Politie Virus

[Gast GotWood]

Hey GotWood hier.

Ik heb een tijdje geleden al een post gemaakt i.v.m.het politie virus. Die werd bij mij verwijderd maar nu heeft mijn kamergenoot daar ook last van :s. Zouden jullie mij misschien kunnen helpen met dit probleem ?

Groeten GotWood

[Jean-Pierre]

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

---

3. Na het plaatsen van je logje wordt dit door een expert nagekeken en hij begeleidt jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

[Gast GotWood]

Hoi, Jean-Pierre ik heb echter nog een ander probleem. Als ik de pc opstart in veilige modus dan herstart deze na zo'n 10 seconden weer op in normale modus. Ik weet dus niet echt hoe ik moet beginnen met werken aangezien ik noch in veilige modus noch in normale modus iets kan doen :s

[Jean-Pierre]

Wat ik voorstelde in post 2 is voor die pc van de kamergenoot.

Best dat je dat dus eerst uitvoert alvorens extra problemen aan te halen die wel eens met elkaar in verband kunnen liggen.;-)

[Gast GotWood]

Het logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:37:21, on 8-3-2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

F:\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Smaxi.Net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Smaxi.Net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: AlterGeo Magic Scanner - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Aiaaaeou a eca?aiiia iiaeeuiiai ono?ienoaa... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieen - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG A?aiaiaoy? (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 5362 bytes

[juisterr]

Je logje is schoon zo te zien dus we gaan direct over naar iets anders.

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  startupall;
  filesrcm;
  

  
  

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
    
  • Running processes
    
  • Recently Created
    
  • Firefox Look
    
  • Firefox Defaults
    
  • Shortcut Fix
    
  • IE Defaults
    
  • Auto Clean
    
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[Gast GotWood]

Hier is het logje dat je vroeg Jean-Pierre !! Ik denk dat ik de boosdoener er al tussen zie xD

Zoek.exe Version 4.0.0.2 Updated 01-March-2013

Tool run by Administrator on vr 08-03-2013 at 18:08:12,18.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Safe Mode NETWORK No Internet Access Detected

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

F:\zoek\zoek.exe

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\wk58g890.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\wk58g890.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====

====== C:\WINDOWS\system32 =====

2013-02-28 09:06:08 674F852FAE7E686F74EF11A4FE44ED21 94112 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll

2013-02-28 06:32:39 4BF005295BC835CAA65A216367F4DF2E 165912 ----a-w- C:\WINDOWS\System32\FNTCACHE.DAT

====== C:\WINDOWS\system32\drivers =====

2013-03-19 22:28:30 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\Administrator\Application Data ======

2013-03-08 17:03:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\AVG2013

2013-03-08 17:03:40 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2013

2013-03-08 16:35:49 88CF0FF92A4A9FA7BD9B7513B2E9E22B 62 --sha-w- C:\Documents and Settings\Administrator\Application Data\desktop.ini

2013-03-08 16:35:48 -------- d-s---w- C:\Documents and Settings\Administrator\Application Data\Microsoft

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

2013-03-08 09:59:45 B6AC1DB8501FA17A48BB57A6B8F902EA 4 ----a-w- C:\Documents and Settings\Natalia\Application Data\skype.ini

2013-02-24 11:52:05 0A9E0A7E31AC52E1C597B8CE13963F39 3584 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-02-20 14:33:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG

2013-02-20 14:33:40 -------- d-sh--w- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-02-19 22:45:01 -------- d-----w- C:\Documents and Settings\Natalia\Application Data\AVG2013

2013-02-19 22:43:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2013

2013-02-19 22:40:11 -------- d-----w- C:\Documents and Settings\Natalia\Local Settings\Application Data\Avg2013

====== C:\Documents and Settings\Administrator ======

2013-03-08 16:35:50 7D19A444F835CF627FB65127A25778A7 188 --sh--w- C:\Documents and Settings\Administrator\ntuser.ini

2013-03-08 16:35:48 -------- d-s---w- C:\Documents and Settings\Administrator\Cookies

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Sjablonen

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Onlangs geopend

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Netwerkprinteromgeving

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\NetHood

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Local Settings

2013-03-08 16:35:48 -------- d--h--r- C:\Documents and Settings\Administrator\SendTo

2013-03-08 16:35:48 -------- d--h--r- C:\Documents and Settings\Administrator\Application Data

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Mijn documenten

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Favorieten

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Bureaublad

2013-03-08 16:35:48 -------- d-----r- C:\Documents and Settings\Administrator\Menu Start

2013-02-20 14:36:04 -------- d-----w- C:\Documents and Settings\LocalService\Bureaublad

====== C: exe-files ==

2013-03-08 08:33:32 C44F12B72DF42A037E65713B0F50B9D8 7330384 ----a-w- C:\Program Files\AVG\AVG2013\avgmfapx.exe

