vreemde melding

[kape]

Absoluut ... heb je al eens op de C-partitie gaan kijken of zoek-results.log zich daar al niet bevindt ?

[chrisv]

Dit is wat ik een dag eerder had gevonden. Het programma was toen nog steeds aan het draaien. heb het na 12 uur handmatig afgesloten.

Misschien geeft het nuttige info!

Zoek.exe v5.0.0.0 Updated 12-Januari-2014

Tool run by C on ma 13-01-2014 at 9:12:32,42.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\C\Desktop\zoek.scr [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

13-1-2014 09:20:32 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\ProgramData\Dumps deleted successfully

C:\Users\C\AppData\Roaming\Logitech deleted successfully

C:\Users\C\AppData\Roaming\OfferMosquito deleted successfully

C:\Users\C\AppData\Roaming\QuickScan deleted successfully

C:\Users\C\AppData\Roaming\Systweak deleted successfully

C:\Users\C\AppData\Local\Adobe deleted successfully

C:\Users\C\AppData\Local\MigWiz deleted successfully

C:\Users\C\AppData\Local\PackageStaging deleted successfully

C:\Users\C\AppData\Local\Secunia PSI deleted successfully

[kape]

Dit is slechts een beperkt deel van het logje dat we nodig hebben. We gaan dan even de opdracht voor een nieuwe scan met zoek aanpassen. Normaal zou dan de werkduur moeten verkorten:

• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{82B16A3D-F03E-4565-A532-666B219C9A53};c
 C:\Users\C\AppData\Local\ext_offermosquito;fs
 DataMgr;s
 C:\Users\C\AppData\Roaming\DataMgr;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}];r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "DataMgr"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
 "AppInit_DLLs"=-;r
 C:\Users\C\AppData\Roaming\Systweak;fs
 C:\WINDOWS\system32\roboot64.exe;f
 C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[chrisv]

hallo,

Bij deze denk ik het goede logbestand

alvast dank.

chrisv

Zoek.exe v5.0.0.0 Updated 15-Januari-2014

Tool run by C on do 16-01-2014 at 11:17:08,33.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-13-090036.log 958 bytes

==== Empty Folders Check ======================

C:\Users\C\AppData\Roaming\QuickScan deleted successfully

C:\Users\C\AppData\Local\Secunia PSI deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully

HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DataMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\C\AppData\Roaming\Systweak not found

C:\Users\C\AppData\Local\ext_offermosquito deleted

C:\Users\C\AppData\Roaming\DataMgr deleted

C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted

"C:\windows\SysNative\roboot64.exe" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

2014-01-12 10:11:20 D9F551D51350364EBF9D235F50FAD5A2 392727407 ----a-w- C:\WINDOWS\MEMORY.DMP

====== C:\Users\C\AppData\Local\Temp ====

2014-01-14 09:52:08 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Users\C\AppData\Local\Temp\Foxit Updater.exe

====== C:\WINDOWS\SysWOW64 =====

2014-01-16 09:00:01 815747A331941F3DA5F4BAF78016D333 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-01-15 09:14:22 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll

2014-01-15 09:14:21 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll

2014-01-15 09:14:19 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

2014-01-15 09:14:23 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll

2014-01-15 09:14:22 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll

2014-01-15 09:14:22 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll

2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe

2014-01-15 09:14:20 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll

2014-01-15 09:14:16 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll

2014-01-12 09:35:29 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\Sysnative\bootdelete.exe

====== C:\WINDOWS\Sysnative\drivers =====

2013-12-28 16:04:34 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2013-12-28 16:02:05 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\WINDOWS\Sysnative\drivers\GEARAspiWDM.sys

2013-12-24 13:37:50 370A6907DDF79532A39319492B1FA38A 231376 ----a-w- C:\WINDOWS\Sysnative\drivers\truecrypt.sys

