz
  c:\sh4ldr\shldr
  c:\sh4ldr\shldr.mbr
  c:\sh4ldr\vmlinuz
  c:\windows\system32\drivers\pavboot.sys
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  ——-\Legacy_PAVBOOT
  ——-\Service_pavboot
  .
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))
  .
  .
  2012-04-15 21:52 . 2012-04-15 21:52 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
  2012-04-15 21:52 . 2012-04-15 21:52 ——– d—–w- c:\users\Default\AppData\Local\temp
  2012-04-15 19:18 . 2012-04-15 22:00 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\offreg.dll
  2012-04-15 19:18 . 2012-04-15 19:18 29904 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\MpKsl4878a576.sys
  2012-04-15 19:15 . 2012-03-13 17:15 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\mpengine.dll
  2012-04-15 16:42 . 2012-04-15 16:52 ——– d—–w- C:\TDSSStarter
  2012-04-14 12:04 . 2012-04-15 22:00 ——– d—–w- c:\windows\system32\wbem\repository
  2012-04-14 09:07 . 2012-04-14 09:07 ——– d—–w- c:\program files\Enigma Software Group
  2012-04-14 08:58 . 2012-04-14 08:58 ——– d—–w- c:\users\Anna\EurekaLog
  2012-04-13 00:26 . 2012-04-13 00:26 ——– d—–w- c:\programdata\Colibri Games
  2012-04-03 23:14 . 2012-04-14 11:47 ——– d—–w- c:\users\Anna\AppData\Roaming\TOMI3
  .
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2012-03-13 17:15 . 2011-10-13 23:45 6582328 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  2012-02-10 17:28 . 2012-02-10 17:29 713784 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B1E7EA-0C93-4701-849A-3113DF7BBEE8}\gapaengine.dll
  2012-01-31 12:44 . 2011-10-13 19:59 237072 ——w- c:\windows\system32\MpSigStub.exe
  .
  .
  ((((((((((((((((((((((((((((( SnapShot@2012-04-15_18.01.30 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2011-10-13 19:43 . 2012-04-15 18:36 35760 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
  + 2009-07-14 04:55 . 2012-04-15 22:02 51466 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
  + 2011-10-13 19:28 . 2012-04-15 22:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  - 2011-10-13 19:28 . 2012-04-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  + 2011-10-13 19:28 . 2012-04-15 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  - 2011-10-13 19:28 . 2012-04-15 15:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  - 2009-07-14 04:41 . 2012-04-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  + 2009-07-14 04:41 . 2012-04-15 22:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  + 2009-07-14 04:34 . 2012-04-15 18:42 87224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
  + 2011-10-13 19:37 . 2012-04-15 22:02 9344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-543510411-2024222560-3779819271-1001_UserData.bin
  - 2011-10-13 19:37 . 2012-04-15 03:58 9344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-543510411-2024222560-3779819271-1001_UserData.bin
  + 2012-04-15 18:34 . 2012-04-15 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  - 2012-04-15 15:13 . 2012-04-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  + 2012-04-15 18:34 . 2012-04-15 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  - 2012-04-15 15:13 . 2012-04-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  - 2009-07-14 08:27 . 2012-04-15 15:18 703664 c:\windows\System32\perfh013.dat
  + 2009-07-14 08:27 . 2012-04-15 22:05 703664 c:\windows\System32\perfh013.dat
  + 2009-07-14 02:05 . 2012-04-15 22:05 618108 c:\windows\System32\perfh009.dat
  - 2009-07-14 02:05 . 2012-04-15 15:18 618108 c:\windows\System32\perfh009.dat
  + 2009-07-14 08:27 . 2012-04-15 22:05 134564 c:\windows\System32\perfc013.dat
  - 2009-07-14 08:27 . 2012-04-15 15:18 134564 c:\windows\System32\perfc013.dat
  - 2009-07-14 02:05 . 2012-04-15 15:18 107388 c:\windows\System32\perfc009.dat
  + 2009-07-14 02:05 . 2012-04-15 22:05 107388 c:\windows\System32\perfc009.dat
  + 2009-07-14 04:47 . 2012-04-15 18:32 252228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  - 2009-07-14 04:47 . 2012-04-15 04:57 252228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  + 2011-10-19 22:44 . 2012-04-15 18:32 1767048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-543510411-2024222560-3779819271-1001-12288.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4