2013-03-08 08:33:32 7F2843FF4197C1DC2D62BB8880914339 7325728 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\update\backup\avgmfapx.exe

2013-03-04 21:43:01 CC0CC5B0866A7C50C4B50A37CB83B875 1630672 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Temp\CR_742CB.tmp\setup.exe

2013-03-04 21:43:00 526F48333DC36D7AA3BF9314AA195E38 829280 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.152\25.0.1364.152_25.0.1364.97_chrome_updater.exe

=== C: other files ==

2013-03-19 22:28:30 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-03-08 09:54:13 0D5417FBFE4F0F1FEA8F07D68FBE6744 188416 ----a-w- C:\Documents and Settings\Natalia\Bureaublad\video.****tube\video.****tube\video.****tube.com

2013-03-08 09:53:45 39686D27EED12AA0FF30EF616B2811B7 91069 ----a-w- C:\Documents and Settings\Natalia\Bureaublad\video.****tube\video.****tube.zip

2013-03-08 08:22:44 5BD2333A679E8479D65916C5B6A17BA5 91255 ----a-w- C:\RECYCLER\S-1-5-21-1343024091-688789844-839522115-1004\Dc1.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1343024091-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 14:19]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-03-2012 12:36]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-03-2012 12:36]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-688789844-839522115-1004Core.job --a------ C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [24-03-2012 13:41]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-688789844-839522115-1004UA.job --a------ C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [24-03-2012 13:41]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\wk58g890.default

- Xmarks - %ProfilePath%\extensions\foxmarks@kei.com

- Grsel favoriler - %ProfilePath%\extensions\vb@yandex.ru

- @Mail.Ru - %ProfilePath%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}(2)

- Adblock Lite - %ProfilePath%\extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.smaxxi.biz"

"Start Page"="http://www.smaxxi.biz"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\Natalia\Bureaublad\Nieuwe map\ôîòî\íîâé ãîä 2012-2013\Snelkoppeling naar P20 121.lnk -

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe

C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\Natalia\Menu Start\Programma's\Hulp op afstand.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Opdrachtprompt.lnk - C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Rondleiding door Windows XP.lnk - C:\WINDOWS\system32\tourstart.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Synchroniseren.lnk - C:\WINDOWS\system32\mobsync.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk - C:\WINDOWS\explorer.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk - C:\WINDOWS\system32\utilman.exe /start

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Schermtoetsenbord.lnk - C:\WINDOWS\system32\osk.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Vergrootglas.lnk - C:\WINDOWS\system32\magnify.exe

C:\Documents and Settings\Natalia\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk - C:\WINDOWS\system32\wupdmgr.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Verbinding met extern bureaublad.lnk - C:\WINDOWS\system32\mstsc.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Netwerkverbindingen.lnk - C:\WINDOWS\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Wizard Netwerk instellen.lnk - C:\WINDOWS\system32\rundll32.exe hnetwiz.dll,HomeNetWizardRunDll

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Communicatie\Wizard Nieuwe verbinding.lnk - C:\WINDOWS\system32\rundll32.exe netshell.dll,StartNCW

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Geplande taken.lnk - C:\WINDOWS\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Schijfdefragmentatie.lnk - C:\WINDOWS\system32\dfrg.msc

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Speciale tekens.lnk - C:\WINDOWS\system32\charmap.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Systeemherstel.lnk - C:\WINDOWS\system32\restore\rstrui.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Windows activeren.lnk - C:\WINDOWS\system32\oobe\msoobe.exe /A

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Wizard Bestanden en instellingen overzetten.lnk - C:\WINDOWS\system32\usmt\migwiz.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Wizard Toegankelijkheid.lnk - C:\WINDOWS\system32\accwiz.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm

C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Äåèíñòàëëèðîâàòü Malwarebytes Anti-Malware.lnk -

C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Ontspanning\FreeCell.lnk - C:\WINDOWS\system32\freecell.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Ontspanning\Spider Solitaire.lnk - C:\WINDOWS\system32\spider.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk - C:\WINDOWS\system32\compmgmt.msc /s

C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Gegevensbronnen (ODBC).lnk - C:\WINDOWS\system32\odbcad32.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Logboeken.lnk - C:\WINDOWS\system32\eventvwr.msc /s

C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Prestaties.lnk - C:\WINDOWS\system32\perfmon.msc /s

C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Services.lnk - C:\WINDOWS\system32\services.msc /s

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\Natalia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Natalia\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Natalia\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Natalia\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Natalia\Local Settings\Application Data\Mozilla\Firefox\Profiles\wk58g890.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

[juisterr]

Even aanvullende fix.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
    
  • Chrome Look
    
  • Reset Chrome
    
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[Gast GotWood]

Ziezo !

