Previous Topic Next Topic

Ads by GetPrivate virus

Solved/Closed
Annelien - Aug 21, 2015 at 05:27 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Sep 2, 2015 at 05:27 PM
Hello, I am having a little trouble on my browsers. I have both Chrome and Internet Explorer and on sites that doesn't start with https://, I get advertisements. My browsers are very slow, get stuck all the time and all over the screen are words in blue and with a line under, as if it was a hyperlink. After a couple of minutes, I am redirected to a new site with advertisements, and on the top of the screen is a label with 'Ads by Getprivate'. I have tried to remove it. I used about 5 of the guides when you type in 'remove getprivate virus' on google. Most of them work for a day, or even a couple of days, but it keeps coming back. What can I do? I have run ZHPDiag and this is the LOG file:[code]http://speedy.sh/XKZTa/ZHPDiag.txt/code. Can someone please help me?



Related:

8 responses

Answer 1 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 21, 2015 at 05:50 PM
Hello

First try this

Download and run this tool:

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

Let me know
0
Annelien
Aug 21, 2015 at 06:15 PM
I have tried that One already, followed up by malwarebytes, hitmanpro and a total reset of my browsers. This is the best working method, but it still only works for two or three days. If you want, I will run it again and give you the log.
0
Answer 2 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 22, 2015 at 04:58 AM
Hello

Download ZHP Cleaner and run it (no installation necessary)

https://nicolascoolman.eu

Click on "scanner" the on the brush to clean

Let me know
0
Annelien
Aug 25, 2015 at 04:28 PM
I have tried ZHP Scanner and did the repair. The virus is gone for now, but it's still possible it will be coming back.
This was the logfile:
~ ZHPCleaner v2015.8.23.330 by Nicolas Coolman (2015/08/23)
~ Run by Annelien (Administrator) (25/08/2015 22:25:56)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Geen netwerk bestand
~ Type : Reparatie
~ Report : C:\Users\Annelien\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Annelien\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ Geen schadelijk of onnodig element gevonden.


---\\ Browser internet (1)
VERVANGEN Opera URL: http://search.imesh.net =>PUP.Optional.iMesh


---\\ Hosts file (1)
~ The hosts file is rechtmatig (21)


---\\ Scheduled automatic tasks. (0)
~ Geen schadelijk of onnodig element gevonden.


