Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 16

Thema: Help needed to remove en.v9.com

  1. #1
    Einsteiger
    Registriert seit
    24.07.2013
    Beiträge
    8

    Help needed to remove en.v9.com

    Here is my log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 09:44:08 PM, on 2013/07/24
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)

    Running processes:
    C:\Program Files (x86)\CLCL\CLCL.exe
    C:\Users\Anton\AppData\Local\Apps\2.0\VO03MG3V.WZJ\6DD03YBM. W8V\move..tion_4ff31e5e5d0c235a_0001.0001_e6c7a9e373328860\M oveslink2.exe
    C:\Program Files (x86)\DC++\DCPlusPlus.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Process Explorer\procexp.exe
    E:\ADSL_DOWNLOADS\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files (x86)\Hijack This\HJT1991.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_80 0_94.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_80 0_94.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://howzit.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Anton\AppData\Local\Google\Update\GoogleUpdate.exe " /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [tixati] "C:\Program Files\tixati\tixati.exe"
    O4 - HKCU\..\Run: [Moveslink2] C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    O4 - HKCU\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8928] command.com /c del "C:\Program Files (x86)\Desk 365\zlib1.dll"
    O4 - Startup: CLCL.lnk = C:\Program Files (x86)\CLCL\CLCL.exe
    O4 - Startup: DC++.lnk = C:\Program Files (x86)\DC++\DCPlusPlus.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Startup: Everything.lnk = C:\Windows\System32\schtasks.exe
    O4 - Startup: Juice.lnk = C:\Program Files (x86)\Juice\Juice.exe
    O4 - Startup: NetBalancer Tray.lnk = C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra button: (no name) - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NetBalancerService - SeriousBit - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Bitdefender 60-Second Virus Scanner Service (pdserv) - Bitdefender - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stunnel - Unknown owner - C:\Program Files (x86)\AA Stunnel\aa-stunnel.exe" -service (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Web Assistant - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\ProgramData\eSafe\eGdpSvc.exe (file missing)

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.293

    Re: Help needed to remove en.v9.com

    Welcome to HijackThis.de peter*323,

    Not seeing too much wrong in the log you posted. Let's get a different look at things. In your next reply, also post back on what problems you are experiencing please.


    The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

    And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

    -------

    Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

    In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

    Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

    -------

    Download RogueKiller from here to your desktop.

    Close all open programs
    Remember to right click -> run as administrator, and click the downloaded file.
    Wen RogueKiller finises it's opening scan, press the Scan button..
    A RKreport.txt will be created in the same location as the RogueKiller file.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

    Please post the contents of the RKreport.txt.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  3. #3
    Einsteiger
    Registriert seit
    24.07.2013
    Beiträge
    8

    Re: Help needed to remove en.v9.com

    Hi,

    The problem is: All browsers open to web page http://en.v9.com/?utm_source=b&utm_m...&ts=1374362434


    Uninstall Manager:
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Apple Software Update
    AQScript_0.7.0.134_installer_0.24
    Auslogics Disk Defrag
    AviSynth 2.5
    BitComet 1.32 64-bit
    CDBurnerXP
    ControlCenter
    DC++ 0.699
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DVDStyler v2.3.4
    Evernote v. 4.5.8
    Everything 1.2.1.371
    ffdshow v1.2.4486 [2012-08-25]
    foobar2000 v1.2.8
    Foxit Reader
    Garmin POI Loader
    Garmin USB Drivers
    GetFoldersize 2.5.10
    Google Earth
    Google Update Helper
    Hijack This 1.99.1
    HijackThis 1.99.1
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    IPTInstaller
    Java 7 Update 25
    JavaFX 2.1.1
    Juice 2.2
    LogMeIn
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Access 2010 Runtime Service Pack 1 (SP1)
    Microsoft Access 2010 Runtime Service Pack 1 (SP1)
    Microsoft Access Runtime 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Runtime 2010
    Microsoft Office Access Runtime MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MozBackup 1.5.1
    Mozilla Firefox 22.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.7 (x86 en-US)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Localization Component
    Opera 12.02
    Paragon Backup & Recovery™ 2012 Free
    PicPick
    POIEditor
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    SpeedFan (remove only)
    Spybot - Search & Destroy
    SyncBackFree
    Tixati
    TreePad Lite 4.3
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VLC media player 2.0.7
    WinCDEmu
    Wsys Control 1.0.0.2557
    Xvid Video Codec
    XviD4PSP 5.10.305.0