====== C:\WINDOWS\Tasks ======

2014-01-15 21:00:47 018C164568007461A6C472A64B589521 3576 ----a-w- C:\WINDOWS\Sysnative\Tasks\Bitdefender Autoscan

2013-12-28 20:14:51 735D6BEACD734C489AD46098E35C348E 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-28 20:14:51 222A8A7BFD8EE88E3ECB4216D42B9412 3828 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater

2013-12-28 16:00:22 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-01-12 16:07:30 -------- d-----w- C:\Program Files\trend micro

2013-12-28 16:01:34 -------- d-----w- C:\Program Files\iPod

2013-12-28 16:01:33 -------- d-----w- C:\Program Files\iTunes

2013-12-28 15:59:50 -------- d-----w- C:\Program Files\Common Files\Apple

======= C:\PROGRA~2 =====

2014-01-14 10:03:29 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service

2014-01-12 09:07:43 -------- d-----w- C:\PROGRA~2\SciLor's grooveshark.com Downloader

2013-12-28 16:01:33 -------- d-----w- C:\PROGRA~2\iTunes

2013-12-28 16:00:14 -------- d-----w- C:\PROGRA~2\Apple Software Update

2013-12-28 15:59:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple

2013-12-26 11:30:05 -------- d-----w- C:\PROGRA~2\Kobo

======= C: =====

====== C:\Users\C\AppData\Roaming ======

2014-01-01 16:30:37 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm

2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Roaming\Apple Computer

2013-12-28 16:02:22 -------- d-----w- C:\Users\C\AppData\Local\Apple Computer

2013-12-28 16:00:18 -------- d-----w- C:\Users\C\AppData\Local\Apple

2013-12-28 16:00:02 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer

2013-12-26 17:11:02 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking

2013-12-26 17:10:52 -------- d-----w- C:\Users\C\AppData\Roaming\CyberLink

2013-12-26 11:30:36 -------- d-----w- C:\Users\C\AppData\Local\Kobo

2013-12-24 13:38:30 -------- d-----w- C:\Users\C\AppData\Roaming\TrueCrypt

====== C:\Users\C ======

2014-01-16 10:12:45 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp

2014-01-15 21:00:21 -------- d-----w- C:\ProgramData\ClassicShell

2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe

2014-01-12 16:06:24 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\C\Downloads\RSITx64.exe

2014-01-12 09:07:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SciLor's grooveshark™.com Downloader

2014-01-12 08:58:06 861433F3302DFD69B59282A84A1208A8 340688 ----a-w- C:\Users\C\Downloads\scilors-grooveshark-downloader-windows-downloader.exe

2014-01-06 18:01:49 47C203471B017D84C38836653E793FE5 11863248 ----a-w- C:\Users\C\Downloads\HarmonyBrowserPlug-in.exe

2014-01-05 16:05:42 6B26D2940BD9B7C75EF8556940CA5159 23915754 ----a-w- C:\Users\C\Downloads\torbrowser-install-3.5_en-US.exe

2013-12-28 16:02:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2013-12-28 16:01:33 -------- d-----w- C:\ProgramData\Apple Computer

2013-12-28 15:59:18 -------- d-----w- C:\ProgramData\Apple

2013-12-26 11:30:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo

====== C: exe-files ==

2014-01-16 09:00:01 815747A331941F3DA5F4BAF78016D333 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-15 09:14:21 F8309DE5A45867745C7AA835DF50AA29 25304 ----a-w- C:\Windows\WinStore\WSHost.exe

2014-01-15 09:14:21 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\Windows\System32\WSCollect.exe

2014-01-14 10:03:30 99F20CB58E61DAAD19935122AEE8B376 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

2014-01-14 10:03:29 3B9398E0146855B1DC0E3D9769C80F01 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

2014-01-14 10:02:26 FD3E66E1EAD5DA5EC23174D29B8376D6 283128 ----a-w- C:\Users\C\Downloads\Firefox Setup Stub 26.0.exe

