Adware.generic5.TCP verwijderen

Hallo,

ik ben net nieuw dus ik heb geen idee waar ik deze discussie moest plaatsen, als het fout is alvast excuses.

Ik heb zojuist mijn laptop opgestart en kreeg direct een melding dat er een bedreiging was gedetecteerd. Het gaat om 16 bedreigingen met allemaal de naam adware.generic5.TCP. Wanneer AVG het probeert te verwijderen krijg ik een melding dat er zowel in AVG als in mijn internetbrowser iets fout is gegaan en dat ze hersteld worden. Vervolgens krijg ik een melding dat AVG is uitgeschakeld en wordt mijn browser opnieuw opgestart.

Kan iemand mij helpen?

Alvast bedankt.

Soraya

1. Download http://sourceforge.net/projects/hjt/files/2.0.4/'>HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> http://www.pc-helpforum.be/afbeeldingen/standaardteksten/HJTmap.jpg'>Klik hier)

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan http://www.pc-helpforum.be/f163/hoe-maak-ik-een-hijackthis-logje-36264/'>HIER.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:52:11, on 27-1-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe

C:\Users\Soraya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Users\Soraya\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - (no file)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [spotify] "C:\Users\Soraya\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Soraya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6908D9049F5BEFB881656372434FBDF3] "C:\Users\Soraya\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Soraya\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: FocalFilterHelper.lnk = C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe

O8 - Extra context menu item: Free YouTube Download - C:\Users\Soraya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Soraya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)

O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O20 - AppInit_DLLs: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Soraya\AppData\Local\CrossLoop\CrossLoopService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

O23 - Service: Peer Networking Identity (PeerNetIdSvc) - Unknown owner - C:\Windows\system32\prpgrsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SecureW2 Service (SW2SVC) - SecureW2 B.V. - C:\Program Files (x86)\SecureW2\sw2_service.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Soraya\AppData\Local\CrossLoop\tvnserver.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15086 bytes

Start HijackThis op en kies voor 'Do a system scan only'

Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - (no file)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)

O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)

Sluit alle vensters behalve HijackThis

Klik op 'Fix checked' om de items te verwijderen.

- - - Updated - - -

Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  startupall;
  filesrcm;
  emptyclsid; 
  Yontoo;f
  BrowserProtect;f
  

  
  

• Vink nu de onderstaande opties aan.
  
  • 
    
    
  • Firefox Look
    
  • Firefox Defaults
    
  • Standaard Search
    
  • Auto Clean
    
  • Running processes
    
  • Empty All Temp
    
  • IE Defaults
    
    

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Zoek.exe Version 4.0.0.1 Updated 26-January-2013

Tool run by Soraya on zo 27-01-2013 at 12:21:18,93.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\system32\conhost.exe

C:\Users\Soraya\AppData\Local\CrossLoop\CrossLoopService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\SecureW2\sw2_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Users\Soraya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\SecureW2\sw2_tray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Soraya\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Users\Soraya\Desktop\zoek.exe

C:\Users\Soraya\AppData\Local\Temp\RarSFX1\zoek.com

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\mshta.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5ECCB43A-5AD9-47A0-84E7-C778D07F73EC} deleted successfully

HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D31E3587-0010-463C-BB0B-F973C82BEA65} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully

HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

hijackthis

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"Yontoo" not found

"BrowserProtect" not found

"C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted

"C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\END" deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted

"C:\Program Files (x86)\BabylonToolbar" deleted

"C:\Program Files (x86)\Yontoo" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\Soraya\AppData\Roaming\BabSolution" deleted

"C:\Users\Soraya\AppData\Roaming\Babylon" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" not deleted

"C:\ProgramData\BrowserProtect" not deleted

"C:\ProgramData\Ask" deleted

"C:\ProgramData\Partner" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Trymedia" deleted

"C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted

"C:\Users\Soraya\AppData\Local\CRE" deleted

"C:\Users\Soraya\AppData\Local\Conduit" deleted

"C:\Users\Soraya\AppData\LocalLow\ShoppingReport2" deleted

"C:\Users\Soraya\AppData\LocalLow\AskToolbar" deleted

"C:\Users\Soraya\AppData\LocalLow\BabylonToolbar" deleted

"C:\Users\Soraya\AppData\LocalLow\PriceGong" deleted

"C:\Users\Soraya\AppData\LocalLow\Conduit" deleted

"C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc" deleted

"C:\ProgramData\BrowserProtect\2.5.986.67" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Internet Explorer: 9.0.8112.16421