---\\ Explorer ( Bestand, Map) (68)
VERPLAATST bestand: C:\Windows\Prefetch\PRIVOXY.EXE-C4C6BA9E.pf =>PUP.Optional.Privoxy
VERPLAATST map: C:\Users\Annelien\Music\BearShare =>PUP.Optional.BearShare
VERPLAATST map: C:\Users\Annelien\AppData\Local\{05916B72-F7BC-4410-A032-C9F8B72F2090} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{06EE9B40-2B06-4FBF-9AA9-A353DF94AC39} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{08C0010A-BF86-447B-9B28-669844FB90CD} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{0D0F6B2D-77B5-46A0-BBEA-92884ACAFC8B} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{11F05A49-4ACA-46A2-B6AF-400002418C2C} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{120966D5-D42A-4784-86E6-6FC411BD05C8} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{1638BD9E-747A-4828-A52D-AE1B77755275} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{163BF354-1F82-421E-BC76-129DE0F9B972} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{1D887CCB-F848-4D98-A155-E9E984284FC8} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{20564481-8766-4FF8-9F78-6ADF365AE463} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{226F9B9F-674E-4D76-A7F0-09DFCD097215} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{2832D23D-A0E8-4F8F-A6BA-7DB30625A4E3} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{2CCD5F82-C694-4F95-AC57-5CAC0209FD33} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{31CC5E8F-F831-4C70-919F-28F2236AB614} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{3948A5BE-1BEC-402C-AE9A-722910ACC55D} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{445D91B0-06D6-4293-A29E-82D93E66269F} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{448D58F8-7AA1-4A34-B5D3-F7945E3F5489} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{4AE3B620-46E8-48EF-B2CF-857BD336371B} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{4B381DF7-5306-40EF-8683-88909F2238C8} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5093DCD1-8DEC-4DD2-BBE4-109B0AEE0DD4} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{518D0427-2C5D-4270-B92B-C2460FAB2F98} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{57EEB5ED-68B9-4371-AF5B-20AFF666AA84} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5A52C741-F9C0-4344-B2BA-64B4D8924BB1} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5AA022A0-322A-4B5D-B99A-9F26073486D9} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5BCCEDD1-8769-4DC3-B52A-D6C3A6C3CD23} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5DC4249B-BC0E-449F-8C89-5A4EFDD37185} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5E8A9300-813C-44A7-9004-BE600075C792} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{607F83C0-8481-4EE6-8CD3-E86ABADA8654} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{676CF51B-8BAB-47E9-AC98-3D06BB03E59D} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{69920411-3407-463C-B89D-4E4ACDE6A2C2} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6B91AD53-7963-495A-9888-02927B740ACD} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6EAD8871-291C-4386-9E7E-F22E3B786C77} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6F9F5EA9-C4D2-456B-BB94-DD825572A055} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{704B1F4E-46B2-49FA-8457-AC18F1699672} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{711402E8-77C9-4AB3-B5E1-F5A54388662E} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{73A51C72-8BD6-41FD-AD80-545E5235957F} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{776C9B24-0D30-4B51-861D-ADDC4B2E9E1C} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{7BC502DF-C282-4FE2-843C-92DAEAA3D69D} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{8AD01D74-9241-4508-BD05-C004C54512FE} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{8F107945-71B8-4419-9DC6-178B8970BFA7} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{9E1004A0-4C45-4DED-B85C-057FCEF3AFCF} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0BC7A8C-6B48-4FCB-9369-F41AC98CCBCE} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0CE1F97-2C57-46EF-8670-462C09507276} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A3352671-EC58-40DD-94D6-F7B02BF12A8D} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A42F9ABA-82D3-4623-B073-3B9D3B84C510} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A6B9889E-0984-4D36-9636-90EEBFB0D859} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A8DD99FF-4629-45E3-864B-2AE20D07A1FA} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{AA48FA51-8D6D-4114-BD89-123AA2AF07D4} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{ADADACD3-6FC3-4B59-8960-7570BF9102F2} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{B0CE1B82-5D3B-4330-850F-FE5C3CC8BC33} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{B672DAF3-30BE-4152-85B1-191D6463A05C} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{BD96CE0C-3AEE-4C5B-A421-2CEC5BC37200} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{C52AE97E-0170-460F-84FE-479FDA11B3F2} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{CA7BDAB4-A001-4934-960B-129BEDECBF18} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D31CDD58-1DA5-40A8-8E31-85BE617D3504} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D54DB17D-CA65-41F9-92DB-F2A3D8246218} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D6FC4B3E-5E73-433F-9A40-6CFF1D55D25A} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D9D5F712-F228-4074-B5DC-92F6AA1774EA} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{E1A52E89-F0BF-460A-A267-9C7968D0551C} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{E7E953C3-08AD-4058-9B97-B8A2B9A416C2} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{EB112B8B-4F12-4CA2-A827-33C416963DFC} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{EE483B2E-71D7-4E2F-9285-E4B4B608FB1E} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{F412E1D7-5C2B-4568-B27E-68B911436E0A} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{F7A96BCA-D835-4010-91FD-8AA65285A345} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{FBADB61E-DCFD-4D0E-8637-7F37BE935E11} =>Empty
VERPLAATST map: C:\Users\Annelien\AppData\Local\{FF626912-4310-41E4-9B10-61A4294F19C4} =>Empty


---\\ Register ( Sleutel, Waarde, Data) (10)
VERWIJDERD data: [X64] HKLM\SOFTWARE\Classes\Opera.HTML\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files\Opera x64\Opera.exe" "%1"] =>Broken.OpenCommand
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\BearShare [\CreativesFiles\] =>PUP.Optional.BearShare
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\Torch.torrent [] =>PUP.Optional.Torch
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\TorchFlvPlayer.flv [] =>PUP.Optional.Torch
VERWIJDERD sleutel: HKCU\Software\BearShare [\CreativesFiles\] =>PUP.Optional.BearShare
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Torch.torrent [] =>PUP.Optional.Torch
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\TorchFlvPlayer.flv [] =>PUP.Optional.Torch
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShareV9nl[1].exe [] =>PUP.Optional.BearShare
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShare_V9_nl_Setup.exe [] =>PUP.Optional.BearShare
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask


