Možda tražite i:
Šta je Malwarebytes Anti-Malware
Malwarebytes Anti-Malware VS MCShield

MyCity » Ambulanta -> Arhiva Ambulante » PriceGong sa Malware izbrisem ali oni su opet tu

PriceGong sa Malware izbrisem ali oni su opet tu

Napisano na dan: 23.10.2013

Strana:
1
2

PriceGong sa Malware izbrisem ali oni su opet tu

Sledeća strana

Pagination

Odgovori

Strana:
1
2

smz Poslao: 23 Okt 2013 16:04 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre izvesnog vremena izbrisao sam sve decije igrice koje su pocele da mi stvaraju probleme a i dete vise ne koristi moj racunar, no sada primecujem da Malwarebites uvek pronadje 64 pretnje PU.Optional.PriceGong.A sto nemam pojma odakle je i cemu sluzi. Kada to sve izbrisem restartujem masinu i ponovo uradim skan sa Malwabebitom oni su opet tu. Pokusao sam par puta ali uvek isto. Ima li sanse da je to jos ovek nesto od ostataka onih decijih igrica ili sam negde nesto pazario a da nisam ni svestan sta. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.21.2 Run by Besitzer at 15:49:49 on 2013-10-23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3583.2428 [GMT 2:00] . AV: AVG AntiVirus Free Edition 2014 Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe C:\Programme\QuickTime\qttask.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\AVG Secure Search\vprot.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\Programme\Microsoft ActiveSync\Wcescomm.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE C:\Programme\GerbMagic\gbxsvc.exe C:\Programme\Java\jre7\bin\jqs.exe C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k tapisrv . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Windows Internet Explorer bereitgestellt von T-Online.de uDefault_Page_URL = hxxp://www.t-online.de/cpm-redir/IE-8.html mDefault_Page_URL = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de uProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\programme\myashampoo\prxtbMyA0.dll dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\programme\winamp toolbar\winamptb.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre7\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\programme\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\programme\myashampoo\prxtbMyA0.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre7\bin\jp2ssv.dll TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\programme\winamp toolbar\winamptb.dll TB: MyAshampoo Toolbar: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - c:\programme\myashampoo\prxtbMyA0.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\programme\myashampoo\prxtbMyA0.dll TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\programme\winamp toolbar\winamptb.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\programme\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\progra~1\window~3\messen~1\msnmsgr.exe" /background uRun: [H/PC Connection Agent] "c:\programme\microsoft activesync\Wcescomm.exe" uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /minimized /regrun mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [Device Detector] DevDetect.exe -autorun mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe mRun: [vProt] "c:\programme\avg secure search\vprot.exe" mRun: [AVG_UI] "c:\programme\avg\avg2014\avgui.exe" /TRAYONLY mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\belkin~1.lnk - c:\programme\belkin\usb f5d7050\wireless utility\Belkinwcui.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ma111c~1.lnk - c:\programme\netgear\ma111 configuration utility\wlancfg.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Winamp Search - c:\dokumente und einstellungen\all users\anwendungsdaten\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Download with &Media Finder - c:\programme\media finder\hook.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{653DE5C0-C81F-42C8-80D7-7A23C63046E4} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{8FD8C3C8-0CD8-441A-AA00-BA040F00EA5B} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{94E09BD1-50D7-4AB1-9CC3-4A8E5EBCB878} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{B237F645-5918-43F4-A3C5-A9AE8BF192EE} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{BB2645B9-E631-4256-ABE9-ED98D8124AE8} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D8F807AC-1524-4195-A141-BAF5A4AE5C35} : DHCPNameServer = 192.168.2.1 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\gemeinsame dateien\avg secure search\viprotocolinstaller\15.3.0\ViProtocol.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113840352&tb_oid=15-04-2010&tb_mrud=15-11-2012&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q= FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\programme\avg\avg9\firefox\components\avgssff.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\dokumente und einstellungen\besitzer\anwendungsdaten\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\plugins\np-mswmp.dll FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\programme\gemeinsame dateien\avg secure search\sitesafetyinstaller\15.3.0\npsitesafety.dll FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\programme\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\programme\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: !HIDDEN! 2009-09-02 21:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 223032] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 102200] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 27448] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 37664] R2 AVGIDSAgent;AVGIDSAgent;c:\programme\avg\avg2014\avgidsagent.exe [2013-10-3 3538480] R2 avgwd;AVG WatchDog;c:\programme\avg\avg2014\avgwdsvc.exe [2013-9-25 301152] R2 gbxsvc;gbxsvc;c:\programme\gerbmagic\gbxsvc.exe [2010-8-29 36864] R2 MBAMScheduler;MBAMScheduler;c:\programme\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376] R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\all users\anwendungsdaten\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22856] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 701512] S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2013-6-21 162408] S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [2008-2-10 14976] S3 DATEV Update-Service;DATEV Update-Service;c:\datev\programm\install\DvInesASDSvc.Exe [2011-2-21 155232] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-29 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-29 11104] S3 TMhidFormulaT2;ThrustMaster Formula T2;c:\windows\system32\drivers\TMhidFormulaT2.sys [2012-11-1 26996] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE ShellExec: pica.exe: open="c:\programme\ElsterFormular/bin/pica.exe" "%1" . =============== Created Last 30 ================ . 2013-10-22 14:37:59 -------- d-----w- c:\dokumente und einstellungen\besitzer\anwendungsdaten\AVG2014 2013-10-22 14:23:28 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\AVG2014 2013-10-22 14:17:51 -------- d-----w- c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Avg2014 2013-10-10 14:06:43 -------- d-----w- c:\programme\THQ 2013-10-10 14:05:46 155648 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iuser.dll 2013-10-10 14:05:45 696320 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iKernel.dll 2013-10-10 14:05:45 57344 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\ctor.dll 2013-10-10 14:05:45 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2013-10-10 14:05:45 237568 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iscript.dll 2013-10-10 14:05:38 282756 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\setup.dll 2013-10-10 14:05:38 163972 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iGdi.dll 2013-10-10 11:29:38 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys 2013-10-10 11:29:38 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 11:28:31 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 11:28:31 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-10-10 11:28:31 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-10 11:28:31 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys . ==================== Find3M ==================== . 2013-10-10 11:14:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-10 11:14:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 07:39:58 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-09-23 07:39:58 674304 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 07:39:58 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-09-23 07:39:01 371200 ----a-w- c:\windows\system32\html.iec 2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 07:01:27 1878784 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 390656 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-07-31 04:56:12 868528 ----a-w- c:\windows\system32\wmvdmod.dll 2012-08-28 19:20:37 0 ----a-w- c:\programme\GUM6F.tmp 2012-08-28 19:20:02 739832 ----a-w- c:\programme\GoogleEarthPluginSetup.exe . ============= FINISH: 15:50:33,96 =============== mycity.rs/must-login.png

Profil

magna86 Poslao: 23 Okt 2013 16:35 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	1Ovo se svidja korisniku: victoria Registruj se da bi pohvalio/la poruku! Pozdrav, Postavi nam zadnji Malwarebytes log na uvid: Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter Start > Control Panel > Add or Remove Programs. Deinstaliraj sledece: MyAshampoo Toolbar Winamp Toolbar Potom: Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop. Raspakuj arhivu u neki folder (uputstvo), a zatim: zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: createsrpoint; iedefaults; MyAshampoo Toolbar;u Winamp Toolbar;u [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r "Window Title"=-;r {EF99BD32-C1FB-11D2-892F-0090271D4F88};c {a1e75a0e-4397-4ba8-bb50-e19fb66890f4};c {A3BC75A2-1F87-4686-AA43-5347D756017C};c c:\programme\myashampoo;fs {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20};c c:\programme\winamp toolbar;fs {5C255C8A-E604-49b4-9D64-90988571CECB};c {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2};c {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39};c {32683183-48a0-441b-a342-7c2a440a9478};c {555D4D79-4BD2-4094-A395-CFC534424A05};c [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search];r c:\dokumente und einstellungen\all users\anwendungsdaten\winamp toolbar;fs c:\windows\wc98pp.dll;f [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp];r {BBCA9F81-8F4F-11D2-90FF-0080C83D3571};c FFdefaults; c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll;f firefoxlook; chromelook; Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. ---------- potom ----------- Ponovo pokreni DDS program i postavi mi svez DDS.txt log