Zoek.exe Version 4.0.0.2 Updated 08-March-2013

Tool run by Administrator on vr 08-03-2013 at 18:31:15,79.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Safe Mode NETWORK Internet Access Detected

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====

====== C:\WINDOWS\system32 =====

2013-02-28 09:06:08 674F852FAE7E686F74EF11A4FE44ED21 94112 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll

2013-02-28 06:32:39 4BF005295BC835CAA65A216367F4DF2E 165912 ----a-w- C:\WINDOWS\System32\FNTCACHE.DAT

====== C:\WINDOWS\system32\drivers =====

2013-03-19 22:28:30 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\Administrator\Application Data ======

2013-03-08 17:03:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\AVG2013

2013-03-08 17:03:40 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2013

2013-03-08 16:35:49 88CF0FF92A4A9FA7BD9B7513B2E9E22B 62 --sha-w- C:\Documents and Settings\Administrator\Application Data\desktop.ini

2013-03-08 16:35:48 -------- d-s---w- C:\Documents and Settings\Administrator\Application Data\Microsoft

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

2013-03-08 09:59:45 B6AC1DB8501FA17A48BB57A6B8F902EA 4 ----a-w- C:\Documents and Settings\Natalia\Application Data\skype.ini

2013-02-24 11:52:05 0A9E0A7E31AC52E1C597B8CE13963F39 3584 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-02-20 14:33:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG

2013-02-20 14:33:40 -------- d-sh--w- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-02-19 22:45:01 -------- d-----w- C:\Documents and Settings\Natalia\Application Data\AVG2013

2013-02-19 22:43:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2013

2013-02-19 22:40:11 -------- d-----w- C:\Documents and Settings\Natalia\Local Settings\Application Data\Avg2013

====== C:\Documents and Settings\Administrator ======

2013-03-08 16:35:50 7D19A444F835CF627FB65127A25778A7 188 --sh--w- C:\Documents and Settings\Administrator\ntuser.ini

2013-03-08 16:35:48 -------- d-s---w- C:\Documents and Settings\Administrator\Cookies

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Sjablonen

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Onlangs geopend

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Netwerkprinteromgeving

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\NetHood

2013-03-08 16:35:48 -------- d--h--w- C:\Documents and Settings\Administrator\Local Settings

2013-03-08 16:35:48 -------- d--h--r- C:\Documents and Settings\Administrator\SendTo

2013-03-08 16:35:48 -------- d--h--r- C:\Documents and Settings\Administrator\Application Data

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Mijn documenten

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Favorieten

2013-03-08 16:35:48 -------- d-----w- C:\Documents and Settings\Administrator\Bureaublad

2013-03-08 16:35:48 -------- d-----r- C:\Documents and Settings\Administrator\Menu Start

2013-02-20 14:36:04 -------- d-----w- C:\Documents and Settings\LocalService\Bureaublad

====== C: exe-files ==

2013-03-08 08:33:32 C44F12B72DF42A037E65713B0F50B9D8 7330384 ----a-w- C:\Program Files\AVG\AVG2013\avgmfapx.exe

2013-03-08 08:33:32 7F2843FF4197C1DC2D62BB8880914339 7325728 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\update\backup\avgmfapx.exe

2013-03-04 21:43:01 CC0CC5B0866A7C50C4B50A37CB83B875 1630672 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Temp\CR_742CB.tmp\setup.exe

2013-03-04 21:43:00 526F48333DC36D7AA3BF9314AA195E38 829280 ----a-w- C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.152\25.0.1364.152_25.0.1364.97_chrome_updater.exe

=== C: other files ==

2013-03-19 22:28:30 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-03-08 09:54:13 0D5417FBFE4F0F1FEA8F07D68FBE6744 188416 ----a-w- C:\Documents and Settings\Natalia\Bureaublad\video.****tube\video.****tube\video.****tube.com

2013-03-08 09:53:45 39686D27EED12AA0FF30EF616B2811B7 91069 ----a-w- C:\Documents and Settings\Natalia\Bureaublad\video.****tube\video.****tube.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1343024091-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 14:19]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-03-2012 12:36]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-03-2012 12:36]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-688789844-839522115-1004Core.job --a------ C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [24-03-2012 13:41]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-688789844-839522115-1004UA.job --a------ C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [24-03-2012 13:41]

==== Chrome Look ======================

YouTube - Natalia - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Natalia - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Mail.ru \u00AB\u0412\u0438\u0437\u0443\u0430\u043B\u044C\u043D\u044B\u0435 \u0437\u0430\u043A\u043B\u0430\u0434\u043A\u0438\u00BB - Natalia - Default\Extensions\jaocgokledfmfebefgbeokdodbbdjhdd

\u201CVisual Bookmarks\u201D from Yandex - Natalia - Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac

Gmail - Natalia - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Reset Google Chrome ======================

C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

[juisterr]

Mail.ru is normaal voor u neem ik aan!

- - - Updated - - -

Hoe gaat het nu ?