---\\Resultaat van reparaties
~ Reparatie succesvol uitgevoerd


---\\Statistics
~ Items gescand : 969
~ Items gevonden : 0
~ Items gecancelled : 0
~ Items gerepareerd : 79


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-25082015-22_26_31.txt
ZHPCleaner-[S]-25082015-22_05_47.txt
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169 > Annelien
Aug 26, 2015 at 04:29 AM
Yes, the virus may come back if you are not careful of what you download on internet on Torrent and peer to peer sites which are often infested with viruses.
0
Annelien > Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023
Aug 30, 2015 at 11:19 AM
I have not downloaded anything the past few days, yet the virus has come back. This is about the seventh time I can delete it and after a few days it is back without downloading anything. What can I do?
0
Answer 3 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 30, 2015 at 04:58 PM
Stand by I will give you precise instructions.
0
Annelien
Aug 30, 2015 at 05:00 PM
Okey, thank you
0
Answer 4 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 30, 2015 at 05:13 PM
Here are the instructions in five (5) simple steps

ZHP Diag created an icon on your desktop called ZHP Fix. If you do not have the ZHP Fix, download it here:

https://nicolascoolman.eu

1. Click right and run as administrator.

2.Copy the following lines in bold:

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
VERVANGEN Opera URL: http://search.imesh.net
VERPLAATST bestand: C:\Windows\Prefetch\PRIVOXY.EXE-C4C6BA9E.pf
VERPLAATST map: C:\Users\Annelien\Music\BearShare
VERPLAATST map: C:\Users\Annelien\AppData\Local\{05916B72-F7BC-4410-A032-C9F8B72F2090}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{06EE9B40-2B06-4FBF-9AA9-A353DF94AC39}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{08C0010A-BF86-447B-9B28-669844FB90CD}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{0D0F6B2D-77B5-46A0-BBEA-92884ACAFC8B}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{11F05A49-4ACA-46A2-B6AF-400002418C2C}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{120966D5-D42A-4784-86E6-6FC411BD05C8}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{1638BD9E-747A-4828-A52D-AE1B77755275}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{163BF354-1F82-421E-BC76-129DE0F9B972}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{1D887CCB-F848-4D98-A155-E9E984284FC8}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{20564481-8766-4FF8-9F78-6ADF365AE463}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{226F9B9F-674E-4D76-A7F0-09DFCD097215}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{2832D23D-A0E8-4F8F-A6BA-7DB30625A4E3}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{2CCD5F82-C694-4F95-AC57-5CAC0209FD33}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{31CC5E8F-F831-4C70-919F-28F2236AB614}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{3948A5BE-1BEC-402C-AE9A-722910ACC55D}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{445D91B0-06D6-4293-A29E-82D93E66269F}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{448D58F8-7AA1-4A34-B5D3-F7945E3F5489}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{4AE3B620-46E8-48EF-B2CF-857BD336371B}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{4B381DF7-5306-40EF-8683-88909F2238C8}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5093DCD1-8DEC-4DD2-BBE4-109B0AEE0DD4}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{518D0427-2C5D-4270-B92B-C2460FAB2F98}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{57EEB5ED-68B9-4371-AF5B-20AFF666AA84}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5A52C741-F9C0-4344-B2BA-64B4D8924BB1}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5AA022A0-322A-4B5D-B99A-9F26073486D9}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5BCCEDD1-8769-4DC3-B52A-D6C3A6C3CD23}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5DC4249B-BC0E-449F-8C89-5A4EFDD37185}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{5E8A9300-813C-44A7-9004-BE600075C792}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{607F83C0-8481-4EE6-8CD3-E86ABADA8654}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{676CF51B-8BAB-47E9-AC98-3D06BB03E59D}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{69920411-3407-463C-B89D-4E4ACDE6A2C2}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6B91AD53-7963-495A-9888-02927B740ACD}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6EAD8871-291C-4386-9E7E-F22E3B786C77}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{6F9F5