Profil

smz Poslao: 23 Okt 2013 17:20 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Okt 2013 17:00 Oba toolbara sam izbrisao... zadnji malwarebite izvestaj je ovde Malwarebytes Anti-Malware (PRO) 1.75.0.1300 malwarebytes.org Verzija baze: v2013.10.23.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Besitzer :: SAVIC [administrator] Zaštita: Omogućena 23.10.2013 09:44:12 mbam-log-2013-10-23 (09-44-12).txt Način skeniranja: Kompletno skeniranje (C:\ Omogućene opcije skeniranja: Memorija \| Automatsko pokretanje \| Registar \| Datotečni sistem \| Heuristika/Dodatno \| Heuristika/Shuriken \| PUP \| PUM Onemogućene opcije skeniranja: P2P Skeniranih objekata 310784 Proteklo vreme 2 sat(i), 4 minuta(e), 13 sekundi Detektovani procesi u memoriji: 0 (Maliciozne stavke nisu pronađene) Detektovani moduli u memoriji: 0 (Maliciozne stavke nisu pronađene) Detektovani ključevi u registru: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} (PUP.Optional.BearshareTB.A) -> Stavljeno u karantin i uspešno obrisano HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} (PUP.Optional.BearshareTB.A) -> Stavljeno u karantin i uspešno obrisano HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano Detektovane vrednosti u registru: 0 (Maliciozne stavke nisu pronađene) Detektovani podaci u registru: 0 (Maliciozne stavke nisu pronađene) Detektovane fascikle: 2 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano Detektovane datoteke: 59 C:\Programme\MyAshampoo\MyAshampooToolbarHelper.exe (PUP.Optional.Conduit.A) -> Stavljeno u karantin i uspešno obrisano C:\Programme\MyAshampoo\MyAshampooToolbarHelper1.exe (PUP.Optional.Conduit.A) -> Stavljeno u karantin i uspešno obrisano C:\System Volume Information\_restore{85008A8C-7DAF-4A76-AD3A-08F3A450CB1B}\RP423\A0101472.exe (PUP.Optional.Conduit.A) -> Stavljeno u karantin i uspešno obrisano C:\System Volume Information\_restore{85008A8C-7DAF-4A76-AD3A-08F3A450CB1B}\RP434\A0107495.exe (PUP.Optional.Conduit.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\J.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.xml (PUP.Optional.PriceGong.A) -> Stavljeno u karantin i uspešno obrisano (kraj) i u sledecem postu saljem zoe izvestaj Dopuna: 23 Okt 2013 17:20 Zoek.exe Version 4.0.0.5 Updated 22-October-2013 Tool run by Besitzer on 23.10.2013 at 17:03:24,14. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Dokumente und Einstellungen\Besitzer\Desktop\zoek1\zoek.com [Script inserted] ==== System Restore Info ====================== 23.10.2013 17:06:12 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{555D4D79-4BD2-4094-A395-CFC534424A05} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{555D4D79-4BD2-4094-A395-CFC534424A05} deleted successfully HKEY_CLASSES_ROOT\CLSID\{555D4D79-4BD2-4094-A395-CFC534424A05} deleted successfully HKEY_CLASSES_ROOT\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully ==== FireFox Fix ====================== Deleted from C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\prefs.js: user_pref("browser.startup.homepage", "http://www.t-online.de/"); user_pref("browser.search.defaulturl", "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113840352&tb_oid=15-04-2010&tb_mrud=15-11-2012&query="); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="); user_pref("browser.search.useDBForOrder", true); Added to C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default ---- Lines {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} removed from prefs.js ---- user_pref("extensions.{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}.install-event-fired", true); ---- Lines {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} modified from prefs.js ---- user_pref("extensions.enabledItems", "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911,avg@igeared:7.007.026.001,engine@conduit.com:3.2.5.2,smartwebprinting@hp.com:4.5,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2,{0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5"); ---- Lines {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user__1709_.backup prefs__1709_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Window Title"=- [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp] ==== Deleting Files \ Folders ====================== c:\programme\myashampoo not found c:\programme\winamp toolbar not found c:\dokumente und einstellungen\all users\anwendungsdaten\winamp toolbar not found "c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll" not found C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted "c:\windows\wc98pp.dll" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\15.3.0.11" [28.06.2013 14:45] ==== Firefox Extensions ====================== ProfilePath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default - AVG Security Toolbar - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\15.3.0.11 - Conduit Engine - %ProfilePath%\extensions\engine@conduit.com - Winamp Toolbar - %ProfilePath%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ==== Firefox Plugins ====================== Profilepath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash 7550FC1ADE982582D5920BEA6430E3D4 - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin EB87B7A13A15B7BD6B48ECB4E49F6EF3 - C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll - AVG SiteSafety plugin 8F24103AB984847AA2939F58F19CCC98 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21 ADC539F67D3198679F480974EE203678 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 4CD43010502A7E1337D72E2AD296B239 - C:\Programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat 4CD43010502A7E1337D72E2AD296B239 - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 19E3E493A95B6A667734D99813BBF776 - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Facebook\npfbplugin_1_0_1.dll - Facebook Plugin 3509063A268A4197CF8E713BD22B0978 - C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 38A1E65626558B8776C3546BE4491993 - C:\Programme\Windows Media Player\npdrmv2.dll - Microsoft® DRM AE3A029E3DC4EEB5EF5A4C2C997F78F8 - C:\Programme\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 1D187905079ACC40C420E7C8BD167731 - C:\Programme\Windows Media Player\npwmsdrm.dll - Microsoft® DRM D187BE921062DA1535197CD636EAF0C5 - C:\Programme\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 6.5 6B760E840578053E2AA9288C57F79A00 - C:\Programme\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 6.5 FF50D73AB4E095661ABE058C8F3366B0 - C:\Programme\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 6.5 3A10B5CCA3623C224E1186D57F2FA3F1 - C:\Programme\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 6.5 1AAE714ED8EFB7DDAA95AAFD72FD17C2 - C:\Programme\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 6.5 5688BD199E41F493F308B272CC38D1E1 - C:\Programme\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 6.5 BCDFF548F7D31A2BCF1CF98DA7EB5445 - C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll - MetaStream 3 Plugin 3CB231F12674D3CB0AC1F5EDE9578E85 - C:\WINDOWS\system32\npwmsdrm.dll - Microsoft® Windows Media Services F630B4A9D9C1AAF6BBABBB41E9BD45B5 - C:\WINDOWS\system32\npptools.dll - Betriebssystem Microsoft® Windows® ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aacbndibbcpajfgnkdkaakeiojmmgmnk - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\mf_plugin_gc.crx[] jpihmmhdcobmllpcnpfbhnipmhamldje - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\gencrawler_gc.crx[07.12.2011 19:28] ndibdjnfmopecpmkdieinmbadjfpblof - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx[28.06.2013 14:44] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.t-online.de/cpm-redir/IE-8.html" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://isearch.avg.com/tab?cid={9E1F38D9-65D2-4E43-9727-12EDF8DD3D4D}&mid=3cfd32db0559ead2b4c54d3af6c02513-06b0ec0ffe310a4da39ad21bb60c7df71d2ebb89&lang=de&ds=AVG&pr=fr&d=2012-09-06 13:48:44&pid=avg&sg=0&v=15.3.0.11&sap=nt" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {284E0B3F-B140-4984-AEB3-A89CFE207881} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {566F174C-3FB5-49AA-B115-F8273F70C654} T-Online.de Suche Url="http://redirect.t-online.de/index.php?rdid=8&q={searchTerms}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={9E1F38D9-65D2-4E43-9727-12EDF8DD3D4D}&mid=3cfd32db0559ead2b4c54d3af6c02513-06b0ec0ffe310a4da39ad21bb60c7df71d2ebb89&lang=de&ds=AVG&pr=fr&d=2012-09-06" {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Web Search Url="http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}" {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} Web Search Url="http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}" {afdbddaa-5d3f-42ee-b79c-185a7020515b} MyAshampoo Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029" {CCC7A320-B3CA-4199-B1A6-9F516DD69829} AVG Secure Search Url="http://search.avg.com/route/?d=4b0d65a1&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us" ==== EOF on 23.10.2013 at 17:11:31,96 ====================== evo i DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.21.2 Run by Besitzer at 17:18:23 on 2013-10-23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3583.2674 [GMT 2:00] . AV: AVG AntiVirus Free Edition 2014 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe C:\Programme\QuickTime\qttask.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\AVG Secure Search\vprot.exe C:\Programme\AVG\AVG2014\avgui.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\Programme\Microsoft ActiveSync\Wcescomm.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE C:\Programme\AVG\AVG2014\avgwdsvc.exe C:\Programme\GerbMagic\gbxsvc.exe C:\Programme\Java\jre7\bin\jqs.exe C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k tapisrv . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.t-online.de/cpm-redir/IE-8.html uProxyOverride = <local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre7\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\programme\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\programme\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\progra~1\window~3\messen~1\msnmsgr.exe" /background uRun: [H/PC Connection Agent] "c:\programme\microsoft activesync\Wcescomm.exe" uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /minimized /regrun mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [Device Detector] DevDetect.exe -autorun mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe mRun: [vProt] "c:\programme\avg secure search\vprot.exe" mRun: [AVG_UI] "c:\programme\avg\avg2014\avgui.exe" /TRAYONLY mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\belkin~1.lnk - c:\programme\belkin\usb f5d7050\wireless utility\Belkinwcui.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ma111c~1.lnk - c:\programme\netgear\ma111 configuration utility\wlancfg.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Download with &Media Finder - c:\programme\media finder\hook.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{653DE5C0-C81F-42C8-80D7-7A23C63046E4} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{8FD8C3C8-0CD8-441A-AA00-BA040F00EA5B} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{94E09BD1-50D7-4AB1-9CC3-4A8E5EBCB878} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{B237F645-5918-43F4-A3C5-A9AE8BF192EE} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{BB2645B9-E631-4256-ABE9-ED98D8124AE8} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D8F807AC-1524-4195-A141-BAF5A4AE5C35} : DHCPNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\gemeinsame dateien\avg secure search\viprotocolinstaller\15.3.0\ViProtocol.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q= FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\programme\avg\avg9\firefox\components\avgssff.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\dokumente und einstellungen\besitzer\anwendungsdaten\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\programme\gemeinsame dateien\avg secure search\sitesafetyinstaller\15.3.0\npsitesafety.dll FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\programme\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\programme\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: !HIDDEN! 2009-09-02 21:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 223032] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 102200] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 27448] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 37664] R2 avgwd;AVG WatchDog;c:\programme\avg\avg2014\avgwdsvc.exe [2013-9-25 301152] R2 gbxsvc;gbxsvc;c:\programme\gerbmagic\gbxsvc.exe [2010-8-29 36864] R2 MBAMScheduler;MBAMScheduler;c:\programme\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376] R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\all users\anwendungsdaten\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22856] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\programme\avg\avg2014\avgidsagent.exe [2013-10-3 3538480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 701512] S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2013-6-21 162408] S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [2008-2-10 14976] S3 DATEV Update-Service;DATEV Update-Service;c:\datev\programm\install\DvInesASDSvc.Exe [2011-2-21 155232] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-29 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-29 11104] S3 TMhidFormulaT2;ThrustMaster Formula T2;c:\windows\system32\drivers\TMhidFormulaT2.sys [2012-11-1 26996] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE ShellExec: pica.exe: open="c:\programme\ElsterFormular/bin/pica.exe" "%1" . =============== Created Last 30 ================ . 2013-10-23 15:09:13 -------- d-----w- C:\zoek_backup 2013-10-23 14:46:29 -------- d-----w- c:\dokumente und einstellungen\besitzer\anwendungsdaten\PriceGong 2013-10-23 14:46:26 -------- d-----w- c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Conduit 2013-10-22 14:37:59 -------- d-----w- c:\dokumente und einstellungen\besitzer\anwendungsdaten\AVG2014 2013-10-22 14:23:28 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\AVG2014 2013-10-22 14:17:51 -------- d-----w- c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Avg2014 2013-10-10 14:06:43 -------- d-----w- c:\programme\THQ 2013-10-10 14:05:46 155648 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iuser.dll 2013-10-10 14:05:45 696320 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iKernel.dll 2013-10-10 14:05:45 57344 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\ctor.dll 2013-10-10 14:05:45 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2013-10-10 14:05:45 237568 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iscript.dll 2013-10-10 14:05:38 282756 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\setup.dll 2013-10-10 14:05:38 163972 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iGdi.dll 2013-10-10 11:29:38 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys 2013-10-10 11:29:38 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 11:28:31 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 11:28:31 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-10-10 11:28:31 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-10 11:28:31 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys . ==================== Find3M ==================== . 2013-10-10 11:14:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-10 11:14:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 07:39:58 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-09-23 07:39:58 674304 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 07:39:58 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-09-23 07:39:01 371200 ----a-w- c:\windows\system32\html.iec 2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 07:01:27 1878784 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 390656 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-07-31 04:56:12 868528 ----a-w- c:\windows\system32\wmvdmod.dll 2012-08-28 19:20:37 0 ----a-w- c:\programme\GUM6F.tmp 2012-08-28 19:20:02 739832 ----a-w- c:\programme\GoogleEarthPluginSetup.exe . ============= FINISH: 17:18:42,78 ===============

