Ga naar inhoud

Vervelende pop ups met reclame / zowel met fire fox als G Chrome


Aanbevolen berichten

Nochtans staat er Avast as antivirus op, die tot nu toe altijd goed heeft gewerkt

Midden en een tekst staat er soms een woordje dat ondelijnd is. Komt men met de muis in de buurt heb je een vervelend pop up venstertje. Kan iemand me op een idee brengen?

Hier is het logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:45:59, on 3/04/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Brownie\brstswnd.exe

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\RelevantKnowledge\rlvknlg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: BBroowseu2save - {74998212-4978-399C-382B-E2097DD82A64} - C:\Documents and Settings\All Users\Application Data\BBroowseu2save\515c31cad2aae.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - Startup: Seagate NA410LWP Product Registration.lnk = C:\Documents and Settings\Administrator\Application Data\Leadertech\PowerRegister\Seagate NA410LWP Product Registration.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll

O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8113 bytes

Link naar reactie
Delen op andere sites

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    startupall;
    filesrcm;
    


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.


    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • Chrome Look
    • Reset Chrome
    • Shortcut Fix
    • IE Defaults
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.2 Updated 31-03-2013

Tool run by Administrator on wo 03/04/2013 at 20:03:01,54.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Brownie\brstswnd.exe

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\RelevantKnowledge\rlvknlg.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\zoek.exe

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Leawo Video Converter version 5.2.0.1

æTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Agfa ScanWise 1.60

Akamai NetSession Interface

avast Free Antivirus

BBroowseu2save

Bluetooth Stack for Windows by Toshiba

Broadcom ASF Management Applications

Broadcom Gigabit Integrated Controller

Broadcom Management Programs

Brother HL-2035

BrowseToSave 1.74

Canon Camera Access Library

Canon Camera Support Core Library

Canon G.726 WMP-Decoder

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

cdrtfe 1.2

DAEMON Tools Lite

dBpoweramp DSP Effects

dBpoweramp Music Converter

Dell Touchpad

DW WLAN Card Utility

Foxit Reader

Garmin USB Drivers

Garmin WebUpdater

Google Chrome

Google Earth Plug-in

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB954550-v5)

Intel® Graphics Media Accelerator Driver

K-Lite Codec Pack 8.7.0 (Basic)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Software Update for Web Folders (Dutch) 14

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 20.0 (x86 nl)

Mozilla Maintenance Service

MSVC90_x86

Nero

Nokia Connectivity Cable Driver

Nokia PC Suite

OpenOffice.org 3.4.1

PC Connectivity Solution

RelevantKnowledge

SigmaTel Audio

SkypeT 6.1

SmartGraph

VLC media player 2.0.5

WD Diagnostics

WebFldrs XP

Winamp

WinAVI All-in-One Converter

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)

Windows Media Format Runtime

Windows XP Service Pack 3

WinRAR archiver

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default

user.js not found

---- Lines agjhwp@tnzttgdsve.edu removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.2.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l42nb0k5.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\"},\"lsd7i@ebuyueyuo.co.uk\":{\"version\":\"3.8\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l42nb0k5.default\\\\extensions\\\\lsd7i@ebuyueyuo.co.uk\"},\"elemhidehelper@adblockplus.org\":{\"version\":\"1.2.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l42nb0k5.default\\\\extensions\\\\elemhidehelper@adblockplus.org.xpi\"},\"jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack\":{\"version\":\"0.2.5.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l42nb0k5.default\\\\extensions\\\\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi\"},\"agjhwp@tnzttgdsve.edu\":{\"version\":\"3.8\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l42nb0k5.default\\\\extensions\\\\agjhwp@tnzttgdsve.edu\"},\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"version\":\"1.0.0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\RelevantKnowledge\\\\firefox\"}}");