2014-01-14 09:55:48 656E932667A49E2A49658DE755D8A8F0 1437248 ----a-w- C:\Users\C\AppData\Roaming\Foxit Software\Foxit Cloud\Reader\unins000.exe

2014-01-14 09:55:26 49E549A01BB5FF6E82E386176E4D7305 96320 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe

2014-01-14 09:54:56 22152100B2D32BE9DAF13591096DE58D 2084416 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\SendCrashReport.exe

2014-01-14 09:54:54 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Updater.exe

2014-01-14 09:54:49 15D2200C10CA3506C2AD566FBAE1E13B 36229696 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

2014-01-14 09:54:47 B2A596DCEE491DF39DBDC13A8A7CB05A 60480 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe

2014-01-14 09:54:46 7FC062F566DBEE26A6DF69119C93B7B9 755672 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe

2014-01-14 09:54:36 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Checkupdate\Checkupdate.exe

2014-01-14 09:54:35 5C7CD5168055514AB1722E4F926DCEF5 1904192 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe

2014-01-14 09:52:08 B8B811C4655490676C2DED04E531F106 9577536 ----a-w- C:\Users\C\AppData\Local\Temp\Foxit Updater.exe

2014-01-13 18:12:50 A3CE1DC73BCC95D7812D593381346681 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IYDMJXO.exe

2014-01-13 06:54:58 084BE4D9B1C2B51F423C97285B89E558 1281536 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RYDMJXO.exe

2014-01-12 16:07:34 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\C.exe

2014-01-12 16:06:24 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\C\Downloads\RSITx64.exe

2014-01-12 09:35:29 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2014-01-12 09:07:47 0B84A6BBD496026CA534666A58DF9CF0 5407850 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\vidalia.exe

2014-01-12 09:07:46 C10EB5C2B17B822FDC66D70CF4680695 3938086 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\tor.exe

2014-01-12 09:07:46 35EA0113A5FF5D1608D1A80CA006E8F0 374786 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\tor-resolve.exe

2014-01-12 09:07:44 0780178E6001509C855F0149F8B97135 178176 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Tor\polipo.exe

2014-01-12 09:07:43 38FBFABDCE44FD844CBCD7BA6BC91584 808904 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\unins000.exe

2014-01-12 09:07:43 1047510FB6C40F4E88F5E922785835E5 122992 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Mp3Gain\mp3gain.exe

2014-01-12 09:07:43 008006426163026C522F35361D23B067 376320 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\SciLors GrooveDownloader.exe

2014-01-12 08:58:06 861433F3302DFD69B59282A84A1208A8 340688 ----a-w- C:\Users\C\Downloads\scilors-grooveshark-downloader-windows-downloader.exe

=== C: other files ==

2014-01-15 09:14:39 4D6461193AE1BBC708194C295C7EA71A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IRBGS16.zip

2014-01-15 09:14:29 C03D586167072E6565BFA7F79281D69A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IKVPVG3.zip

2014-01-13 18:12:55 DD82198180C71CF7D27D3557FC6C45C6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$IZCEZB4.com

2014-01-13 18:01:28 00379788C7C696104BD1C09306BF90B1 4082624 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RKVPVG3.zip

2014-01-13 18:00:32 00379788C7C696104BD1C09306BF90B1 4082624 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RRBGS16.zip

2014-01-13 16:18:27 7303562B96B994B544902C5E703D3276 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$ICGOWEF.com

2014-01-12 23:20:14 0EABC923312CEFC45484D2F7D28A9C7A 1410166 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RZCEZB4.com

2014-01-12 23:20:14 0EABC923312CEFC45484D2F7D28A9C7A 1410166 ----a-w- C:\$Recycle.Bin\S-1-5-21-2816235752-810234289-1669953389-1001\$RCGOWEF.com

2014-01-12 09:07:43 B8E429F3225CC298C5D13D31AFD050B6 128436 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\Mp3Gain\mp3gain-1_5_2_r2-src.zip