Profil

magna86 Poslao: 23 Okt 2013 17:44 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada deinstaliraj: AVG Security Toolbar Potom... Ponovo pokreni Zoek.exe; zatvori browser i ostale pokrenute programe; privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ; dvoklikom pokreni zoek na ikonicu programa ; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: emptyclsid; AVG Security Toolbar;u [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions];r "avg@toolbar"=-;r AVG Security Toolbar;ff C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search;fs engine@conduit.com;ff Winamp Toolbar;ff chrdefaults; emptyalltemp; aacbndibbcpajfgnkdkaakeiojmmgmnk;chr jpihmmhdcobmllpcnpfbhnipmhamldje;chr ndibdjnfmopecpmkdieinmbadjfpblof;chr C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\mf_plugin_gc.crx;f C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\gencrawler_gc.crx;f autoclean; C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong;fs {566F174C-3FB5-49AA-B115-F8273F70C654};c {74322BF9-DF26-493F-B0DA-6D2FC5E6429E};c {95B7759C-8C7F-4BF1-B163-73684A933233};c {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59};c {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69};c {afdbddaa-5d3f-42ee-b79c-185a7020515b};c {CCC7A320-B3CA-4199-B1A6-9F516DD69829};c [-HKCU\Software\PriceGong];r c:\programme\avg secure search;fs filesrcm; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r "vProt=-;r c:\programme\avg\avg9\toolbar;fs c:\dokumente und einstellungen\besitzer\anwendungsdaten\PriceGong;fs c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Conduit;fs c:\programme\*.tmp;f ipconfig /flushdns >> %temp%\log.txt;b Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. --------- potom ---------- Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop. zatvori browser i ostale pokrenute programe; Jel potrebno navesti napomenu za duzinu scana? Da postavim ovaj PG ili nema potrebe za tim? Privremeno deaktiviraj zastitni softver (Uputstvo); dvoklikom na ikonicu ( )pokreni program JRT; Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje. Napomena: u ovisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje. Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt Kopiraj sadrzaj tog loga u temu. -------- potom -------- Ponovo pokreni DDS i postavi mi svez DDS.txt log.