    RogueKiller:
    RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Anton [Admin rights]
    Mode : Scan -- Date : 07/26/2013 09:20:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Moveslink2 (C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-981327903-2180684966-1594314013-1000\[...]\Run : Moveslink2 (C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto [-]) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤
    -> D:\windows\system32\config\SYSTEM
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\windows\system32\config\SOFTWARE
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\windows\system32\config\SECURITY
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\windows\system32\config\SAM
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\windows\system32\config\DEFAULT
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\Documents and Settings\Administrator\NTUSER.DAT
    C:\WINDOWS\system32
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    -> D:\Documents and Settings\Anton\NTUSER.DAT
    C:\WINDOWS\system32
    C:\Documents and Settings\Anton\Start Menu\Programs\Startup
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    C:\WINDOWS\system32
    C:\Documents and Settings\Default User\Start Menu\Programs\Startup
    -> D:\Documents and Settings\LocalService\NTUSER.DAT
    C:\WINDOWS\system32
    C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
    -> D:\Documents and Settings\NetworkService\NTUSER.DAT
    C:\WINDOWS\system32
    C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST2000DM001-9YN164 ATA Device +++++
    --- User ---
    [MBR] 151f05cfd7ed42a27440e1379b4c65d9
    [BSP] f98b7ccc2282d8f7a4a2885862092b5f : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 42445 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 86929408 | Size: 104885 Mo
    2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 516473685 | Size: 1655542 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST2000DM001-9YN164 ATA Device +++++
    --- User ---
    [MBR] e020037609353c7743cdceff3841a391
    [BSP] baba6125bd2b49af812ef8970c2e08da : Legit.C MBR Code
    Partition table:
    0 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 1907718 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: ST2000DM001-9YN164 ATA Device +++++
    --- User ---
    [MBR] fb2023daa874156895373f466b235f4c
    [BSP] a601a59fb05e5e12e827e3458a990051 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_07262013_092002.txt >>

  4. #4
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.293

    Re: Help needed to remove en.v9.com

    Let's see what removing any known junkware settings will do, and then we will just change the home pages in your browsers to whatever you want.

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  5. #5
    Einsteiger
    Registriert seit
    24.07.2013
    Beiträge
    8

    Re: Help needed to remove en.v9.com

    Hi,

    # AdwCleaner v2.306 - Logfile created 07/30/2013 at 08:54:36
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Anton - ANTON-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Anton\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : Web Assistant

    ***** [Files / Folders] *****

    File Found : C:\user.js
    File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 12.16 1860.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Anton\Desktop\Google Chrome.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Public\Desktop\Opera 12.16 1860.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    File Infected : C:\Users\Public\Desktop\Opera.lnk ( arg. : hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434)
    Folder Found : C:\Program Files\Web Assistant
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\Anton\AppData\Roaming\eIntaller
    Folder Found : C:\Users\Anton\AppData\Roaming\Yontoo

    ***** [Registry] *****

    Data Found : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434
    Data Found : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ {FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI3 2
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANC S
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprov ed\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\Software\Web Assistant
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfb cpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmng jenhhajpdfd
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmng jenhhajpdfd
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33 6D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKLM\SOFTWARE\Web Assistant
    Key Found : HKU\S-1-5-21-981327903-2180684966-1594314013-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default\prefs.js