EA9-C4D2-456B-BB94-DD825572A055}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{704B1F4E-46B2-49FA-8457-AC18F1699672}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{711402E8-77C9-4AB3-B5E1-F5A54388662E}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{73A51C72-8BD6-41FD-AD80-545E5235957F}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{776C9B24-0D30-4B51-861D-ADDC4B2E9E1C}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{7BC502DF-C282-4FE2-843C-92DAEAA3D69D}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{8AD01D74-9241-4508-BD05-C004C54512FE}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{8F107945-71B8-4419-9DC6-178B8970BFA7}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{9E1004A0-4C45-4DED-B85C-057FCEF3AFCF}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0BC7A8C-6B48-4FCB-9369-F41AC98CCBCE}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0CE1F97-2C57-46EF-8670-462C09507276}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A3352671-EC58-40DD-94D6-F7B02BF12A8D}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A42F9ABA-82D3-4623-B073-3B9D3B84C510}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A6B9889E-0984-4D36-9636-90EEBFB0D859}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{A8DD99FF-4629-45E3-864B-2AE20D07A1FA}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{AA48FA51-8D6D-4114-BD89-123AA2AF07D4}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{ADADACD3-6FC3-4B59-8960-7570BF9102F2}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{B0CE1B82-5D3B-4330-850F-FE5C3CC8BC33}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{B672DAF3-30BE-4152-85B1-191D6463A05C}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{BD96CE0C-3AEE-4C5B-A421-2CEC5BC37200}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{C52AE97E-0170-460F-84FE-479FDA11B3F2}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{CA7BDAB4-A001-4934-960B-129BEDECBF18}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D31CDD58-1DA5-40A8-8E31-85BE617D3504}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D54DB17D-CA65-41F9-92DB-F2A3D8246218}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D6FC4B3E-5E73-433F-9A40-6CFF1D55D25A}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{D9D5F712-F228-4074-B5DC-92F6AA1774EA}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{E1A52E89-F0BF-460A-A267-9C7968D0551C}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{E7E953C3-08AD-4058-9B97-B8A2B9A416C2}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{EB112B8B-4F12-4CA2-A827-33C416963DFC}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{EE483B2E-71D7-4E2F-9285-E4B4B608FB1E}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{F412E1D7-5C2B-4568-B27E-68B911436E0A}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{F7A96BCA-D835-4010-91FD-8AA65285A345}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{FBADB61E-DCFD-4D0E-8637-7F37BE935E11}
VERPLAATST map: C:\Users\Annelien\AppData\Local\{FF626912-4310-41E4-9B10-61A4294F19C4}
VERWIJDERD data: [X64] HKLM\SOFTWARE\Classes\Opera.HTML\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files\Opera x64\Opera.exe" "%1"]
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\BearShare [\CreativesFiles\]
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\Torch.torrent []
VERWIJDERD sleutel*: HKEY_USERS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\TorchFlvPlayer.flv []
VERWIJDERD sleutel: HKCU\Software\BearShare [\CreativesFiles\]
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Torch.torrent []
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\TorchFlvPlayer.flv []
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShareV9nl[1].exe []
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShare_V9_nl_Setup.exe []

3. Go to ZHP Fix and click on Import...the above lines will be pasted

4. Click on GO

5. A report will be generated. Post it here.

Let me know how your system performs

P.S. I suggest you never go on BearShare again
0
Annelien
Aug 30, 2015 at 06:00 PM
I have tried to answer on my pc multiple times, but the answer won't come online. My pc is still very slow and I still get the hyperlinks and redirections to advertisements. I'm sending this on my phone, so I can't send you the report... Is there anything I should be looking for?
0
Annelien
Aug 30, 2015 at 06:01 PM
Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Annelien at 30/08/2015 23:22:11
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Papierkorb geleert (00mn 10s)
Prefetcher geleert