  .
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
  "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-03-29 17834880]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "ConsentPromptBehaviorAdmin"= 0 (0x0)
  "ConsentPromptBehaviorUser"= 0 (0x0)
  "EnableLUA"= 0 (0x0)
  "EnableUIADesktopToggle"= 0 (0x0)
  "PromptOnSecureDesktop"= 0 (0x0)
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  @="Service"
  .
  [HKLM\~\startupfolder\C:^Users^Anna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MSN Pictures Displayer.lnk]
  path=c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk
  backup=c:\windows\pss\MSN Pictures Displayer.lnk.Startup
  backupExtension=.Startup
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
  2010-11-17 19:29 75048 —-a-w- c:\program files\CyberLink\Shared files\brs.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
  2008-08-26 13:58 206064 —-a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
  2010-10-13 07:47 3366200 —-a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
  2011-08-03 11:50 309352 —-a-w- c:\windows\System32\nvhotkey.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
  2007-05-09 15:01 36864 —-a-w- c:\windows\OEM02Mon.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
  2010-02-02 22:08 87336 —-a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
  2012-03-29 15:58 17834880 —-a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  .
  R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
  R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
  R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
  R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
  R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
  R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
  R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
  R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  S1 MpKsl4878a576;MpKsl4878a576;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FF001D-BA0E-4FC5-87D3-A4DB6978F9A4}\MpKsl4878a576.sys [2012-04-15 29904]
  S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/13 22:53];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 19:29 87536]
  S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
  S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 95568]
  S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
  S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
  S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
  S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-10 1044808]
  S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 18120]
  S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
  S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
  S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
  .
  .
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = https://ixquick.com/ned/
  IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  TCP: DhcpNameServer = 192.168.1.1
  .
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
  "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  @Denied: (Full) (Everyone)
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————
  .
  - - - - - - - > 'Explorer.exe'(3856)
  c:\program files\RocketDock\RocketDock.dll
  .
  ———————— Andere Aktieve Processen ————————
  .
  c:\windows\system32\nvvsvc.exe
  c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
  c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
  c:\windows\system32\nvvsvc.exe
  c:\windows\system32\conhost.exe
  c:\windows\system32\taskhost.exe
  c:\program files\Dell Support Center\bin\sprtsvc.exe
  c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
  c:\program files\Windows Media Player\wmpnetwk.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2012-04-16 00:21:04 - machine werd herstart
  ComboFix-quarantined-files.txt 2012-04-15 22:20
  ComboFix2.txt 2012-04-15 18:20
  .
  Pre-Run: 122.981.560.320 bytes beschikbaar
  Post-Run: 122.635.878.400 bytes beschikbaar
  .
  - - End Of File - - 2936091D50E3CBB123D3293EE3259B7E
 • Laat nu unhide draaien.
 • Hier dan de Unhide-log.