2014-01-12 09:07:43 12CE68E7308A83645825B4AD0C459F5E 61 ----a-w- C:\Program Files (x86)\SciLor's grooveshark.com Downloader\SciLors GrooveDownloader WithTor.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"

"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

"SSync"="C:\Users\C\AppData\Roaming\SSync\SSync.exe"

"Intermediate"="C:\Users\C\AppData\Roaming\Intermediate\Intermediate.exe"

"OMESupervisor"="C:\Users\C\AppData\Local\omesuperv.exe"

"Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"

"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"

"Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

"AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

"SSync"="C:\Users\C\AppData\Roaming\SSync\SSync.exe"

"Intermediate"="C:\Users\C\AppData\Roaming\Intermediate\Intermediate.exe"

"OMESupervisor"="C:\Users\C\AppData\Local\omesuperv.exe"

"Wipe Maintance"="C:\Program Files\net1-wipe\net1.exe windowsStartup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4"

"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"

"POSHX"="C:\Program Files (x86)\FWdriver_v\POSHX.exe /start"

"Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-11-12 17:42:57 1870 ----a-w- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk

2013-11-23 17:57:24 1126 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\Bitdefender Autoscan" [C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files\Dolby Digital Plus\ddp.exe]

"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41]

==== Firefox Extensions ======================

ProfilePath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default

- OfferMosquito - %ProfilePath%\extensions\om@offermosquito.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default

BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=5 9019848 bytes)

==== EOF on do 16-01-2014 at 11:28:27,36 ======================

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  OfferMosquito;ff
 Autoclean;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[chrisv]

bij deze.

Zoek.exe v5.0.0.0 Updated 15-Januari-2014

Tool run by C on do 16-01-2014 at 17:25:43,21.

Microsoft Windows 8.1 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\C\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-13-090036.log 958 bytes

C:\zoek-results2014-01-16-102827.log 18495 bytes

C:\zoek-results2014-01-16-114911.log 397 bytes

C:\zoek-results2014-01-16-143625.log 445 bytes

C:\zoek-results2014-01-16-150723.log 493 bytes

==== Creating Sample_16-01-2014_1758.zip ======================

Copied file C:\Users\C\AppData\Local\omesuperv.exe to sample\omesuperv.exe

sample\omesuperv.exe renamed to B64C0A5200B396641205598D271ACD9F

C:\Users\Public\Desktop\sample_16-01-2014_1758.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_USERS\S-1-5-21-2816235752-810234289-1669953389-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6F001371-B95B-44DD-80AF-E3B9109FA974} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default

---- Lines OfferMosquito removed from prefs.js ----

user_pref("om.pingUrl", "http://api.offermosquito.com/ping.php?ch=35");

user_pref("plugin.state.npoffermosquitoiehelper", 0);

---- Lines OfferMosquito modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"ffpwdman@bitdefender.com\":{\"descriptor\":\"C:\\\\Program Files\

---- Lines Softonic removed from prefs.js ----

user_pref("extensions.Softonic.admin", false);

user_pref("extensions.Softonic.aflt", "SD");

user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic.dfltLng", "nl");

user_pref("extensions.Softonic.dfltSrch", true);

user_pref("extensions.Softonic.dnsErr", true);

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.ffxUnstlRst", false);

user_pref("extensions.Softonic.hmpg", true);

user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=b472050d0000000000005c514f392ea3");

user_pref("extensions.Softonic.hpOld0", "");

user_pref("extensions.Softonic.id", "b472050d0000000000005c514f392ea3");

user_pref("extensions.Softonic.instlDay", "16019");

user_pref("extensions.Softonic.instlRef", "MOY00011");

user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=b472050d0000000000005c514f392ea3&q=");

user_pref("extensions.Softonic.newTab", true);

user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=b472050d0000000000005c514f392ea3");