Profil

smz Poslao: 23 Okt 2013 19:50 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Okt 2013 18:27 ovoga puta je rebootovao masinu kada je zavrsio sa skaniranjem... Zoek.exe Version 4.0.0.5 Updated 22-October-2013 Tool run by Besitzer on 23.10.2013 at 17:50:39,20. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Dokumente und Einstellungen\Besitzer\Desktop\zoek1\zoek.com [Script inserted] ==== Older Logs ====================== C:\zoek-results2013-10-23-151131.log 15424 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{566F174C-3FB5-49AA-B115-F8273F70C654} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-606747145-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default ---- Lines AVG Security Toolbar removed from prefs.js ---- ---- Lines AVG Security Toolbar modified from prefs.js ---- ---- Lines AVG Security Toolbar removed from user.js ---- ---- Lines engine@conduit.com removed from prefs.js ---- user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); user_pref("extensions.engine@conduit.com.install-event-fired", true); ---- Lines engine@conduit.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251920700281,\"rdfTime\":1232707720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Programme\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1380815805218,\"rdfTime\":1380815805218}}},{\"name\":\"app-system-user\",\"addons\":{\"gencrawler@some.com\":{\"descriptor\":\"C:\\\\Dokumente und Einstellungen\\\\Besitzer\\\\Anwendungsdaten\\\\Mozilla\\\\Extensions\\\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\\\gencrawler@some.com\",\"mtime\":1325603707812,\"rdfTime\":1323278900000}}},{\"name\":\"app-profile\",\"addons\":{\"engine@conduit.com\":{\"descriptor\":\"C:\\\\Dokumente und Einstellungen\\\\Besitzer\\\\Anwendungsdaten\\\\Mozilla\\\\Firefox\\\\Profiles\\\\c7bgvo1n.default\\\\extensions\\\\engine@conduit.com\",\"mtime\":1297513322359,\"rdfTime\":1290444216000},\"{0b38152b-1b20-484d-a11f-5e04a9b0661f}\":{\"descriptor\":\"C:\\\\Dokumente und Einstellungen\\\\Besitzer\\\\Anwendungsdaten\\\\Mozilla\\\\Firefox\\\\Profiles\\\\c7bgvo1n.default\\\\extensions\\\\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\",\"mtime\":1365150541726,\"rdfTime\":1365150541539},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Dokumente und Einstellungen\\\\Besitzer\\\\Anwendungsdaten\\\\Mozilla\\\\Firefox\\\\Profiles\\\\c7bgvo1n.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\",\"mtime\":1273173442500,\"rdfTime\":1271780036000}}}]"); user_pref("extensions.enabledItems", "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911,avg@igeared:7.007.026.001,engine@conduit.com:3.2.5.2,smartwebprinting@hp.com:4.5,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,disabled:3.2.5.2,{0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5"); ---- Lines engine@conduit.com removed from user.js ---- ---- Lines Winamp Toolbar removed from prefs.js ---- user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar"); ---- Lines Winamp Toolbar modified from prefs.js ---- ---- Lines Winamp Toolbar removed from user.js ---- ---- Lines CT2475029 removed from prefs.js ---- user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029", "\"9971ee9815a5fc569766cf6ddcaaca8e\""); user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/ct2481020/CT2475029", "\"b0b52138ace860c8fb1b31e71afb678e3\""); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029"); user_pref("CommunityToolbar.ToolbarsList", "CT2475029,ConduitEngine"); user_pref("CommunityToolbar.ToolbarsList2", "CT2475029"); user_pref("CT2475029..clientLogIsEnabled", true); user_pref("CT2475029..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2475029..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2475029.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2475029.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2475029.BrowserCompStateIsOpen_129469746101488132", true); user_pref("CT2475029.BrowserCompStateIsOpen_129681723868939970", true); user_pref("CT2475029.BrowserCompStateIsOpen_130104333454678661", true); user_pref("CT2475029.clientLogIsEnabled", true); user_pref("CT2475029.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Wed Oct 23 2013 17:00:46 GMT+0200"); user_pref("CT2475029.CommunitiesChangesLastUrl", "http://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT2481020,CT2481024,CT2481025,CT2481029,CT2481031,CT2481032,CT2481033,CT2481034,CT2481035,CT2481037,CT2475029"); user_pref("CT2475029.CommunityChanged", true); user_pref("CT2475029.ConfigurationLastCheckTime", "Wed Oct 23 2013 16:09:27 GMT+0200"); user_pref("CT2475029.countryCode", "DE"); user_pref("CT2475029.CT2481020.CommunityChanged", true); user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR"); user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 769); user_pref("CT2475029.ct2481020.FeedLastCount129137419315157090", 257); user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false); user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Wed Oct 23 2013 09:58:14 GMT+0200"); user_pref("CT2475029.ct2481020.GroupingLastErrorCode", ""); user_pref("CT2475029.ct2481020.GroupingLastResponse", false); user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129156507150200000"); user_pref("CT2475029.ct2481020.InvalidateCache", false); user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Wed Oct 23 2013 16:09:27 GMT+0200"); user_pref("CT2475029.ct2481020.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2481020&octid=CT2475029&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID\"}"); user_pref("CT2475029.ct2481020.Locale", "de"); user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Thu Apr 15 2010 19:06:07 GMT+0200"); user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3"); user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3"); user_pref("CT2475029.ct2481020.SearchEngine", "Suchen\|\|http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2481020&octid=EB_ORIGINAL_CTID"); user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Tue Sep 03 2013 13:22:42 GMT+0200"); user_pref("CT2475029.ct2481020.SettingsCheckIntervalMin", 120); user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Wed Oct 23 2013 14:20:36 GMT+0200"); user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1382253726"); user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Thu Apr 08 2010 20:22:17 GMT+0200"); user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1269365470"); user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Wed Oct 23 2013 16:09:28 GMT+0200"); user_pref("CT2475029.CT2481024.CommunityChanged", true); user_pref("CT2475029.CT2481025.CommunityChanged", true); user_pref("CT2475029.CT2481029.CommunityChanged", true); user_pref("CT2475029.CT2481031.CommunityChanged", true); user_pref("CT2475029.CT2481032.CommunityChanged", true); user_pref("CT2475029.CT2481033.CommunityChanged", true); user_pref("CT2475029.CT2481034.CommunityChanged", true); user_pref("CT2475029.CT2481035.CommunityChanged", true); user_pref("CT2475029.CT2481037.CommunityChanged", true); user_pref("CT2475029.CTID", "ct2481020"); user_pref("CT2475029.CurrentServerDate", "23-10-2013"); user_pref("CT2475029.DialogsAlignMode", "LTR"); user_pref("CT2475029.DialogsGetterLastCheckTime", "Fri Oct 18 2013 06:30:00 GMT+0200"); user_pref("CT2475029.DownloadDomainsCheckInterval", "168"); user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Fri Oct 18 2013 06:29:36 GMT+0200"); user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201073583"); user_pref("CT2475029.DownloadReferralCookieData", ""); user_pref("CT2475029.EMailNotifierPollDate", "Fri Apr 16 2010 13:11:10 GMT+0200"); user_pref("CT2475029.ExternalComponentPollDate129077842555155326", "Fri Apr 16 2010 13:06:07 GMT+0200"); user_pref("CT2475029.ExternalComponentPollDate129078508355624514", "Thu Apr 08 2010 20:22:17 GMT+0200"); user_pref("CT2475029.FeedLastCount129133095456874337", 0); user_pref("CT2475029.FeedPollDate129076849370150342", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076850042182211", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076850596400916", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076850791868756", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076852434375419", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076853083906444", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076854010937606", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129076855068438037", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076855340312884", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076855597344292", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076855883906472", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076856408281730", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076856723281882", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076856982969262", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076857229219583", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.FeedPollDate129076857478587121", "Fri Apr 16 2010 12:46:10 GMT+0200"); user_pref("CT2475029.FeedPollDate129076858014837073", "Fri Apr 16 2010 12:46:10 GMT+0200"); user_pref("CT2475029.FeedPollDate129132307482029379", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate129132307482029381", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate129132307482029382", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate129133095459686870", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate129133095459686871", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate129137419319063373", "Fri Apr 16 2010 12:46:07 GMT+0200"); user_pref("CT2475029.FeedPollDate129137419319063374", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129137435445312162", "Fri Apr 16 2010 12:46:07 GMT+0200"); user_pref("CT2475029.FeedPollDate129137435445312163", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129137435445312164", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129137435445312165", "Fri Apr 16 2010 12:46:08 