========== Die Registrierungswerte ==========
ABWESENDE-Wert Standardprofil: FirewallRaz :
ABWESENDE-Wert Domänenprofil: FirewallRaz :
ENTFERNT: FirewallRaz (Private) : {242D2128-E59D-48CD-8E4D-D869B4BA457F}
ENTFERNT: FirewallRaz (Private) : {1AB002B3-312B-4462-96CF-25035C49655D}
ENTFERNT: FirewallRaz (Public) : TCP Query User{2CBE0B8B-87A5-4E04-B062-D499440DDF62}C:\program files (x86)\opera\opera.exe
ENTFERNT: FirewallRaz (Public) : UDP Query User{2B8F5D15-7FE5-416D-99A2-23C6C601C646}C:\program files (x86)\opera\opera.exe
ENTFERNT: FirewallRaz (None) : {58787B4B-5447-4EFF-A1EB-5087E33118CF}
ENTFERNT: FirewallRaz (Domain) : {B74528A1-40FA-4E6D-950B-3779D8CEF1FB}
ENTFERNT: FirewallRaz (Domain) : {2D6ED081-E8C1-458B-BD1A-E91D28B75CC9}
ENTFERNT: FirewallRaz (Private) : TCP Query User{C4309E5B-3D04-4200-A2FA-BD56BC627E85}C:\program files (x86)\imesh applications\imesh\imesh.exe
ENTFERNT: FirewallRaz (Private) : UDP Query User{D6250756-4B6F-4E34-885C-9F248595251E}C:\program files (x86)\imesh applications\imesh\imesh.exe
ENTFERNT: FirewallRaz (Private) : {3D14A039-262D-4F7D-8D55-01919469AD47}
ENTFERNT: FirewallRaz (Private) : {C331C2F0-4FBD-41F3-972E-D10C3F9CDFE3}
ENTFERNT: FirewallRaz (Public) : TCP Query User{B27E79E1-B77E-4057-9EB1-1BC1A99D4578}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
ENTFERNT: FirewallRaz (Public) : UDP Query User{32FB3AF4-C5D9-407B-812C-C06FF11D4D6A}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
ENTFERNT: FirewallRaz (Public) : TCP Query User{5DA2D0F7-C087-4547-98E9-3F12ECDEEC93}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
ENTFERNT: FirewallRaz (Public) : UDP Query User{D9F56E33-967E-46FB-A123-6D86FA1D60DD}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
ENTFERNT: FirewallRaz (Private) : TCP Query User{C5C18608-197D-4FE7-898D-26E95594E5AF}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
ENTFERNT: FirewallRaz (Private) : UDP Query User{9455B335-8458-4312-B98C-05ABB99816BB}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
ENTFERNT: FirewallRaz (Private) : TCP Query User{4519A783-9D0C-415B-AEE6-E90A9EF9481A}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
ENTFERNT: FirewallRaz (Private) : UDP Query User{00205D8D-B2C7-43C4-9994-FE3B825AD881}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
ENTFERNT: FirewallRaz (Private) : {E88EC4AD-B5D7-421C-80F2-EE0D468E09A2}
ENTFERNT: FirewallRaz (Private) : {916C86D3-3BFD-4583-AFD5-C2445F0D61CF}
ENTFERNT: FirewallRaz (Private) : {C545B636-327C-416F-AFD1-7776C5CD2438}
ENTFERNT: FirewallRaz (Private) : {26CFF15B-A9D8-43E0-9943-90A52F9337D3}
ENTFERNT: FirewallRaz (Private) : {2D896383-0932-4231-B82B-3AC0E2F251E0}
ENTFERNT: FirewallRaz (Private) : {E8FB6FF5-6D73-4267-8495-DF49D2F4F0C3}

========== Ordner ==========
Löscht temporäre Windows (151)
Flash-Cookies entfernt (0)

========== Dateien ==========
Löscht temporäre Windows (4404) (807.473.563 octets)
Flash-Cookies entfernt (0) (0 octets)