    Found : user_pref("browser.search.defaultenginename", "v9");
    Found : user_pref("browser.search.order.1", "v9");
    Found : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
    Found : user_pref("extensions.incredibar.actvtyRptTime", "1344064468073");
    Found : user_pref("extensions.incredibar.admin", false);
    Found : user_pref("extensions.incredibar.aflt", "orgnl");
    Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
    Found : user_pref("extensions.incredibar.cntry", "ZA");
    Found : user_pref("extensions.incredibar.dfltLng", "EN");
    Found : user_pref("extensions.incredibar.dfltSrch", false);
    Found : user_pref("extensions.incredibar.dfltlng", "en");
    Found : user_pref("extensions.incredibar.dfltsrch", "false");
    Found : user_pref("extensions.incredibar.did", "10643");
    Found : user_pref("extensions.incredibar.envrmnt", "production");
    Found : user_pref("extensions.incredibar.excTlbr", false);
    Found : user_pref("extensions.incredibar.hdrMd5", "1D1A32C4F2230AA6394C22AEA80EF865");
    Found : user_pref("extensions.incredibar.hmpg", false);
    Found : user_pref("extensions.incredibar.hrdid", "a2dd55830000000000008c89a5c8a3bd");
    Found : user_pref("extensions.incredibar.id", "a2dd55830000000000008c89a5c8a3bd");
    Found : user_pref("extensions.incredibar.installerproductid", "26");
    Found : user_pref("extensions.incredibar.instlDay", "15524");
    Found : user_pref("extensions.incredibar.instlRef", "");
    Found : user_pref("extensions.incredibar.instlday", "15524");
    Found : user_pref("extensions.incredibar.instlref", "");
    Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
    Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
    Found : user_pref("extensions.incredibar.keywordurl", "");
    Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1415:43:14");
    Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Found : user_pref("extensions.incredibar.newTab", false);
    Found : user_pref("extensions.incredibar.newtab", "false");
    Found : user_pref("extensions.incredibar.newtaburl", "");
    Found : user_pref("extensions.incredibar.noFFXTlbr", false);
    Found : user_pref("extensions.incredibar.ppd", "1");
    Found : user_pref("extensions.incredibar.prdct", "incredibar");
    Found : user_pref("extensions.incredibar.productid", "26");
    Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
    Found : user_pref("extensions.incredibar.sg", "none");
    Found : user_pref("extensions.incredibar.smplGrp", "none");
    Found : user_pref("extensions.incredibar.smplgrp", "none");
    Found : user_pref("extensions.incredibar.srch", "");
    Found : user_pref("extensions.incredibar.srchprvdr", "");
    Found : user_pref("extensions.incredibar.tlbrId", "base");
    Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB_T[...]
    Found : user_pref("extensions.incredibar.tlbrid", "base");
    Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB_T[...]
    Found : user_pref("extensions.incredibar.upn2", "6PQClAgjCy");
    Found : user_pref("extensions.incredibar.upn2n", "92543166805512258");
    Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1415:43:14");
    Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1415:43:14");
    Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Found : user_pref("extensions.incredibar_i.dfltLng", "");
    Found : user_pref("extensions.incredibar_i.did", "10643");
    Found : user_pref("extensions.incredibar_i.excTlbr", false);
    Found : user_pref("extensions.incredibar_i.id", "a2dd55830000000000008c89a5c8a3bd");
    Found : user_pref("extensions.incredibar_i.installerproductid", "26");
    Found : user_pref("extensions.incredibar_i.instlDay", "15524");
    Found : user_pref("extensions.incredibar_i.instlRef", "");
    Found : user_pref("extensions.incredibar_i.ms_url_id", "");
    Found : user_pref("extensions.incredibar_i.newTab", false);
    Found : user_pref("extensions.incredibar_i.ppd", "1");
    Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Found : user_pref("extensions.incredibar_i.productid", "26");
    Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Found : user_pref("extensions.incredibar_i.smplGrp", "none");
    Found : user_pref("extensions.incredibar_i.tlbrId", "base");
    Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB[...]
    Found : user_pref("extensions.incredibar_i.upn2", "6PQClAgjCy");
    Found : user_pref("extensions.incredibar_i.upn2n", "92543166805512258");
    Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:43:14");
    Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Found : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader");
    Found : user_pref("extentions.y2layers.installId", "4a6f4175-367c-4924-a970-e3768b17475f");
    Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
    Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
    Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

    -\\ Google Chrome v28.0.1500.72

    File : C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v12.2.1578.0

    File : C:\Users\Anton\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7698 octets] - [24/11/2012 21:28:47]
    AdwCleaner[R2].txt - [12151 octets] - [30/07/2013 08:54:36]

    ########## EOF - C:\AdwCleaner[R2].txt - [12212 octets] ##########

  6. #6
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.293

    Re: Help needed to remove en.v9.com

    Sorry, I absolutely forgot to check in here.

    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Open AdwCleaner, and click the Uninstall button to have it remove itself.

    ----------


    Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

    If RSIT downloads/installs HijackThis be sure to agree to the install of that.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. You can just close that.