GMT+0200"); user_pref("CT2475029.FeedPollDate129137437659687146", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate129137437659687147", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate129137437659687148", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576560869056615", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561015434053", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561386746076", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561414772911", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561420903218", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561602550763", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561619886036", "Thu Apr 08 2010 20:22:21 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561754984581", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561797886832", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561811548356", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561872249134", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561930219330", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576561981855850", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562037116008", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562041692017", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562207067564", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562230147241", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562294787742", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562356557644", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562442400632", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562443695659", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562504191975", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562833836505", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562864286456", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562875617752", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576562959235652", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563001642200", "Thu Apr 08 2010 20:22:21 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563032567449", "Thu Apr 08 2010 20:22:23 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563042939011", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563120943592", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563149812339", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563275725470", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563336850582", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563398664519", "Thu Apr 08 2010 20:22:21 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563491628460", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563508458497", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563736132084", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563919782085", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563926653077", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576563995598288", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564023582060", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564025306008", "Thu Apr 08 2010 20:22:21 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564149391022", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564240601882", "Thu Apr 08 2010 20:22:18 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564283815262", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564295923619", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564370576533", "Thu Apr 08 2010 20:22:19 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564539739037", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564541982906", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564713374620", "Thu Apr 08 2010 20:22:22 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564879189886", "Thu Apr 08 2010 20:22:20 GMT+0200"); user_pref("CT2475029.FeedPollDate6244576564901169500", "Thu Apr 08 2010 20:22:21 GMT+0200"); user_pref("CT2475029.FeedTTL129076850596400916", 5); user_pref("CT2475029.FeedTTL129076850791868756", 5); user_pref("CT2475029.FeedTTL129076856723281882", 5); user_pref("CT2475029.FeedTTL129076857229219583", 30); user_pref("CT2475029.FeedTTL129132307482029379", 40); user_pref("CT2475029.FeedTTL129132307482029381", 40); user_pref("CT2475029.FeedTTL129132307482029382", 40); user_pref("CT2475029.FeedTTL129133095459686870", 40); user_pref("CT2475029.FeedTTL129133095459686871", 40); user_pref("CT2475029.FeedTTL129137419319063373", 40); user_pref("CT2475029.FeedTTL129137419319063374", 40); user_pref("CT2475029.FeedTTL129137435445312162", 40); user_pref("CT2475029.FeedTTL129137435445312163", 40); user_pref("CT2475029.FeedTTL129137435445312164", 40); user_pref("CT2475029.FeedTTL129137435445312165", 40); user_pref("CT2475029.FeedTTL129137437659687146", 40); user_pref("CT2475029.FeedTTL129137437659687147", 40); user_pref("CT2475029.FeedTTL129137437659687148", 40); user_pref("CT2475029.FeedTTL6244576560869056615", 30); user_pref("CT2475029.FeedTTL6244576561420903218", 60); user_pref("CT2475029.FeedTTL6244576561619886036", 15); user_pref("CT2475029.FeedTTL6244576561754984581", 1440); user_pref("CT2475029.FeedTTL6244576561930219330", 30); user_pref("CT2475029.FeedTTL6244576561981855850", 5); user_pref("CT2475029.FeedTTL6244576562037116008", 30); user_pref("CT2475029.FeedTTL6244576562041692017", 15); user_pref("CT2475029.FeedTTL6244576562442400632", 15); user_pref("CT2475029.FeedTTL6244576562443695659", 15); user_pref("CT2475029.FeedTTL6244576562875617752", 5); user_pref("CT2475029.FeedTTL6244576563042939011", 1); user_pref("CT2475029.FeedTTL6244576563149812339", 60); user_pref("CT2475029.FeedTTL6244576563336850582", 10); user_pref("CT2475029.FeedTTL6244576563398664519", 15); user_pref("CT2475029.FeedTTL6244576563508458497", 5); user_pref("CT2475029.FeedTTL6244576563919782085", 5); user_pref("CT2475029.FeedTTL6244576564283815262", 2); user_pref("CT2475029.FeedTTL6244576564539739037", 15); user_pref("CT2475029.FeedTTL6244576564901169500", 15); user_pref("CT2475029.FirstServerDate", "8-4-2010"); user_pref("CT2475029.FirstTime", true); user_pref("CT2475029.FirstTimeFF3", true); user_pref("CT2475029.FixPageNotFoundErrors", true); user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"http://appdownload.conduit.com/\",\"RevertSettingsEnabled\":\"TRUE\",\"urlBarHiddenEnabled\":\"TRUE\",\"notFoundHiddenEnabled\":\"TRUE\",\"searchInNewTabHiddenEnabled\":\"TRUE\",\"WorkingAppsWhenHiddenList\":\"[\\\"6cfe5439-68c4-4541-859e-cf72ae454b3e\\\"]\",\"ChInterval\":\"24\"}"); user_pref("CT2475029.GroupingLastCheckTime", "Wed Oct 23 2013 09:58:14 GMT+0200"); user_pref("CT2475029.GroupingLastErrorCode", ""); user_pref("CT2475029.GroupingLastResponse", false); user_pref("CT2475029.GroupingLastServerUpdateTime", "129156505860200000"); user_pref("CT2475029.GroupingServerCheckInterval", 1440); user_pref("CT2475029.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2475029.HasUserGlobalKeys", true); user_pref("CT2475029.homepageProtectorEnableByLogin", true); user_pref("CT2475029.initDone", true); user_pref("CT2475029.Initialize", true); user_pref("CT2475029.InitializeCommonPrefs", true); user_pref("CT2475029.InstallationAndCookieDataSentCount", 3); user_pref("CT2475029.InstallationType", "Unknown"); user_pref("CT2475029.InstalledDate", "Thu Apr 08 2010 20:22:17 GMT+0200"); user_pref("CT2475029.IsGrouping", true); user_pref("CT2475029.IsMulticommunity", true); user_pref("CT2475029.IsOpenThankYouPage", false); user_pref("CT2475029.IsOpenUninstallPage", true); user_pref("CT2475029.LanguagePackLastCheckTime", "Thu Apr 08 2010 20:22:37 GMT+0200"); user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440); user_pref("CT2475029.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2475029.LastLogin_2.5.6.0", "Fri Apr 16 2010 12:46:06 GMT+0200"); user_pref("CT2475029.LastLogin_3.12.2.3", "Tue Jun 05 2012 16:07:16 GMT+0200"); user_pref("CT2475029.LastLogin_3.13.0.6", "Wed Jul 18 2012 16:41:16 GMT+0200"); user_pref("CT2475029.LastLogin_3.14.1.0", "Mon Aug 27 2012 16:00:44 GMT+0200"); user_pref("CT2475029.LastLogin_3.15.1.0", "Fri Nov 09 2012 14:18:10 GMT+0100"); user_pref("CT2475029.LastLogin_3.16.0.100", "Mon Feb 11 2013 17:36:11 GMT+0100"); user_pref("CT2475029.LastLogin_3.16.0.3", "Tue Jan 01 2013 13:07:43 GMT+0100"); user_pref("CT2475029.LastLogin_3.18.0.7", "Tue Jul 16 2013 17:18:11 GMT+0200"); user_pref("CT2475029.LastLogin_3.19.0.3", "Tue Sep 03 2013 13:22:45 GMT+0200"); user_pref("CT2475029.LastLogin_3.20.0.4", "Wed Oct 23 2013 13:58:30 GMT+0200"); user_pref("CT2475029.LatestVersion", "3.20.0.4"); user_pref("CT2475029.Locale", "en"); user_pref("CT2475029.LoginCache", 4); user_pref("CT2475029.MCDetectTooltipHeight", "83"); user_pref("CT2475029.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2475029.MCDetectTooltipWidth", "295"); user_pref("CT2475029.myStuffEnabled", true); user_pref("CT2475029.MyStuffEnabledAtInstallation", true); user_pref("CT2475029.myStuffPublihserMinWidth", 400); user_pref("CT2475029.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2475029.myStuffServiceIntervalMM", 1440); user_pref("CT2475029.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2475029.RadioIsPodcast", false); user_pref("CT2475029.RadioMediaID", "9962"); user_pref("CT2475029.RadioMediaType", "Media Player"); user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962"); user_pref("CT2475029.RadioStationName", "California%20Rock"); user_pref("CT2475029.RadioStationURL", "http://feedlive.net/california.asx"); user_pref("CT2475029.revertSettingsEnabled", true); user_pref("CT2475029.SavedHomepage", "http://www.t-online.de/cpm-redir/ff-3_0.html"); user_pref("CT2475029.SearchAPILastCheckTime", "Wed Oct 23 2013 16:09:28 GMT+0200"); user_pref("CT2475029.SearchEngine", "Search\|\|http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2475029&octid=EB_ORIGINAL_CTID"); user_pref("CT2475029.SearchFromAddressBarIsInit", true); user_pref("CT2475029.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="); user_pref("CT2475029.SearchInNewTabEnabled", true); user_pref("CT2475029.SearchInNewTabIntervalMM", 1440); user_pref("CT2475029.