Memory (RAM): 2999 MB

CPU Info: Intel® Core i3 CPU M 370 @ 2.40GHz

CPU Speed: 2436.2 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: ATI Mobility Radeon HD 5470 | ATI Mobility Radeon HD 5470 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: TAP-Win32 Adapter V9 | Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Broadcom NetLink Gigabit Ethernet

CD / DVD Drives: 2x (D: | E: | ) D: MATSHITADVD-RAM UJ890AS | E: DTSOFT BDROM

Ports: COM4 | COM3 LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C: 285.0GB

Hard Disks - Free: C: 180.1GB

Manufacturer *: Acer

BIOS Info: AT/AT COMPATIBLE | 08/24/10 | ACRSYS - 1

Time Zone: West-Europa (standaardtijd)

Motherboard *: Acer Aspire 5742G

Sun Java version: 1.6.0_37

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Soraya\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2013-01-20 17:13:40 EAF654E245E8F49270FAB7B7951ADC90 298 ----a-w- C:\Windows\Tasks\ROC_REG_JAN_DELETE.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-01-27 10:49:48 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-01-12 14:27:18 -------- d-----w- C:\Program Files (x86)\FocalFilter

======= C: =====

====== C:\Users\Soraya\AppData\Roaming ======

2013-01-12 14:30:55 -------- d-----w- C:\users\Soraya\AppData\Local\FocalFilter

2013-01-12 14:28:18 -------- d-----w- C:\users\Soraya\AppData\Roaming\FocalFilter

2013-01-12 14:26:06 -------- d-----w- C:\users\Soraya\AppData\Local\Downloaded Installations

====== C:\Users\Soraya ======

2013-01-20 17:13:39 -------- d-----w- C:\ProgramData\AVG January 2013 Campaign

2013-01-13 10:04:17 -------- d--h--w- C:\ProgramData\CanonBJ

====== C: exe-files ==

2013-01-25 19:08:40 DECB5673BC83C8F8A3BD751C402D7BB3 6464872 ----a-w- C:\Program Files (x86)\AVG\AVG2012\Notification\Launcher.exe

2013-01-25 19:08:40 A5C23F8E3F7C286840C147D5EF9C8BC1 6465256 ----a-w- C:\ProgramData\AVG2012\update\backup\Launcher.exe

2013-01-25 10:30:56 3644168EBD9967E2568ED3E723610B8E 177129 ------r- C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012u.exe

2013-01-25 10:30:23 21EB1F03CFB90011D40636C6A5916F1A 2769600 ----a-w- C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU69KPPZ\ib2012_win_setup.exe

2013-01-23 19:38:20 68B59B1AEF0DFC71005836216A29BB65 700768 ----a-w- C:\Users\Soraya\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.56\24.0.1312.56_24.0.1312.52_chrome_updater.exe

2013-01-20 19:29:54 19D66330EF48E9AA2A96727253892679 203264 ----a-w- C:\Users\Soraya\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

2013-01-20 19:29:18 2C5BA148BA7936D9BB6BB1F4945BA469 28539272 ----a-w- C:\Users\Soraya\AppData\Roaming\Dropbox\bin\Dropbox.exe

2013-01-20 17:15:00 F0876747D83C1067BD71DAAF9F59325F 1234000 ----a-w- C:\ProgramData\AVG January 2013 Campaign\ROC_JAN2013_AV.exe

2013-01-20 17:13:39 F0876747D83C1067BD71DAAF9F59325F 1234000 ----a-w- C:\ProgramData\AVG January 2013 Campaign\ROC.exe

2013-01-20 17:13:39 EE2C15CD4214E6F4CAF35B5381630603 157000 ----a-w- C:\ProgramData\AVG January 2013 Campaign\MachineIdCreator.exe

2013-01-20 17:13:39 AD6D792FA7A34A5E742ABAE1BE0DECBB 2940496 ----a-w- C:\ProgramData\AVG January 2013 Campaign\safeguard.exe

2013-01-20 17:13:39 98C96EB22B2C27C63DE7EA6D8E0387C9 16464 ----a-w- C:\ProgramData\AVG January 2013 Campaign\Setup.exe

2013-01-20 17:13:39 57D7D2CFB0C8B9ABE26DE6CDB868E257 2942544 ----a-w- C:\ProgramData\AVG January 2013 Campaign\avg.exe