    Please post the AdwCleaner log and the RSIT log please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  7. #7
    Einsteiger
    Registriert seit
    24.07.2013
    Beiträge
    8

    Re: Help needed to remove en.v9.com

    Hi,

    # AdwCleaner v2.306 - Logfile created 08/05/2013 at 20:33:46
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Anton - ANTON-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Anton\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 12.16 1860.lnk
    File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    File Disinfected : C:\Users\Anton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    File Disinfected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    File Disinfected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    File Disinfected : C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    File Disinfected : C:\Users\Anton\Desktop\Google Chrome.lnk
    File Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
    File Disinfected : C:\Users\Public\Desktop\Opera 12.16 1860.lnk
    File Disinfected : C:\Users\Public\Desktop\Opera.lnk
    Folder Deleted : C:\Program Files\Web Assistant
    Folder Deleted : C:\Users\Anton\AppData\Roaming\eIntaller
    Folder Deleted : C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default\jetpack
    Folder Deleted : C:\Users\Anton\AppData\Roaming\Yontoo

    ***** [Registry] *****

    Data Deleted : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434
    Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=ST2000DM001-9YN164_W1E0R088XXXXW1E0R088&ts=1374362434
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ {FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI3 2
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANC S
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprov ed\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\Web Assistant
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfb cpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmng jenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33 6D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Web Assistant
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default\prefs.js

    C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "v9");
    Deleted : user_pref("browser.search.order.1", "v9");
    Deleted : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
    Deleted : user_pref("extensions.ghostery.bugs", "{\"copyright\":\"This proprietary database is protected by co[...]
    Deleted : user_pref("extensions.ghostery.lsos", "{\"copyright\":\"This proprietary database is protected by co[...]
    Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1344064468073");
    Deleted : user_pref("extensions.incredibar.admin", false);
    Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
    Deleted : user_pref("extensions.incredibar.cntry", "ZA");
    Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
    Deleted : user_pref("extensions.incredibar.dfltSrch", false);
    Deleted : user_pref("extensions.incredibar.dfltlng", "en");
    Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
    Deleted : user_pref("extensions.incredibar.did", "10643");
    Deleted : user_pref("extensions.incredibar.envrmnt", "production");
    Deleted : user_pref("extensions.incredibar.excTlbr", false);
    Deleted : user_pref("extensions.incredibar.hdrMd5", "1D1A32C4F2230AA6394C22AEA80EF865");
    Deleted : user_pref("extensions.incredibar.hmpg", false);
    Deleted : user_pref("extensions.incredibar.hrdid", "a2dd55830000000000008c89a5c8a3bd");
    Deleted : user_pref("extensions.incredibar.id", "a2dd55830000000000008c89a5c8a3bd");
    Deleted : user_pref("extensions.incredibar.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar.instlDay", "15524");
    Deleted : user_pref("extensions.incredibar.instlRef", "");
    Deleted : user_pref("extensions.incredibar.instlday", "15524");
    Deleted : user_pref("extensions.incredibar.instlref", "");
    Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
    Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
    Deleted : user_pref("extensions.incredibar.keywordurl", "");
    Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1415:43:14");
    Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Deleted : user_pref("extensions.incredibar.newTab", false);
    Deleted : user_pref("extensions.incredibar.newtab", "false");
    Deleted : user_pref("extensions.incredibar.newtaburl", "");
    Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
    Deleted : user_pref("extensions.incredibar.ppd", "1");
    Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar.productid", "26");
    Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
    Deleted : user_pref("extensions.incredibar.sg", "none");
    Deleted : user_pref("extensions.incredibar.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar.smplgrp", "none");
    Deleted : user_pref("extensions.incredibar.srch", "");
    Deleted : user_pref("extensions.incredibar.srchprvdr", "");
    Deleted : user_pref("extensions.incredibar.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB_T[...]
    Deleted : user_pref("extensions.incredibar.tlbrid", "base");
    Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB_T[...]
    Deleted : user_pref("extensions.incredibar.upn2", "6PQClAgjCy");
    Deleted : user_pref("extensions.incredibar.upn2n", "92543166805512258");
    Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1415:43:14");
    Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1415:43:14");
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10643");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "a2dd55830000000000008c89a5c8a3bd");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15524");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "1");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQClAgjCy&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6PQClAgjCy");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92543166805512258");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:43:14");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader");
    Deleted : user_pref("extentions.y2layers.installId", "4a6f4175-367c-4924-a970-e3768b17475f");
    Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
    Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
    Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

    -\\ Google Chrome v28.0.1500.95

    File : C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v12.2.1578.0

    File : C:\Users\Anton\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7698 octets] - [24/11/2012 21:28:47]
    AdwCleaner[R2].txt - [12268 octets] - [30/07/2013 08:54:36]
    AdwCleaner[S1].txt - [10485 octets] - [05/08/2013 20:33:46]