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); user_pref("CT2475029.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT2481020&octid=CT2475029&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID"); user_pref("CT2475029.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2475029.searchProtectorDialogDelayInSec", 10); user_pref("CT2475029.searchProtectorEnableByLogin", true); user_pref("CT2475029.ServiceMapLastCheckTime", "Wed Oct 23 2013 14:20:36 GMT+0200"); user_pref("CT2475029.SettingsCheckIntervalMin", 120); user_pref("CT2475029.SettingsLastCheckTime", "Thu Apr 08 2010 20:22:15 GMT+0200"); user_pref("CT2475029.SettingsLastUpdate", "1269365865"); user_pref("CT2475029.SHRINK_TOOLBAR", 1); user_pref("CT2475029.testingCtid", ""); user_pref("CT2475029.ThirdPartyComponentsInterval", 504); user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu Apr 08 2010 20:22:15 GMT+0200"); user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1269365865"); user_pref("CT2475029.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"); user_pref("CT2475029.TrusteLinkUrl", "http://trust.conduit.com/CT2475029"); user_pref("CT2475029.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2475029.usagesFlag", 2); user_pref("CT2475029.UserID", "UN63625833923700774"); user_pref("CT2475029.WeatherNetwork", ""); user_pref("CT2475029.WeatherPollDate", "Fri Apr 16 2010 12:46:09 GMT+0200"); user_pref("CT2475029.WeatherUnit", "C"); ---- Lines CT2475029 modified from prefs.js ---- ---- Lines CT2475029 removed from user.js ---- ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search"); ---- Lines Web Search modified from prefs.js ---- ---- Lines Web Search removed from user.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines Customized removed from user.js ---- ---- Lines CommunityToolbar removed from prefs.js ---- user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Oct 08 2011 09:34:01 GMT+0200"); user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Oct 08 2011 09:34:01 GMT+0200"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "0621bc43-41a3-49c1-bafb-44e0bce342bd"); user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", "\"1365959747\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"04afd94b864cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\""); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000"); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000"); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000"); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000"); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=de", "\"93a0efb0b4777099148b02d47af49f81\""); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Apr 15 2010 19:06:07 GMT+0200"); user_pref("CommunityToolbar.globalUserId", "880d5170-31ae-4316-ac4d-abdbbe66fbc9"); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://de.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_de&p="); user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Apr 08 2010 20:22:17 GMT+0200"); user_pref("CommunityToolbar.twitter.user_19345231.LastCheckTime", "Fri Apr 16 2010 12:46:07 GMT+0200"); ---- Lines CommunityToolbar modified from prefs.js ---- ---- Lines CommunityToolbar removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user__1709_.backup user__1804_.backup prefs__1709_.backup prefs__1804_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"=- [-HKEY_CURRENT_USER\Software\PriceGong] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vProt=- ==== Batch Command(s) Run By Tool====================== Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. ==== Deleting Files \ Folders ====================== C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search not found c:\programme\avg secure search not found c:\programme\avg\avg9\toolbar not found "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\mf_plugin_gc.crx" not found "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FRITZ" not found C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong deleted c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Conduit deleted C:\Programme\GUM6F.tmp deleted C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\Programme\Viewpoint deleted C:\Programme\Conduit deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder deleted C:\Dokumente und Einstellungen\Besitzer\SymXPep2.dll deleted C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlawarWrapper deleted C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint deleted C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\WINDOWS\System32\ConduitEngine.tmp deleted C:\WINDOWS\System32\tfesgiow.tmp deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\searchplugins\aol-search.xml deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\winampToolbarData deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\CT2475029 deleted C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\extensions\engine@conduit.com deleted "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AOL" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOKUME~1\Besitzer\LOKALE~1\Temp ==== 2013-10-23 15:46:46 288C4B8AB34A0F41D9E5BDFE42705C27 1822896 ----a-w- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\UNINSTALL.EXE 2013-10-23 14:48:46 7CA420A4688109E2AB5844A2C753C905 5176096 ----a-w- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tbMyA2.dll ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2013-09-25 18:57:14 8A7DC10E81E73994AF8D8FB4E921BA20 120632 ----a-w- C:\WINDOWS\System32\drivers\avgdiskx.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Programme ===== 2013-10-10 14:06:43 -------- d-----w- C:\Programme\THQ ======= C: ===== ====== C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten ====== 2013-10-22 14:37:59 -------- d-----w- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG2014 2013-10-22 14:30:32 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014 2013-10-22 14:22:59 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Avg2014 2013-10-22 14:17:51 -------- d-----w- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Avg2014 ====== C:\Dokumente und Einstellungen\Besitzer ====== 2013-10-23 13:48:17 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Dokumente und Einstellungen\Besitzer\Desktop\dds.com 2013-10-22 14:19:33 -------- d--h--r- C:\Dokumente und Einstellungen\Besitzer\Recent ====== C: exe-files == 2013-10-23 15:46:46 288C4B8AB34A0F41D9E5BDFE42705C27 1822896 ----a-w- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\UNINSTALL.EXE 2013-10-22 14:10:44 30D0AD41CC60C6A62277BB350A1EBE4E 4369632 ----a-w- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\ccsetup406.exe === C: other files == 2013-10-23 13:48:17 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Dokumente und Einstellungen\Besitzer\Desktop\dds.com 2013-10-22 14:23:53 61A7E0B02F82CFF3DB2445BBE50B3589 24144 ----a-w- C:\Programme\AVG\AVG2014\Drivers\avgidsfilterx.sys 2013-10-22 14:23:53 0F293406F64B48D5D2F0D3A1117F3A83 29776 ----a-w- C:\Programme\AVG\AVG2014\Drivers\avgidsfiltera.sys ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 21:45] ==== Firefox Extensions ====================== ProfilePath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default - Winamp Toolbar - %ProfilePath%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ==== Firefox Plugins ====================== Profilepath: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash 7550FC1ADE982582D5920BEA6430E3D4 - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 8F24103AB984847AA2939F58F19CCC98 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21 ADC539F67D3198679F480974EE203678 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 4CD43010502A7E1337D72E2AD296B239 - C:\Programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat 4CD43010502A7E1337D72E2AD296B239 - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 19E3E493A95B6A667734D99813BBF776 - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Facebook\npfbplugin_1_0_1.dll - Facebook Plugin 3509063A268A4197CF8E713BD22B0978 - C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 38A1E65626558B8776C3546BE4491993 - C:\Programme\Windows Media Player\npdrmv2.dll - Microsoft® DRM AE3A029E3DC4EEB5EF5A4C2C997F78F8 - C:\Programme\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 1D187905079ACC40C420E7C8BD167731 - C:\Programme\Windows Media Player\npwmsdrm.dll - Microsoft® DRM D187BE921062DA1535197CD636EAF0C5 - C:\Programme\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 6.5 6B760E840578053E2AA9288C57F79A00 - C:\Programme\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 6.5 FF50D73AB4E095661ABE058C8F3366B0 - C:\Programme\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 6.5 3A10B5CCA3623C224E1186D57F2FA3F1 - C:\Programme\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 6.5 1AAE714ED8EFB7DDAA95AAFD72FD17C2 - C:\Programme\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 6.5 5688BD199E41F493F308B272CC38D1E1 - C:\Programme\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 6.5 3CB231F12674D3CB0AC1F5EDE9578E85 - C:\WINDOWS\system32\npwmsdrm.dll - Microsoft® Windows Media Services F630B4A9D9C1AAF6BBABBB41E9BD45B5 - C:\WINDOWS\system32\npptools.dll - Betriebssystem Microsoft® Windows® ==== Deleted Firefox Extensions ====================== C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aacbndibbcpajfgnkdkaakeiojmmgmnk - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\mf_plugin_gc.crx[] jpihmmhdcobmllpcnpfbhnipmhamldje - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Media Finder\Extensions\gencrawler_gc.