  Unhide by Lawrence Abrams (Grinler)
  http://www.bleepingcomputer.com/
  Copyright 2008-2012 BleepingComputer.com
  More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

  Program started at: 04/16/2012 12:26:22 AM
  Windows Version: Windows 7

  Please be patient while your files are made visible again.

  Processing the C:\ drive
  Finished processing the C:\ drive. 192116 files processed.

  Processing the E:\ drive
  Finished processing the E:\ drive. 1783 files processed.

  The C:\Users\Anna\AppData\Local\Temp\smtmp\ folder does not exist!!
  Unhide cannot restore your missing shortcuts!!
  Please see this topic in order to learn how to restore default
  Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

  Searching for Windows Registry changes made by FakeHDD rogues.
  - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
  - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
  - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_TrackDocs was set to 0! It was set back to 1!
  * Start_TrackProgs was set to 0! It was set back to 1!

  Restarting Explorer.exe in order to apply changes.

  Program finished at: 04/16/2012 12:31:17 AM
  Execution time: 0 hours(s), 4 minute(s), and 54 seconds(s)


  Ik start de pc hierna even opnieuw op en laat weten hoe het eruit ziet.
  Zie al dat vele dingen zichtbaar zijn….
 • Abraham, je bent geweldig!!
  Zo te zien heb ik alles weer op de normale manier zichtbaar.
  Echt heel hartelijk dank dat u mij hebt willen helpen.
  Ik heb die logs zelf ook bekeken en hoe is het mogelijk dat u hier een probleem uit kunt halen, vind het echt heel bijzonder

  Alleen heb ik toch nog wat vraagjes.
  Wat was het probleem, was het die sh4ldr?
  Enig idee hoe ik hieraan gekomen ben?
  Installeert dit programma stiekem op de achtergrond zonder er iets van te vernemen?
  Misschien kunt u mij hier antwoord opgeven zodat ik het de volgende keer kan voorkomen.
  In de combofixlog las ik iets over "ORPHANS verwijderd" wat bedoelen ze hier mee?
  Dit ging allemaal over SAMSUNG USB drivers.

  Kan ik er nu vanuit gaan dat het virus of trojan verwijderd is en dat de pc weer veilig is?
 • Abraham, ik bemerk toch nog één probleempje, misschien heeft u hier ook een oplossing voor.
  Wanneer ik een map open waar afbeeldingen in staan, dan zie ik geen voorbeeldafbeeldingen meer.
  Niet bij grote en ook niet bij extra grote pictogrammen, normaal krijg je dan van die kleine afbeeldingen.
  Hoop dat u hier ook nog een oplossing voor weet.
 • Ga naar Configuratiescherm\Mapopties en klik vervolgens op de tab Weergave.

  Controleer nu of [b:1e904c6ca2]Altijd pictogrammen weergeven, nooit miniaturen[/b:1e904c6ca2] van een vinkje is voorzien.
  Zoja, dan het vinkje weghalen.

  Malware kan via vele wegen in Windows terchtkomen.
  Enerzijds gebeurt dat middels het gebruik van bijvoorbeeld keygens e.d.
  Anderzijds gebeurt dat doordat applicatie-software in Windows niet up to date is.
  Daarbij moet je vooral denken aan Java en Adobes Flashplayer en Reader.

  [b:1e904c6ca2]Doe de ESET online scan (Klik).[/b:1e904c6ca2]
  [list:1e904c6ca2]
  [*:1e904c6ca2]Klik op de knop [b:1e904c6ca2]ESET Online Scanner[/b:1e904c6ca2]
  [*:1e904c6ca2]Zet een vinkje bij [b:1e904c6ca2]YES, I accept the Terms of Use[/b:1e904c6ca2]
  [*:1e904c6ca2]Klik op [b:1e904c6ca2]Start[/b:1e904c6ca2]
  [*:1e904c6ca2]Sta het ActiveX control toe om te installeren.
  [*:1e904c6ca2]Zet een vinkje bij de volgende opties:
  [list:1e904c6ca2][*:1e904c6ca2][b:1e904c6ca2]Remove found threats[/b:1e904c6ca2]
  [*:1e904c6ca2][b:1e904c6ca2]Scan archives[/b:1e904c6ca2][/list:u:1e904c6ca2]
  [*:1e904c6ca2]Klik vervolgens op [b:1e904c6ca2]
 • Hallo Abraham,

  Alles zag er heel goed uit, en toen heb iets doms gedaan.
  Ik heb de windows updates uitgevoerd en daar ging het mis.
  Achteraf besefte ik dat u nog duidelijk was geweest en ben in mijn enthousiasme regel 4 van u vergeten.
  Het spijt me echt heel erg en wanneer u besluit om uw handen hiervan terug te trekken, dan kan ik dat zeker begrijpen.
  Het spijt mij echt oprecht.
 • Maak je niet zo druk hoor, patchday was verleden week al.
  En aangezien we al ver zijn opgeschoten maakt het nu niet uit.
  Maar wat is er nu misgegaan met het updaten?

  Download MiniToolBox en plaats dit tool op jouw bureaublad.

  [b:1535409900]"Farbar MiniToolBox" gebruiken[/b:1535409900]:
  [list:1535409900][*:1535409900] [b:1535409900]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.