========== Andere ==========
VERTRAG VERVANGEN Opera URL: http://search.imesh.net
VERTRAG VERPLAATST bestand: C: WINDOWS\Prefetch\PRIVOXY.EXE-C4C6BA9E.pf
VERTRAG VERPLAATST map: C:\Users\Annelien\Music\BearShare
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{05916B72-F7BC-4410-A032-C9F8B72F2090}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{06EE9B40-2B06-4FBF-9AA9-A353DF94AC39}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{08C0010A-BF86-447B-9B28-669844FB90CD}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{0D0F6B2D-77B5-46A0-BBEA-92884ACAFC8B}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{11F05A49-4ACA-46A2-B6AF-400002418C2C}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{120966D5-D42A-4784-86E6-6FC411BD05C8}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{1638BD9E-747A-4828-A52D-AE1B77755275}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{163BF354-1F82-421E-BC76-129DE0F9B972}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{1D887CCB-F848-4D98-A155-E9E984284FC8}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{20564481-8766-4FF8-9F78-6ADF365AE463}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{226F9B9F-674E-4D76-A7F0-09DFCD097215}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{2832D23D-A0E8-4F8F-A6BA-7DB30625A4E3}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{2CCD5F82-C694-4F95-AC57-5CAC0209FD33}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{31CC5E8F-F831-4C70-919F-28F2236AB614}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{3948A5BE-1BEC-402C-AE9A-722910ACC55D}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{445D91B0-06D6-4293-A29E-82D93E66269F}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{448D58F8-7AA1-4A34-B5D3-F7945E3F5489}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{4AE3B620-46E8-48EF-B2CF-857BD336371B}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{4B381DF7-5306-40EF-8683-88909F2238C8}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5093DCD1-8DEC-4DD2-BBE4-109B0AEE0DD4}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{518D0427-2C5D-4270-B92B-C2460FAB2F98}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{57EEB5ED-68B9-4371-AF5B-20AFF666AA84}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5A52C741-F9C0-4344-B2BA-64B4D8924BB1}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5AA022A0-322A-4B5D-B99A-9F26073486D9}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5BCCEDD1-8769-4DC3-B52A-D6C3A6C3CD23}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5DC4249B-BC0E-449F-8C89-5A4EFDD37185}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{5E8A9300-813C-44A7-9004-BE600075C792}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{607F83C0-8481-4EE6-8CD3-E86ABADA8654}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{676CF51B-8BAB-47E9-AC98-3D06BB03E59D}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{69920411-3407-463C-B89D-4E4ACDE6A2C2}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{6B91AD53-7963-495A-9888-02927B740ACD}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{6EAD8871-291C-4386-9E7E-F22E3B786C77}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{6F9F5EA9-C4D2-456B-BB94-DD825572A055}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{704B1F4E-46B2-49FA-8457-AC18F1699672}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{711402E8-77C9-4AB3-B5E1-F5A54388662E}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{73A51C72-8BD6-41FD-AD80-545E5235957F}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{776C9B24-0D30-4B51-861D-ADDC4B2E9E1C}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{7BC502DF-C282-4FE2-843C-92DAEAA3D69D}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{8AD01D74-9241-4508-BD05-C004C54512FE}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{8F107945-71B8-4419-9DC6-178B8970BFA7}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{9E1004A0-4C45-4DED-B85C-057FCEF3AFCF}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0BC7A8C-6B48-4FCB-9369-F41AC98CCBCE}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A0CE1F97-2C57-46EF-8670-462C09507276}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A3352671-EC58-40DD-94D6-F7B02BF12A8D}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A42F9ABA-82D3-4623-B073-3B9D3B84C510}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A6B9889E-0984-4D36-9636-90EEBFB0D859}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{A8DD99FF-4629-45E3-864B-2AE20D07A1FA}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{AA48FA51-8D6D-4114-BD89-123AA2AF07D4}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{ADADACD3-6FC3-4B59-8960-7570BF9102F2}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{B0CE1B82-5D3B-4330-850F-FE5C3CC8BC33}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{B672DAF3-30BE-4152-85B1-191D6463A05C}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{BD96CE0C-3AEE-4C5B-A421-2CEC5BC37200}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{C52AE97E-0170-460F-84FE-479FDA11B3F2}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{CA7BDAB4-A001-4934-960B-129BEDECBF18}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{D31CDD58-1DA5-40A8-8E31-85BE617D3504}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{D54DB17D-CA65-41F9-92DB-F2A3D8246218}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{D6FC4B3E-5E73-433F-9A40-6CFF1D55D25A}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{D9D5F712-F228-4074-B5DC-92F6AA1774EA}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{E1A52E89-F0BF-460A-A267-9C7968D0551C}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{E7E953C3-08AD-4058-9B97-B8A2B9A416C2}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{EB112B8B-4F12-4CA2-A827-33C416963DFC}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{EE483B2E-71D7-4E2F-9285-E4B4B608FB1E}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{F412E1D7-5C2B-4568-B27E-68B911436E0A}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{F7A96BCA-D835-4010-91FD-8AA65285A345}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{FBADB61E-DCFD-4D0E-8637-7F37BE935E11}
VERTRAG VERPLAATST map: C:\Users\Annelien\AppData\Local\{FF626912-4310-41E4-9B10-61A4294F19C4}
VERTRAG VERWIJDERD data: X64] HKLM SOFTWARE\Classes\Opera.HTML\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files\Opera X64\Opera.exe" "%1"]
VERTRAG VERWIJDERD sleutel*: HKUS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\BearShare [\CreativesFiles\]
VERTRAG VERWIJDERD sleutel*: HKUS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\Torch.torrent []
VERTRAG VERWIJDERD sleutel*: HKUS\S-1-5-21-463067613-4142291729-2834068113-1001\Software\Classes\TorchFlvPlayer.flv []
VERTRAG VERWIJDERD sleutel: HKCU\Software\BearShare [\CreativesFiles\]
VERTRAG VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Torch.torrent []
VERTRAG VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\TorchFlvPlayer.flv []
VERTRAG VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShareV9nl[1].exe []
VERTRAG VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Classes\Applications\BearShare_V9_nl_Setup.exe []