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://www.t-online.de/cpm-redir/IE-8.html" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {284E0B3F-B140-4984-AEB3-A89CFE207881} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aacbndibbcpajfgnkdkaakeiojmmgmnk deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6 deleted successfully ==== Empty IE Cache ====================== C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOKUME~1\Besitzer\LOKALE~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 23.10.2013 at 18:17:21,01 ====================== Dopuna: 23 Okt 2013 18:41 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Microsoft Windows XP x86 Ran by Besitzer on 23.10.2013 at 18:27:37,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\imeshmediabartb Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2475029 ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\user.js Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\conduitcommon Successfully deleted the following from C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\prefs.js user_pref("ConduitEngine.CTID", "ConduitEngine"); user_pref("ConduitEngine.FirstServerDate", "02/12/2011 15"); user_pref("ConduitEngine.FirstTime", true); user_pref("ConduitEngine.FirstTimeFF3", true); user_pref("ConduitEngine.HasUserGlobalKeys", true); user_pref("ConduitEngine.Initialize", true); user_pref("ConduitEngine.InitializeCommonPrefs", true); user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 13:22:38 GMT+0100"); user_pref("ConduitEngine.IsMulticommunity", false); user_pref("ConduitEngine.IsOpenThankYouPage", false); user_pref("ConduitEngine.IsOpenUninstallPage", true); user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Oct 08 2011 09:34:03 GMT+0200"); user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Oct 08 2011 09:34:03 GMT+0200"); user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Oct 08 2011 09:34:03 GMT+0200"); user_pref("ConduitEngine.UserID", "UN04731095326988310"); user_pref("ConduitEngine.componentAlertEnabled", true); user_pref("ConduitEngine.engineLocale", "de"); user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Oct 08 2011 09:34:03 GMT+0200"); user_pref("ConduitEngine.initDone", true); user_pref("ConduitEngine.usagesFlag", 1); user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 949); user_pref("aol_toolbar.surf.date", "180"); user_pref("aol_toolbar.surf.lastDate", "23"); user_pref("aol_toolbar.surf.lastMonth", "9"); user_pref("aol_toolbar.surf.lastYear", "2013"); user_pref("aol_toolbar.surf.month", "720"); user_pref("aol_toolbar.surf.prevMonth", "1020"); user_pref("aol_toolbar.surf.total", "12591"); user_pref("aol_toolbar.surf.week", "263"); user_pref("aol_toolbar.surf.year", "9954"); user_pref("bearsharemediabar.Var1", "0"); user_pref("bearsharemediabar.Var10", "0"); user_pref("bearsharemediabar.Var2", "0"); user_pref("bearsharemediabar.Var3", "0"); user_pref("bearsharemediabar.Var4", "0"); user_pref("bearsharemediabar.Var5", "0"); user_pref("bearsharemediabar.Var6", "0"); user_pref("bearsharemediabar.Var7", "0"); user_pref("bearsharemediabar.Var8", "0"); user_pref("bearsharemediabar.Var9", "0"); user_pref("bearsharemediabar.firstlaunch", "0"); user_pref("bearsharemediabar.guid", "%7B09A632A0-4A7A-4484-523B-433C2B8B827D%7D"); user_pref("bearsharemediabar.popupblockedcnt", "9"); user_pref("bearsharemediabar.stored_history", ""); user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113840352&tb_oid user_pref("winamp_toolbar.search.searchtype", "web"); Emptied folder: C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\minidumps [15 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.10.2013 at 18:35:45,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dopuna: 23 Okt 2013 18:43 DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.21.2 Run by Besitzer at 18:41:16 on 2013-10-23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3583.3072 [GMT 2:00] . AV: AVG AntiVirus Free Edition 2014 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe C:\Programme\QuickTime\qttask.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\AVG\AVG2014\avgwdsvc.exe C:\Programme\AVG\AVG2014\avgui.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\GerbMagic\gbxsvc.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\Programme\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Java\jre7\bin\jqs.exe C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k tapisrv . ============== Pseudo HJT Report =============== . uProxyOverride = <local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre7\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre7\bin\jp2ssv.dll EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\progra~1\window~3\messen~1\msnmsgr.exe" /background uRun: [H/PC Connection Agent] "c:\programme\microsoft activesync\Wcescomm.exe" uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /minimized /regrun mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [Device Detector] DevDetect.exe -autorun mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe mRun: [AVG_UI] "c:\programme\avg\avg2014\avgui.exe" /TRAYONLY mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\belkin~1.lnk - c:\programme\belkin\usb f5d7050\wireless utility\Belkinwcui.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ma111c~1.lnk - c:\programme\netgear\ma111 configuration utility\wlancfg.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programme\microsoft activesync\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{653DE5C0-C81F-42C8-80D7-7A23C63046E4} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{8FD8C3C8-0CD8-441A-AA00-BA040F00EA5B} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{94E09BD1-50D7-4AB1-9CC3-4A8E5EBCB878} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{B237F645-5918-43F4-A3C5-A9AE8BF192EE} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{BB2645B9-E631-4256-ABE9-ED98D8124AE8} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D8F807AC-1524-4195-A141-BAF5A4AE5C35} : DHCPNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\ FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\c7bgvo1n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\programme\avg\avg9\firefox\components\avgssff.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\programme\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\dokumente und einstellungen\besitzer\anwendungsdaten\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\programme\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\programme\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: !HIDDEN! 2009-09-02 21:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 223032] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 102200] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 27448] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 193848] R2 avgwd;AVG WatchDog;c:\programme\avg\avg2014\avgwdsvc.exe [2013-9-25 301152] R2 gbxsvc;gbxsvc;c:\programme\gerbmagic\gbxsvc.exe [2010-8-29 36864] R2 MBAMScheduler;MBAMScheduler;c:\programme\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376] R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\all users\anwendungsdaten\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22856] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\programme\avg\avg2014\avgidsagent.exe [2013-10-3 3538480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 701512] S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2013-6-21 162408] S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [2008-2-10 14976] S3 DATEV Update-Service;DATEV Update-Service;c:\datev\programm\install\DvInesASDSvc.Exe [2011-2-21 155232] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-29 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-29 11104] S3 TMhidFormulaT2;ThrustMaster Formula T2;c:\windows\system32\drivers\TMhidFormulaT2.sys [2012-11-1 26996] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE ShellExec: pica.exe: open="c:\programme\ElsterFormular/bin/pica.exe" "%1" . =============== Created Last 30 ================ . 2013-10-23 16:27:33 -------- d-----w- c:\windows\ERUNT 2013-10-23 16:10:03 24064 ----a-w- c:\windows\zoek-delete.exe 2013-10-23 16:01:45 -------- d-----w- C:\zoek 2013-10-23 15:09:13 -------- d-----w- C:\zoek_backup 2013-10-22 14:37:59 -------- d-----w- c:\dokumente und einstellungen\besitzer\anwendungsdaten\AVG2014 2013-10-22 14:23:28 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\AVG2014 2013-10-22 14:17:51 -------- d-----w- c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\Avg2014 2013-10-10 14:06:43 -------- d-----w- c:\programme\THQ 2013-10-10 14:05:46 155648 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iuser.dll 2013-10-10 14:05:45 696320 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iKernel.dll 2013-10-10 14:05:45 57344 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\ctor.dll 2013-10-10 14:05:45 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2013-10-10 14:05:45 237568 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iscript.dll 2013-10-10 14:05:38 282756 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\setup.dll 2013-10-10 14:05:38 163972 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\0701\intel32\iGdi.dll 2013-10-10 11:29:38 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys 2013-10-10 11:29:38 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 11:28:31 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 11:28:31 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-10-10 11:28:31 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-10 11:28:31 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys . ==================== Find3M ==================== . 2013-10-10 11:14:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-10 11:14:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 07:39:58 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-09-23 07:39:58 674304 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 07:39:58 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-09-23 07:39:01 371200 ----a-w- c:\windows\system32\html.iec 2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 07:01:27 1878784 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 390656 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-07-31 04:56:12 868528 ----a-w- c:\windows\system32\wmvdmod.dll 2012-08-28 19:20:02 739832 ----a-w- c:\programme\GoogleEarthPluginSetup.exe . ============= FINISH: 18:42:22,92 =============== Dopuna: 23 Okt 2013 19:50 To bi bilo to...ovo za duzinu scana sto si napisao to bas nisam ukapirao ...ali ovo bi bila sva tri izvestaja