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.rvrt", "false");

user_pref("extensions.Softonic.smplGrp", "none");

user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");

user_pref("extensions.Softonic.tlbrId", "2013desingbrand");

user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=b472050d0000000000005c514f392ea3&q=");

user_pref("extensions.Softonic.vrsn", "1.8.19.3");

user_pref("extensions.Softonic.vrsni", "1.8.19.3");

user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:43:51");

---- Lines Softonic removed from user.js ----

user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=b472050d0000000000005c514f392ea3&q=");

user_pref("extensions.Softonic.id", "b472050d0000000000005c514f392ea3");

user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");

user_pref("extensions.Softonic.instlDay", "16019");

user_pref("extensions.Softonic.vrsn", "1.8.19.3");

user_pref("extensions.Softonic.vrsni", "1.8.19.3");

user_pref("extensions.Softonic.vrsnTs", "1.8.19.314:43:51");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.aflt", "SD");

user_pref("extensions.Softonic.smplGrp", "none");

user_pref("extensions.Softonic.tlbrId", "2013desingbrand");

user_pref("extensions.Softonic.instlRef", "MOY00011");

user_pref("extensions.Softonic.dfltLng", "nl");

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.ffxUnstlRst", false);

user_pref("extensions.Softonic.admin", false);

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic.rvrt", "false");

user_pref("extensions.Softonic.hmpg", true);

user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=b472050d0000000000005c514f392ea3");

user_pref("extensions.Softonic.hpOld0", "");

user_pref("extensions.Softonic.dfltSrch", true);

user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");

user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=b472050d0000000000005c514f392ea3&q=");

user_pref("extensions.Softonic.dnsErr", true);

user_pref("extensions.Softonic.newTab", true);

user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=b472050d0000000000005c514f392ea3");

---- Lines conduit removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Conduit Search");

user_pref("browser.search.selectedEngine", "Conduit Search");

user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP4891B649-86E2-4

---- FireFox user.js and prefs.js backups ----

user_16-01-2014_1800_.backup

prefs_16-01-2014_1800_.backup

==== Deleting Files \ Folders ======================

C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk not found

C:\Users\C\AppData\Roaming\Intermediate deleted

C:\Users\C\AppData\Roaming\SSync deleted

C:\Users\C\AppData\Roaming\Common deleted

C:\ProgramData\Package Cache deleted

C:\Users\C\Downloads\SoftonicDownloader_voor_google-desktop.exe deleted

C:\Users\C\Downloads\SoftonicDownloader_voor_photofiltre.exe deleted

C:\Users\C\Downloads\SoftonicDownloader_voor_product-key-finder.exe deleted

C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default\searchplugins\conduit-search.xml deleted

C:\Users\C\AppData\Local\omesuperv.exe deleted

"C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default\extensions\om@offermosquito.com.xpi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [28-10-2013 21:41]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\ayqcbdhb.default

BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[18-12-2013 22:16]

omaonpoimgkmbllpdihbnmgphjoipdhf - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx[01-05-2012 21:45]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gbmdkmlcnbapgegninelmjbfibaghdmk - C:\Users\C\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito\ext_offermosquito.crx[]

Softonic Chrome Toolbar - C\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf

==== Chrome Fix ======================

C:\Users\C\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Bar"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=qycoPU_BOdyIvwyraMIEDqjOf7M?q={searchTerms}"

{99103325-58A0-4DB9-A9C4-CA5474A3A9D3} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB"

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\C\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\C\AppData\Local\Mozilla\Firefox\Profiles\ayqcbdhb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=110 folders=26 41735761 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\C\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\Users\C\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 16-01-2014 at 18:12:17,95 ======================

[kape]

En hoe staat het nu met de "vreemde melding" ?

[chrisv]

Hallo,

Probleem opgelost.

Heel erg dank.

chrisv

[kape]

Vergeet dan niet de gebruikte tools en nog wat restjes te verwijderen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.