---- Lines agjhwp@tnzttgdsve.edu modified from prefs.js ----

---- Lines lsd7i@ebuyueyuo.co.uk removed from prefs.js ----

---- Lines lsd7i@ebuyueyuo.co.uk modified from prefs.js ----

---- Lines babylon removed from prefs.js ----

user_pref("extensions.514f0ae335081.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}catch(e){};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//cdncache-a.akamaihd.net/loaders/1063/l.js?aoi=1311798366&pid=1063&zoneid=15224';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol=='http:' && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='http://shpr.co/code/fsave/js/fs.js?subid=628&ex=35&uid=515b1fa43d6032.52142252';document.getElementsByTagName(\"head\")[0].appendChild(script);};if((window.self.location.protocol=='http:' || window.self.location.hostname.indexOf('ogle')>-1) && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=btos&userId=515b1fa43d6032.52142252&CTID=p628';document.getElementsByTagName(\"head\")[0].appendChild(script);};;if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer.parentNode.removeChild(c2soffer);})();");

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

---- Lines babylon modified from prefs.js ----

---- Lines SweetIM removed from prefs.js ----

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

---- Lines SweetIM modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20130304_2006_.backup

==== Deleting Files \ Folders ======================

"C:\Program Files\RelevantKnowledge\rlls.dll" deleted

"C:\Program Files\RelevantKnowledge\rlvknlg.exe" deleted

"C:\Documents and Settings\All Users\Application Data\BBroowseu2save" deleted

"C:\Documents and Settings\All Users\Application Data\BBrowosE22ssAve" deleted

"C:\Program Files\BrowseToSave" deleted

"C:\Program Files\RelevantKnowledge" not deleted

"C:\Documents and Settings\All Users\Application Data\InstallMate" deleted

"C:\Documents and Settings\All Users\Application Data\SoftSafe" deleted

"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle" deleted

"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default\extensions\agjhwp@tnzttgdsve.edu" deleted

"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default\extensions\lsd7i@ebuyueyuo.co.uk" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====

2013-03-24 13:40:46 AF7CE801C8471C5CD19B366333C153C4 275552 --s---r- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tsu85DA0000.dll

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

2013-04-01 18:31:11 BC4FBD78316552E23072D7024074C01B 830 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\Administrator\Application Data ======

====== C:\Documents and Settings\Administrator ======

2013-03-11 14:07:10 1364E2881968F93E27E924114210DEDD 400 --sha-r- C:\Documents and Settings\All Users\ntuser.pol

====== C: exe-files ==

2013-04-03 18:06:43 0966BAC73C96B7B055A9685FCF7EEE1E 11304288 ----a-w- C:\Program Files\Google\Update\Install\{ED162CFC-BA62-4CAF-9DFE-13B25583AD6C}\26.0.1410.43_25.0.1364.172_chrome_updater.exe

2013-04-03 18:06:43 0966BAC73C96B7B055A9685FCF7EEE1E 11304288 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.43\26.0.1410.43_25.0.1364.172_chrome_updater.exe

2013-04-03 13:08:02 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Documents and Settings\Administrator\Local Settings\Temp\{71215225-6B6A-48B8-AA53-2348AAC270D3}\x86\regsvr32.exe

2013-04-03 13:08:02 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Documents and Settings\Administrator\Local Settings\Temp\{71215225-6B6A-48B8-AA53-2348AAC270D3}\x64\regsvr32.exe

2013-04-03 13:07:51 38F61D046E575971ED83C4F71ACCD132 1531108 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KNQ8HMLI\search_defender_166[1].exe

2013-04-03 13:07:41 588E930DF8F2514A018480CCCDDEF96A 261580 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JFX3FPC0\515c31caeb0ac[1].exe

2013-04-03 12:58:44 1C9B83F6A2D1F414F0ACD28D75605607 115608 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

2013-04-01 18:29:19 23B8215A26CE95DC1E3AF7A4A4B7313D 15859416 ----a-w- C:\Documents and Settings\Administrator\My Documents\Downloads\fl32.exe

=== C: other files ==

2013-04-03 18:08:02 FF4DD97091B6AB5BE8E341F99BC93EAA 73170 ----a-w- C:\Program Files\RelevantKnowledge\rlcm.crx

2013-04-03 12:17:43 7786FC97A89C1DBEB678798C6E2497C1 42680 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JFX3FPC0\tvl-skin[1].zip

2013-03-31 08:20:37 51555013F2F820E6A20E991E754752D8 123385 ----a-w- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default\extensions\elemhidehelper@adblockplus.org.xpi

2013-03-29 16:02:01 C4CC3A6EEE403DCBA7EA2DEE48D8418C 58155 ----a-w- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default\extensions\clearConsole@penzil.com.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-73586283-2077806209-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