========== Zusammenfassung ==========
27 : Die Registrierungswerte
2 : Ordner
2 : Dateien
78 : Andere


End of clean in 00mn 36s

========== Pfad zu Datei-Bericht ==========
C:\Users\Annelien\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/08/2015 23:22:23 [11305]
0
Annelien
Aug 30, 2015 at 06:10 PM
https://docs.google.com/document/d/1w4udbATQrWL1Q1fQfYDrPigyL49t9-iTUOVLCUXsdes/mobilebasic

This is the link to a google drive doc with the report file in it, if everything is correct
0

Didn't find the answer you are looking for?

Ask a question
Answer 5 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 30, 2015 at 06:30 PM
Hi

Dont' worry if your reports don't appear when you paste them on this thread. I can see them.

I noticed that you do not have any antivirus software on your machine. You are looking for and will get into trouble. There are many which are free on CCM's download section, AVG and Avast are the most most popular. Install one of them but only one.

https://ccm.net/download/s/antivirus

Next, I need another ZHP Diag report, but this time a full one as the previous was only partial.

Follow these instructions to the letter for a full report, step 5 and others in bold:

1. Open this link and download ZHPDiag2 :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.


4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on Full.

Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

http://www.speedyshare.com/

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.

I shall get back to you tomorrow.

Best regards

Ambucias

Moderator, Virus/security
0
Annelien
Aug 31, 2015 at 11:58 AM
It's strange that you say I have no anti virus, because I had Microsoft Essentials Security. Just to be sure the problem isn't a malfunctioning antivirus, I have downloaded Avast and deleted Microsoft Essentials Security. I downloaded the ZHPDiag, but I didn't found a button 'Full' anywhere. There were three major buttons: scan, repair and report. I did a scan and the report can be found on http://www.speedyshare.com/DTa5u/ZHPDiag.txt

I really thank you for all your effort and time
0
Answer 6 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Aug 31, 2015 at 04:46 PM
It's a pleasure to be able to help you.

This time a got a full report because you uploaded on Speedyshare.

The report still indicates that there are 18 malware items in the system one of them is called "Live Malware Protection". I assume you have an iPod.