    ########## EOF - C:\AdwCleaner[S1].txt - [10546 octets] ##########


    Logfile of random's system information tool 1.09 (written by random/random)
    Run by Anton at 2013-08-05 20:41:41
    Microsoft Windows 7 Professional Service Pack 1
    System drive C: has 20 GB (19%) free of 105 GB
    Total RAM: 7896 MB (71% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:41:47 PM, on 2013/08/05
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\CLCL\CLCL.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Users\Anton\AppData\Local\Apps\2.0\VO03MG3V.WZJ\6DD03YBM. W8V\move..tion_4ff31e5e5d0c235a_0001.0001_e6c7a9e373328860\M oveslink2.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Anton\Desktop\RSIT.exe
    C:\Program Files (x86)\trend micro\Anton.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://howzit.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Anton\AppData\Local\Google\Update\GoogleUpdate.exe " /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [tixati] "C:\Program Files\tixati\tixati.exe"
    O4 - HKCU\..\Run: [Moveslink2] C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
    O4 - HKCU\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
    O4 - Startup: CLCL.lnk = C:\Program Files (x86)\CLCL\CLCL.exe
    O4 - Startup: DC++.lnk = C:\Program Files (x86)\DC++\DCPlusPlus.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Startup: Everything.lnk = C:\Windows\System32\schtasks.exe
    O4 - Startup: Juice.lnk = C:\Program Files (x86)\Juice\Juice.exe
    O4 - Startup: NetBalancer Tray.lnk = C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra button: (no name) - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NetBalancerService - SeriousBit - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Bitdefender 60-Second Virus Scanner Service (pdserv) - Bitdefender - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stunnel - Unknown owner - C:\Program Files (x86)\AA Stunnel\aa-stunnel.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\ProgramData\eSafe\eGdpSvc.exe (file missing)

    --
    End of file - 11869 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981327903-2180684966-1594314013-1000Core.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981327903-2180684966-1594314013-1000UA.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default

    prefs.js - "browser.search.useDBForOrder" - true
    prefs.js - "browser.startup.homepage" - "about:home"
    prefs.js - "extensions.enabledItems" - "aardvark@rob.brown:2.97, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2, asf@mangaheart.org:0.9.3, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5, {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1, FasterFox_Lite@BigRedBrent:3.8.2Lite, {cd2b821e-19f9-40a7-ac5c-08d6c197fc43}:0.8.6, smartwebprinting@hp.com:4.60, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.30, {39379F86-9CCB-4724-AE33-4278DE266C88}:1.0.1, {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4, {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.7.6, {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.2, {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7"
    prefs.js - "keyword.URL" - "http://www.google.co.za/search?lr=&ie=UTF-8&oe=UTF-8&q="

    "{8E9E3331-D360-4f87-8803-52DE43566502}"=C:\Program Files\Web Assistant\Firefox


    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 11.8.800.94 Plugin
    "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_9 4.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.co m/Foxit Reader Plugin,version=1.0,application/pdf]
    "Description"=
    "Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
    "Description"=Google Earth in your browser
    "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
    "Description"=Intel IPT WebApi plugin
    "Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
    "Description"=This plugin updates Intel WebAPI component
    "Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
    "Description"=Java™ Deployment Toolkit
    "Path"=C:\Windows\SysWOW64\npDeployJava1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
    "Description"=
    "Path"=disabled

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/Lync,version=15.0]
    "Description"=Microsoft Lync Plug-in for Firefox
    "Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
    "Description"=Office Authorization plug-in for NPAPI browsers
    "Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
    "Description"=Microsoft SharePoint Plug-in for Firefox
    "Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
    "Description"=Google Update
    "Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
    "Description"=Google Update
    "Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
    "Description"=VLC Multimedia Plugin
    "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


    C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\nb12 njmy.default\extensions\
    anttoolbar@ant.com
    FasterFox_Lite@BigRedBrent
    netvideohunter@netvideohunter.com
    {3d7eb24f-2740-49df-8937-200b1cc08f8a}
    {5384767E-00D9-40E9-B72F-9CC39D655D6F}
    {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    {e001c731-5e37-4538-a5cb-8168736a2360}

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
    Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-07-10 139424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-23 463272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-07-10 704728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
    Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-07-10 1724616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-23 171944]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
    "Everything"=C:\Program Files (x86)\Everything\Everything.exe [2009-03-13 602624]
    "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
    "HTC Sync Loader"=C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12 655360]
    "ControlCenterCount"=C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [2012-03-26 872448]
    "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2012-06-17 694032]
    "Google Update"=C:\Users\Anton\AppData\Local\Google\Update\GoogleUpd ate.exe [2012-07-01 116648]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-16 5622512]
    "tixati"=C:\Program Files\tixati\tixati.exe [2013-05-30 22750096]
    "Moveslink2"=C:\Users\Anton\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Suunto\Moveslink2.appref-ms [2013-06-28 336]
    "pdiface"=C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [2013-07-29 278976]