"Akamai NetSession Interface"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"Apoint"="C:\Program Files\DellTPad\Apoint.exe"

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe"

"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"

"SigmatelSysTrayApp"="%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

"Akamai NetSession Interface"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DTLite"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GrooveMonitor"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\OneNote 2007 Screen Clipper and Launcher.lnkStartup"

"command"="C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr"

"item"="OneNote 2007 Screen Clipper and Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]

"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk"

"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 3.4.1.lnkStartup"

"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "

"item"="OpenOffice.org 3.4.1"

==== Startup Folders ======================

2013-02-01 16:03:12 1341 ----a-w- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Seagate NA410LWP Product Registration.lnk

2012-12-17 10:52:56 1918 ----a-w- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

2012-12-17 11:13:00 715 ----a-w- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2013 23:12]

C:\WINDOWS\tasks\avast\Undertermined Task.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/01/2013 09:56]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/01/2013 09:56]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default

- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com

- Clear Console - %ProfilePath%\extensions\clearConsole@penzil.com.xpi

- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi

- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default

47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash

E64819B6014A93E2503BB52419A0F6F3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash

E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

E42BD47C42B9A23B11F6B34A694D59D3 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[31/10/2012 00:48]

mkndcbhcgphcfkkddanakjiepeknbgle - C:\Program Files\RelevantKnowledge\rlcm.crx[20/12/2012 23:38]

Docs - Administrator - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Administrator - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Administrator - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Administrator - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

BBroowseu2save - Administrator - Default\Extensions\gblkehimjjmfaallbllggcdaepmfmnph

BBrowosE22ssAve - Administrator - Default\Extensions\icddiapnjhbiamncmhddieaocogibmjg

20-20 3D Viewer for IKEA - Administrator - Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

Gmail - Administrator - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gblkehimjjmfaallbllggcdaepmfmnph deleted successfully

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icddiapnjhbiamncmhddieaocogibmjg deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\AV]

@="http://www.altavista.com/sites/search/web?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\FM]

@="http://www.filemirrors.com/search.src?file=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\GGL]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\MSKB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\MSN]

@="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.be/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{74998212-4978-399C-382B-E2097DD82A64} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74998212-4978-399C-382B-E2097DD82A64} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk - C:\WINDOWS\system32\calc.exe

C:\Documents and Settings\All Users\Start Menu\Programs\BBroowseu2save\BBroowseu2save.lnk -

C:\Documents and Settings\All Users\Start Menu\Programs\BBroowseu2save\Uninstall.lnk - C:\Documents and Settings\All Users\Application Data\BBroowseu2save\uninstall.exe /path=C:\Documents and Settings\All Users\Application Data\BBroowseu2save

C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk -

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk -

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk -

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk -

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk - C:\Program Files\RelevantKnowledge\rlvknlg.exe -prompt:"To uninstall RelevantKnowledge, go to Control Panel, and then to %22Add or Remove Programs%22,%0Aor %22Uninstall programs%22 if you are using Windows Vista. You can uninstall through the%0A%22RelevantKnowledge%22 item in the program list."

C:\Documents and Settings\All Users\Start Menu\Programs\SmartGraph\SmartGraph.lnk - C:\SmartGraph\SmartGraph.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDQNKLYF will be deleted at reboot

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O56VGLQN will be deleted at reboot

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QT3O14RM will be deleted at reboot

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\l42nb0k5.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Program Files\RelevantKnowledge" not found

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDQNKLYF" not found

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O56VGLQN" not found

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QT3O14RM" not found

Link naar reactie
Delen op andere sites

Na snel een paar sites gecontroleerd te hebben lijkt alles terug normaal...?

IK kan het nog niet geloven - alvast bedankt maar hier is het logje

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:45:38, on 3/04/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - Startup: Seagate NA410LWP Product Registration.lnk = C:\Documents and Settings\Administrator\Application Data\Leadertech\PowerRegister\Seagate NA410LWP Product Registration.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll

O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7875 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll

O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

BrowseToSave is de voornaamste oorzaak van deze besmetting.

Je mag zoek.exe verwijderen van je bureaublad.

Download AdwCleaner by Xplode naar je bureaublad.

A3qkP9RCEAAOZhQ.jpg

Sluit alle openstaande vensters.

  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.