Malware

[Custard]

Vraagje.... sinds de vorige scan met zoek.exe valt geregeld mijn scherm uit voor 1 à 2 seconden, is dat normaal?

[Custard]

Zoek.exe v5.0.0.0 Updated 15-February-2014

Tool run by Jrgen - Nancy on zo 16/02/2014 at 21:37:40,80.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\JRGEN-~1\Documents\Jürgen\Software\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-08-145037.log 49462 bytes

C:\zoek-results2013-11-09-095449.log 4972 bytes

C:\zoek-results2014-02-11-124341.log 23581 bytes

C:\zoek-results2014-02-12-165952.log 1330 bytes

C:\zoek-results2014-02-14-211653.log 30476 bytes

C:\zoek-results2014-02-15-111652.log 1089 bytes

C:\zoek-results2014-02-16-132146.log 32453 bytes

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mobilegeni daemon"=-

[HKEY_USERS\S-1-5-21-3597228709-2799698942-2323137413-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

"zulagames@ZulaGames.com"=-

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"zulagames@ZulaGames.com"=-

==== Deleting Files \ Folders ======================

C:\Windows\SysNative\tasks\{04902170-FAB5-4221-8A26-C54A801ABD8B} deleted

C:\Windows\SysNative\tasks\{0D9410E3-651B-44B0-8114-B1377C2F8A68} deleted

C:\Windows\SysNative\tasks\{4E3895D7-2AF7-44DD-AED7-96601D575516} deleted

C:\Windows\SysNative\tasks\{72C2AD64-B6BB-4F2E-A5F0-F81C82E6A407} deleted

C:\Windows\SysNative\tasks\{7C6507C9-154F-4F31-A85D-9C15CB592043} deleted

C:\Windows\SysNative\tasks\{B978FA62-FCE5-419F-ACE6-7EA92A7F51EE} deleted

C:\Windows\SysNative\tasks\{F9536317-D79F-46A0-97DF-FB1ED69CF44F} deleted

C:\Users\Jrgen - Nancy\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Flux.lnk" deleted

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\zulagames@ZulaGames.com deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=693 folders=145 284276045 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Users\JRGEN-~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EMRE3Z6S" not found

"C:\Users\JRGEN-~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB2WS2AB" not found

"C:\Users\JRGEN-~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KRUI1537" not found

"C:\Users\JRGEN-~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6GEAKNY" not found

==== EOF on zo 16/02/2014 at 21:47:37,87 ======================

[kape]

Vraagje.... sinds de vorige scan met zoek.exe valt geregeld mijn scherm uit voor 1 à 2 seconden, is dat normaal?

Dat is vreemd ... er is geen enkele ingreep gebeurd waarbij iets i.v.m. het scherm is verwijderd

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[Custard]

# AdwCleaner v3.018 - Report created 17/02/2014 at 12:20:02

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jürgen - Nancy - JÜRGEN-NANCY-PC

# Running from : C:\Users\Jürgen - Nancy\Downloads\!TE DOEN\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jürgen - Nancy\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\Jürgen - Nancy\AppData\Roaming\goforfiles

Folder Deleted : C:\Users\Jürgen - Nancy\AppData\Roaming\Industriya

File Deleted : C:\Users\Jürgen - Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js

File Deleted : C:\Users\Jürgen - Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Jürgen - Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Jürgen - Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Jürgen - Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Jürgen - Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr

Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKCU\Software\53edbdde06de546

Key Deleted : HKLM\SOFTWARE\53edbdde06de546

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader23974[1]_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader23974[1]_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_revealer-keylogger_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_revealer-keylogger_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_fences_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_fences_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-mp3-cutter-and-editor_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-mp3-cutter-and-editor_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-youtube-downloader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_free-youtube-downloader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A7C4DE54-D7A3-44DF-9C9D-26E08177C6FF}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\PrivitizeVPNInstallDates

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\videosaver

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\Vittalia

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v

[ File : C:\Users\Jürgen - Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Users\Jürgen - Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

*************************

AdwCleaner[R0].txt - [10535 octets] - [17/02/2014 10:19:45]

AdwCleaner[s0].txt - [9633 octets] - [17/02/2014 12:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9693 octets] ##########

[kape]

Weer een berg rotzooi verwijderd. Hoe gedraagt de PC zich nu ?

[Custard]

Het lijkt....opgelost google staat fier als startpagina!!!

Enkel nog een kleine vraag. Hoe verwijder ik het hardnekkige stof en vuil uit mijn pc? Er zijn bepaalde plekken waar ik moeilijk durf aankomen zowel met air-spray of een doekje. Dat kleine ventilatortje midden in de pc zit vast op een printplaat en daar zit enorm veel vuil rond en in. Ik durf er niet aankomen. Of is het misschien beter dat ik dat onder een ander onderwerp zet hier op het forum? In elk geval bedankt bedankt bedankt:shakehands: om dit probleem op te lossen.

[kape]

Om het stof te verwijderen uit een PC hebben we HIER een degelijke handleiding.

Verder moet je ook nog de gebruikte tools en nog wat overblijvende restjes verwijderen.

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”.

Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”.

Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[Custard]

Alles is probleemloos verlopen. Clean!!!!!

Vriendelijk bedankt om me te helpen met dit probleem. Alvast en een :alberteinstein:gewenst

Over and out.