Profil

magna86 Poslao: 23 Okt 2013 20:04 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, postavljeni logovi izgledaju Ok. Izvrsicemo jos neke male izmene koristeci zoek a potom idemo na dodatnu AntiRootKit proveru. Ponovo pokreni zoek.exe na isti nacin kao i do sad, s' tim sto ces koristiti sledecu zoek scriptu: `C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tbMyA2.dll;f Winamp Toolbar;ff` Postavi ovde dobijen zoek log. -------- potom --------- Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite NO; kliknite [ Scan ] i sačekajte da skeniranje bude završeno; kliknite [ Save ... ] - izveštaj sačuvajte na Desktop (pod nazivom ARK); Priložite ARK.txt izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

smz Poslao: 24 Okt 2013 09:24 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek vise ne mogu da pokrenem dok je predhodnih par puta startovao bez problema. Pokusao sam ponovo sa ova dva linka da downloadujem program ali ni to ne ide nakon par minuta javi mi greska u skidanju- prekoraceno vreme...tako nesto. dali da nastavim sa Gmerom ili da resimo predhodni korak prvo?

Profil

magna86 Poslao: 24 Okt 2013 14:54 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	2Ovo se svidja korisnicima: NIx Car, ThePhilosopher Registruj se da bi pohvalio/la poruku! Otvori Notepad i kopiraj sljedeći tekst: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tbMyA2.dll" ) do ( del /a/f/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) for %%g in ( "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\c7bgvo1n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}" ) do ( rd /s/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.OBRISANO !!! Snimi ga na Desktop pod imenom fix.bat Obrati pažnju na ekstenziju .bat Pokreni fix.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš u poruci. Ukoliko ti se Notepad ne otvori, otvori ručno fajl log.txt i postavi njegov sadržaj na forum. -------- -------- -------- Sad izvrsi ARK skeniranje sa Gmer-om.

Profil

smz Poslao: 25 Okt 2013 09:07 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde ili ja nesto ne kapiram kako treba ili nesto ne radi. Otvorim editor (os je nemacki sto bi trebalo da bude notepad na engleskom os) i ubacim ovaj tekst. Snimim ga na desktop sa imenom fix.bat i izadjem iz njega. Pokrenem ikonicu fix gde je sve to sto sam snimio i na trenutak u delicu sekunde pojavi se crni prozorcic i odma nestane i to je sve... Fajl log.txt sam pokusavao da pronadjem ali ga nema tako da ne znam sta dalje.

Profil

magna86 Poslao: 25 Okt 2013 15:58 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! smz ::Ovde ili ja nesto ne kapiram kako treba ili nesto ne radi. ... Pokrenem ikonicu fix gde je sve to sto sam snimio i na trenutak u delicu sekunde pojavi se crni prozorcic i odma nestane i to je sve... Trebao si da dobijes ili izvestaj (log.txt) otvoren u notepadu ili info da su fajlovi obrisani. U radu je to. Predji na ARK pa da zavrsimo s' ovim.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » PriceGong sa Malware izbrisem ali oni su opet tu

Ko je trenutno na forumu

Ukupno su 788 korisnika na forumu :: 15 registrovanih, 1 sakriven i 772 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., anta, babaroga, Bane san, GandorCC, Istman, kolle.the.kid, Koridor, Milos ZA, operniki, sasovsky, Tila Painen, Viktor Petrenko, Yellow Pinky, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by