    C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    CLCL.lnk - C:\Program Files (x86)\CLCL\CLCL.exe
    DC++.lnk - C:\Program Files (x86)\DC++\DCPlusPlus.exe
    EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    Everything.lnk - C:\Windows\System32\schtasks.exe
    Juice.lnk - C:\Program Files (x86)\Juice\Juice.exe
    NetBalancer Tray.lnk - C:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Tray.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\security providers]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\AFD]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\MsMpSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvyu"=msyuv.dll
    "vidc.iyuv"=iyuv_32.dll
    "vidc.i420"=i420vfw.dll
    "vidc.yvu9"=tsbyuv.dll
    "msacm.l3acm"=l3codecp.acm
    "vidc.cvid"=iccvid.dll
    "vidc.XVID"=xvidvfw.dll
    "VIDC.FFDS"=ff_vfw.dll
    "msacm.avis"=ff_acm.acm
    "vidc.yv12"=yv12vfw.dll
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 month======

    2013-08-05 20:41:41 ----D---- C:\rsit
    2013-08-05 20:41:41 ----D---- C:\Program Files (x86)\trend micro
    2013-07-30 08:51:54 ----D---- C:\ProgramData\Bitdefender
    2013-07-28 19:48:38 ----D---- C:\Windows\Minidump
    2013-07-26 18:11:09 ----SHD---- C:\$RECYCLE.BIN
    2013-07-26 11:15:04 ----A---- C:\Windows\zip.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\SWSC.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\SWREG.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\sed.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\PEV.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\NIRCMD.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\MBR.exe
    2013-07-26 11:15:04 ----A---- C:\Windows\grep.exe
    2013-07-26 11:15:01 ----SD---- C:\ComboFix2013-07-26
    2013-07-26 11:12:00 ----D---- C:\Qoobox
    2013-07-26 11:11:53 ----D---- C:\Windows\erdnt
    2013-07-25 13:19:22 ----D---- C:\ProgramData\Kaspersky Lab
    2013-07-24 20:48:45 ----D---- C:\Program Files (x86)\Hijack This
    2013-07-24 19:27:30 ----D---- C:\Program Files (x86)\Process Explorer
    2013-07-24 13:37:20 ----A---- C:\Windows\wininit.ini
    2013-07-24 12:04:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2013-07-24 12:04:06 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-07-21 01:20:54 ----D---- C:\ProgramData\eSafe_old
    2013-07-15 05:58:54 ----A---- C:\Windows\SysWOW64\ieui.dll
    2013-07-15 05:58:53 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-07-15 05:58:53 ----A---- C:\Windows\SysWOW64\iesysprep.dll
    2013-07-15 05:58:53 ----A---- C:\Windows\SysWOW64\iesetup.dll
    2013-07-15 05:58:53 ----A---- C:\Windows\SysWOW64\iertutil.dll
    2013-07-15 05:58:53 ----A---- C:\Windows\SysWOW64\iernonce.dll
    2013-07-15 05:58:52 ----A---- C:\Windows\SysWOW64\msfeeds.dll
    2013-07-15 05:58:52 ----A---- C:\Windows\SysWOW64\jscript.dll
    2013-07-15 05:58:51 ----A---- C:\Windows\SysWOW64\urlmon.dll
    2013-07-15 05:58:51 ----A---- C:\Windows\SysWOW64\jscript9.dll
    2013-07-15 05:58:50 ----A---- C:\Windows\SysWOW64\wininet.dll
    2013-07-15 05:58:50 ----A---- C:\Windows\SysWOW64\jsproxy.dll
    2013-07-15 05:58:49 ----A---- C:\Windows\SysWOW64\ieframe.dll
    2013-07-15 05:58:46 ----A---- C:\Windows\SysWOW64\mshtml.dll
    2013-07-11 19:48:19 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-07-11 17:04:41 ----A---- C:\Windows\SysWOW64\qedit.dll
    2013-07-11 16:23:28 ----A---- C:\Windows\SysWOW64\DWrite.dll