You must like to live dangerously! You have Limewire the nicest place to download malware of all kinds. Pando Networks and Shareaza are other places full of malware waiting to be installed on your system.

You once had or inadvertently installed McAfee antivirus. I suggest you make a search on your computer to remove it as it may create conflicts with Avast.

Last, we will repeat the ZHP Fix trick as I indicated before.

Here are the bold lines:

[MD5.C71074CDA77D0706B06499A7A33163AD] - (.SecureSoft - Live SecureSoft Protection.) -- C:\Windows\mlwps.exe [473600] [PID.776]
[MD5.35B25F79F6C6F1C6D45BC34F07726E92] - (.The Privoxy team - www.privoxy.org - Privoxy.) -- C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200] [PID.2344]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
O23 - Service: Live Malware Protection (Live Malware Protection) . (.SecureSoft - Live SecureSoft Protection.) - C:\Windows\mlwps.exe
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) . (.The Privoxy team - www.privoxy.org - Privoxy.) - C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
HKLM\SOFTWARE\Wow6432Node\SecureWeb =>PUP.Optional.SecureSoft
HKLM\SOFTWARE\Wow6432Node\SecureWebChannel =>PUP.Optional.SecureSoft
O61 - LFC: 2015/08/29 13:42:54 A . (..) -- C:\Users\Annelien\AppData\Roaming\360D.tmp.exe [1020928]
O61 - LFC: 2015/08/30 20:27:17 A . (..) -- C:\Users\Annelien\AppData\Roaming\4179.tmp.exe [1020928]
O61 - LFC: 2015/08/29 20:56:20 A . (..) -- C:\Users\Annelien\AppData\Roaming\F63.tmp.exe [1020928]
SR - Auto [2015/08/29 13:42:57] [ 473600] Live Malware Protection (Live Malware Protection) . (.SecureSoft.) - C:\Windows\mlwps.exe
SR - Auto [2015/08/29 20:54:20] [ 371200] Privoxy (PrivoxyService) (PrivoxyService) . (.The Privoxy team - www.privoxy.org.) - C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
C:\Windows\mlwps.exe
C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
HKLM\SYSTEM\CurrentControlSet\Services\Live Malware Protection
HKLM\SYSTEM\CurrentControlSet\Services\PrivoxyService
HKLM\SOFTWARE\Wow6432Node\SecureWeb
HKLM\SOFTWARE\Wow6432Node\SecureWebChannel


Good luck
0
Annelien
Sep 1, 2015 at 02:22 PM
I do have an iPod. I used to have the paying version of McAffee, but that was only for two years, after that I had Microsoft Security Essentials. It was in that period that I used those dangerous programs, like Limewire, because I thought the antivirus would protect me. Afterwards, I have deleted them. That was four years ago, when I was still young and naive.

For some reason, I can't import your lines in ZHPFix. I get a notification with:
Beispiel: Script ZHPFix
C:\program files\magnipic
[HKEY_CURRENT_USER\Software\Magnipic]
[HKEY_USERS\S-1-5-18\Control magnipic]
[HKCU\software\magnpic]
When I press on OK, I get the import screen, but it is blank. Even when I try to paste it there, I get the some notification.
0
Answer 7 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Sep 1, 2015 at 04:25 PM
Hello

Please download and run Rogue Killer:

https://www.fosshub.com/RogueKiller.html

After which, I would appreciate another ZHP Diag Report on Speedyshare.

Regards
0
Annelien
Sep 2, 2015 at 02:20 PM
I've run Rogue Killer, but before I could download it, I had to run ADWCleaner so the virus was gone.
The report of ZHPDiag is on: http://www.speedyshare.com/Y7Ksj/ZHPDiag.txt
Regards
0
Answer 8 / 8
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Sep 2, 2015 at 04:20 PM
Gefeliciteerd! You are now virus free.
0
Annelien
Sep 2, 2015 at 04:47 PM
Hoorayy!! Thank you :) I hope it will stay away this time
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169 > Annelien
Sep 2, 2015 at 05:27 PM
Now that you are much wiser, it should.:-)
0

Similar discussions

how to get rid of trojan virus
ziggy7 -
speedy -

74 responses
Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

1 response