politievirus

[juisterr]

Dank je, ik moet dit wel even doorlezen, kan even duren.

[juisterr]

Ok, start zoek.exe opnieuw en vul onderstaande script in en klik op run script.

C:\ProgramData\mqr8zjjw;fs
C:\ProgramData\mqr8zjjw;fs
C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqr8zjjw;fs
shortcutfix;
autoclean;

Plaats de uitslag aub .

[ODN]

Die mqr8zjjw zit bij AVG in quarantaine sinds gisteren. Ik weet niet of je daar iets mee bent?

Zal dat scrips eens laten draaien. Maar kan wel een tijd duren want dat start pas na een dik half uur op, soms niet.

[juisterr]

Dat is een onderdeel van het politievirus, dus dat doet AVG goed, gooi maar snel weg uit het quarantine van AVG.

En ja, run het script even.

[ODN]

Zoek.exe Version 4.0.0.5 Updated 22-October-2013

Tool run by Olav on do 24/10/2013 at 20:40:21,89.

Microsoft® Windows Vista™ Home Basic 6.0.6001 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Olav\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-20-204356.log 13255 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\ProgramData\mqr8zjjw not found

C:\ProgramData\mqr8zjjw not found

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqr8zjjw not found

"C:\Users\Olav\AppData\Roaming\Uniblue\RegistryBooster\monitor.log" not deleted

"C:\Users\Olav\AppData\Roaming\Uniblue" not deleted

"C:\Users\Olav\AppData\Roaming\Uniblue\RegistryBooster" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4" [10/04/2013 16:12]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx[09/09/2011 03:11]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag"

"Default_Page_URL"="http://www.asus.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

"Start Page"="HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== shortcuts on Users Desktops ======================

C:\Users\Olav\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe

C:\Users\Olav\Desktop\Free File Opener.lnk - C:\Program Files\Free File Opener\FreeFileOpener.exe

C:\Users\Olav\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch

C:\Users\Olav\Desktop\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Olav\Desktop\Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Users\Olav\Desktop\Uniblue RegistryBooster.lnk - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader 8.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Age of Empires Expansion.lnk - D:\age of empires\EMPIRESX.EXE

C:\Users\Public\Desktop\Age of Empires.lnk - D:\age of empires\EMPIRES.EXE

C:\Users\Public\Desktop\ASUS Data Security Manager.lnk - C:\Program Files\ASUS\ASUS Data Security Manager\My_Vault.exe

C:\Users\Public\Desktop\ASUS Splendid Technology Utility.lnk - C:\Program Files\ASUS\Splendid\Backbone.exe

C:\Users\Public\Desktop\ASUSTek ASUSDVD.lnk - C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe

C:\Users\Public\Desktop\AVG 2011.lnk - C:\Program Files\AVG\AVG10\avgui.exe

C:\Users\Public\Desktop\Canon MX370 series Online handleiding.lnk - C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES\Canon\IJ Manual\CANON MX370 SERIES\Dutch\Info.egv"

C:\Users\Public\Desktop\Canon Solution Menu EX.lnk - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Users\Public\Desktop\Computer Updater.lnk - C:\Program Files\Computer Updater\ComputerUp-dater.exe

C:\Users\Public\Desktop\GIMP 2.lnk - C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe

C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch

C:\Users\Public\Desktop\MAGIX Speed 2.lnk - C:\Program Files\MAGIX\Speed2\SpeedStart.exe

C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

C:\Users\Public\Desktop\Play Synthesia.lnk - C:\Program Files\Synthesia\Synthesia.exe

C:\Users\Public\Desktop\PlayMemories Home Help.lnk - C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe /Help

C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe

C:\Users\Public\Desktop\PrintParade Studio.lnk - C:\Program Files\PrintParade Studio\Printparade.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD\ASUSDVD Help file.lnk - C:\Program Files\ASUSTek\ASUSDVD\Language\Enu\ASUSDVD.CHM

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD\ASUSTek ASUSDVD.lnk - C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD\Online registration.lnk - C:\Program Files\ASUSTek\ASUSDVD\OLRSubmission\OLRSubmission.exe /LANG:Enu

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD\Readme.lnk - C:\Program Files\ASUSTek\ASUSDVD\Language\Enu\Readme.htm

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD\Uninstall ASUSDVD.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk - C:\Program Files\Free File Opener\FreeFileOpener.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk - C:\Program Files\Uniblue\RegistryBooster\Launcher.exe

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Olav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Olav\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Olav\AppData\Roaming\Uniblue\RegistryBooster\monitor.log" not deleted

"C:\Users\Olav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Olav\AppData\Roaming\Uniblue" not deleted

==== EOF on do 24/10/2013 at 21:01:47,82 ======================

[juisterr]

Flinke uitslagen, mag ik vragen hoe het nu gaat ?

[ODN]

Computer doet 'normaal'. Het is wel een oud bakske met af en toe zijn kuren, maar ik mag niet klagen. Hij is jammer genoeg niet sneller geworden

Maar waarom plaatst AVG pas na de infectie dat spel in quarantiane? Moest hij dat ervoor gedaan hebben was er waarschijnlijk nooit iets aan de hand geweest.

Het is naar het schijnt serieus erg met malware. Op ons werk deed ook een brief de ronde vandaag.

[juisterr]

Jazeker gaat het los met malware, oude pc blijft een oude pc, alle software is sneller geworden maar dat maakt een oude pc niet sneller, eerder trager.

AVG zal het niet direct herkent hebben, pas na een update zal het herkent zijn.

[ODN]

Het voornaamste is dat het opgelost is. Hopelijk ziet AVG het de volgende keer op voorhand. In ieder geval bedankt om me door heel dit proces door te helpen!

[juisterr]

graag gedaan.