    ======List of files/folders modified in the last 1 month======

    2013-08-05 20:41:47 ----D---- C:\Windows\Prefetch
    2013-08-05 20:41:41 ----RD---- C:\Program Files (x86)
    2013-08-05 20:38:55 ----D---- C:\Program Files (x86)\Everything
    2013-08-05 20:38:20 ----D---- C:\Users\Anton\AppData\Roaming\tixati
    2013-08-05 20:38:16 ----A---- C:\Windows\SysWOW64\log.txt
    2013-08-05 20:36:50 ----D---- C:\Windows\System32
    2013-08-05 20:36:14 ----D---- C:\Windows\Temp
    2013-08-05 20:33:50 ----RD---- C:\Program Files
    2013-08-05 20:32:47 ----D---- C:\Users\Anton\AppData\Roaming\foobar2000
    2013-08-05 17:13:15 ----SHD---- C:\System Volume Information
    2013-08-05 05:46:54 ----D---- C:\ProgramData\LogMeIn
    2013-08-03 11:37:21 ----HD---- C:\ProgramData
    2013-07-31 14:33:45 ----D---- C:\Windows\inf
    2013-07-31 00:23:12 ----SHD---- C:\Windows\Installer
    2013-07-31 00:23:05 ----D---- C:\Program Files (x86)\Google
    2013-07-28 19:50:52 ----D---- C:\Windows
    2013-07-26 18:26:41 ----D---- C:\Program Files (x86)\Opera x64
    2013-07-25 18:01:44 ----D---- C:\Program Files (x86)\Microsoft Security Client
    2013-07-25 16:44:49 ----D---- C:\Windows\debug
    2013-07-24 21:18:42 ----SD---- C:\Users\Anton\AppData\Roaming\Microsoft
    2013-07-24 13:37:28 ----D---- C:\Program Files (x86)\Common Files
    2013-07-24 12:32:59 ----D---- C:\Users\Anton\AppData\Roaming\Media Player Classic
    2013-07-24 12:32:31 ----D---- C:\Windows\Panther
    2013-07-24 12:32:30 ----D---- C:\Windows\Logs
    2013-07-21 12:50:53 ----D---- C:\Windows\Tasks
    2013-07-18 21:06:00 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-07-15 16:32:11 ----RSD---- C:\Windows\assembly
    2013-07-15 16:32:11 ----D---- C:\Windows\Microsoft.NET
    2013-07-15 16:05:44 ----D---- C:\Windows\winsxs
    2013-07-15 16:05:04 ----D---- C:\Windows\SysWOW64
    2013-07-15 16:05:04 ----D---- C:\Program Files (x86)\Internet Explorer
    2013-07-12 17:07:25 ----D---- C:\Program Files (x86)\Windows Defender
    2013-07-12 05:56:20 ----D---- C:\ProgramData\Microsoft Help
    2013-07-10 18:05:55 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
    2013-07-09 20:50:17 ----D---- C:\Program Files (x86)\foobar2000
    2013-07-09 17:44:10 ----D---- C:\Users\Anton\AppData\Roaming\dvdcss

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
    R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
    R1 Nbdrv;NetBalancer LightWeight Filter; C:\Windows\system32\DRIVERS\nbdrv.sys []
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    R1 Uim_IM;Universal Image Mounter Plugin; C:\Windows\System32\Drivers\Uim_IMx64.sys []
    R1 Uim_VIM;UIM Virtual Image Plugin; C:\Windows\System32\Drivers\uim_vimx64.sys []
    R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\uimx64.sys []
    R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
    R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
    R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
    R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-05-30 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
    R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver; C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys []
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
    R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
    R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
    R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys []
    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
    R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-06-17 166576]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
    R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys []
    R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys []
    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
    S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys []
    S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys []
    S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
    S3 NTIOLib_1_0_2;NTIOLib_1_0_2; \??\C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-02-14 13328]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
    S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\E:\ADSL_DOWNLOADS\RealTemp_370\WinRing0x64.sys [2013-04-04 14544]
    S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\SysWOW64\drivers\LMIRfsClientNP.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-15 165336]
    R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-06-08 376144]
    R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2013-06-08 226640]
    R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-15 279000]
    R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2012-06-08 407424]
    R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 23808]
    R2 NetBalancerService;NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2013-07-22 16384]
    R2 OfficeSvc;Microsoft Office Service; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09 1900728]
    R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
    R2 pdserv;Bitdefender 60-Second Virus Scanner Service; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [2013-07-29 1445424]
    R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-06-17 98576]
    R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 stunnel;stunnel; C:\Program Files (x86)\AA Stunnel\aa-stunnel.exe [2004-04-24 66048]
    R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-15 366040]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 116648]
    S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S2 WsysSvc;Wsys Service; C:\ProgramData\eSafe\eGdpSvc.exe []
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state .exe [2010-03-18 44376]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-06 276288]
    S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 116648]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-29 117144]
    S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-06-20 366600]
    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-27 150600]
    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-03-27 5132888]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0. 30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.ex e [2010-03-18 124240]
    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0. 30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.ex e [2010-03-18 124240]
    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.3 0319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.ex e [2010-03-18 124240]