=== C: other files ==

2013-01-25 11:58:06 D5BC51CC8AD284CE536C40CAB3F21B9B 810904 ----a-w- C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.14.40.128_0\plugins\ConduitChromeApiPlugin.dll

2013-01-25 11:58:06 99F97C9FE748C37528C338A423577FCB 163256 ----a-w- C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.14.40.128_0\plugins\np-mswmp.dll

2013-01-25 11:58:06 494DD3CA6AC5A88E083EF81ADC00869C 68504 ----a-w- C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.14.40.128_0\plugins\np-cwmp.dll

2013-01-23 17:28:55 5DAA634AF48F300075C261EF76979C5C 266704 ----a-w- C:\ProgramData\AVG2012\IDS\config\internalList.zip

2013-01-20 17:13:39 AAA7D53D228E76B4291AC61E987BB058 247808 ----a-w- C:\ProgramData\AVG January 2013 Campaign\avguidx.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4198021396-817496601-555373275-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background"

"Facebook Update"="C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

"Spotify"="C:\Users\Soraya\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"

"Spotify Web Helper"="C:\Users\Soraya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"GoogleChromeAutoLaunch_6908D9049F5BEFB881656372434FBDF3"="C:\Users\Soraya\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SecureW2 Tray"="C:\Program Files (x86)\SecureW2\sw2_tray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background"

"Facebook Update"="C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

"Spotify"="C:\Users\Soraya\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"

"Spotify Web Helper"="C:\Users\Soraya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"GoogleChromeAutoLaunch_6908D9049F5BEFB881656372434FBDF3"="C:\Users\Soraya\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"Google Update"="\"C:\\Users\\Soraya\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

"LG LinkAir"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Startup Folders ======================

2012-02-14 10:25:20 1059 ----a-w- C:\users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-01-12 14:27:19 1961 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FocalFilterHelper.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-01-2013 20:33]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-09-2012 21:54]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-09-2012 21:54]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198021396-817496601-555373275-1000UA.job --a------ C:=C:=C:\Users\Soraya\AppData\Local\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ C:\ProgramData\AVG January 2013 Campaign\ROC.exe [16-01-2013 17:07]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\0

- Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn11.crx[]

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[26-07-2012 02:23]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx[20-04-2012 05:18]

niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]

ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\Soraya\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[]

pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[06-12-2012 22:05]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Soraya\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[13-11-2012 22:17]

ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\Soraya\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[]

Google Drive - Soraya - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Soraya - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Soraya - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AVG Safe Search - Soraya - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Trackers on this page - Soraya - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Download All MP3 - Soraya - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

ECHO is off (uit). - Soraya - Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

BrowserProtect - Soraya - Default\Extensions\pgafcinpmmpklohkojmllohd****efph

Gmail - Soraya - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

"Default_Page_URL"="iGoogle Redirect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="iGoogle Redirect"

"Start Page"="iGoogle Redirect"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="iGoogle Redirect"

"Start Page"="iGoogle Redirect"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

HKCU\*\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Search the web (Babylon) Url="Babylon Search"

HKCU\*\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search"

HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O8 - Extra context menu item: Free YouTube Download - C:\Users\Soraya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Soraya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)

O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O20 - AppInit_DLLs: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Soraya\AppData\Local\CrossLoop\CrossLoopService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

O23 - Service: Peer Networking Identity (PeerNetIdSvc) - Unknown owner - C:\Windows\system32\prpgrsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SecureW2 Service (SW2SVC) - SecureW2 B.V. - C:\Program Files (x86)\SecureW2\sw2_service.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Soraya\AppData\Local\CrossLoop\tvnserver.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Soraya\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Soraya\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Soraya\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found

"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found

"C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\ProgramData\BrowserProtect" not found

Er is veel verwijderd, vertel even hoe het nu gaat aub.

AVG vind geen bedreigingen meer en wordt ook niet meer uitgeschakeld, dus ik denk dat het probleem verholpen is.

Bedankt voor de hulp!xD

Graag gedaan.

Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.

De volgende programma's en bijbehorende log bestanden mag je verwijderen.

• Zoek.exe
  
• HijackThis
  

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan

Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma.

• Handleiding Emsisoft Emergency Kit
  

Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen

Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.

• Hoe u de herstelpunten verwijderd leest u hier
  

3.) Wachtwoorden wijzigen

De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.

Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.

Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.

Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.

Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.

Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.

Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.

Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.

Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.