    -----------------EOF-----------------

  8. #8
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.293

    Re: Help needed to remove en.v9.com

    No email notification you had replied - not sure why. Good so far. Do the following, but also post back on any issues you are having we need to correct.

    Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

    If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

    Remove found threats
    Scan unwanted applications


    Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

    Then click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology

    Click Start. This scan may take a while, so please be patient.

    If infection is found, at the end of the scan click "List of found threats".

    In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

    Post that log please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  9. #9
    Einsteiger
    Registriert seit
    24.07.2013
    Beiträge
    8

    Re: Help needed to remove en.v9.com

    Hi,

    C:\Users\All Users\Spybot - Search & Destroy\Recovery\ElexDesk21.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\ElexDesk22.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\ElexDesk35.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage49.zip Win32/Bagle.gen.zip worm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Micro soft\Windows\Temporary Internet Files\Content.IE5\update[1] multiple threats
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ElexDesk21.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ElexDesk22.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ElexDesk35.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage49.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Micro soft\Windows\Temporary Internet Files\Content.IE5\update[1] multiple threats cleaned by deleting - quarantined
    E:\ADSL_DOWNLOADS\setup-direct-youtube-downloader.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
    E:\ADSL_DOWNLOADS\whole9life-com\Paleo_Power_Lunch__Easy,_Filling,_downloader_za_99250.ex e a variant of Win32/ExpressFiles.B application cleaned by deleting - quarantined
    E:\ADSL_DOWNLOADS\whole9life-com\Stormy_Sweitzer_Paleo_Power_Lunch-torrent.rar_downloader_za_99255.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
    E:\ADSL_DOWNLOADS\whole9life-com\Stormy_Sweitzer_Paleo_Power_Lunch-torrent.torrent_downloader_99255.exe a variant of Win32/YourFileDownloader.A application cleaned by deleting - quarantined
    E:\ADSL_DOWNLOADS\whole9life-com\Stormy_Sweitzer_Paleo_Power_Lunch-torrent.zip_downloader_za_99255.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
    E:\DOWNLOADS\cnet2_7502388_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    E:\DOWNLOADS\DeskDriveSetup.exe Win32/InstallMonetizer.AF application cleaned by deleting - quarantined
    E:\Sandbox\Anton\DefaultBox\user\current\AppData\Local\Googl e\Chrome\User Data\Default\Cache\f_00000b HTML/Iframe.B.Gen virus deleted - quarantined
    E:\Sandbox\Anton\DefaultBox\user\current\AppData\Local\Googl e\Chrome\User Data\Default\Cache\f_000015 HTML/Iframe.B.Gen virus deleted - quarantined
    E:\Sandbox\Anton\DefaultBox\user\current\AppData\Local\Googl e\Chrome\User Data\Default\Cache\f_000035 HTML/Iframe.B.Gen virus deleted - quarantined
    E:\WIN7\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
    E:\WIN7\user\Local Settings\Temporary Internet Files\Content.IE5\WPBSBABB\pmadeploy_5605[1].exe multiple threats cleaned by deleting - quarantined

  10. #10
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.293

    Re: Help needed to remove en.v9.com

    Just garbage-ware installers, and no telling what Spybot is calling a "Bagle" infection, but removed by it anyway. Did that AdwCleaner run correct your home page issues? Also post back on anything else we need to address please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Help needed with log
    Von enike im Forum English-Help
    Antworten: 1
    Letzter Beitrag: 13.07.2008, 03:54
  2. Help needed
    Von geoffe im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 16.11.2006, 13:20
  3. No help needed
    Von johnnyarolfo im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 01.04.2006, 21:38
  4. Help needed with my log
    Von Unregistered im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 03.04.2005, 06:02
  5. Help Needed with Log
    Von bobf123 im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 10.03.2005, 19:20

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •