Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2012, 16:36   #1
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo,
ich bitte um Eure Hilfe:
habe mich blöderweise auf einer Postbank-Phishingseite eingeloggt (war täuschend echt), dann erschien ein Fenster zur Eingabe einer TAN zur "Identifizierung". Kurz darauf erhielt ich eine SMS mit Überweisungstan für über 2.900,-€. Klar, da wußte ich, was passiert war, habe sofort über einen anderen PC mein Kennwort geändert.
Meine Windowsfirewall war vorher durch den Virus ausgeschaltet worden.

Die Virensoftware McAfee hat beim SystemCheck nichts gefunden, eine CD von Kasperski von der Zeitschrift: com! ,die ich übers Internet aktualisiert habe, hat die ganze Nacht alle Dateien durchsucht. Nichts gefunden.
Der Virus, Trojaner oder was auch immer, ist aber da, beim Hochfahren des PCs wird von ihm die Virensoftware ausgeschaltet und egal wie ich die url der Postbank eingebe komme ich immer nur auf die gefälschte Seite.

Es erschien von McAfee die Meldung: Achtung unsichere Verbindung soll aufgebaut werden von:C:\USERS\...\APPDATA\ROAMING\AZIMCOZ\CUCILEI.EXE, sollte geblockt werden, komme aber trotzdem auf die Phishingseite. Wie werde ich diesen Virus wieder los?
Das Betriebssystem ist vista 64bit.

Kann mir jemand helfen? Vielen Dank.
Lg barioni

Alt 02.07.2012, 15:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 04.07.2012, 08:39   #3
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



vielen Dank für die Hilfe! Am Wochenende werde ich alle Maßnahmen durchführen, bis dahin ist der verseuchte PC stillgelegt
Ich melde mich wieder, nochmals Danke,
viele Grüße barioni
__________________

Alt 08.07.2012, 18:28   #4
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo Arne,
hier erst einmal die Logfiles von Malwarebytes, nachdem die Viren vom Programm in Quarantäne verschoben wurden, wird trotzdem der Virenschutz automatisch beim Neustart des PCs ausgeschaltet. Den Scan mit ESET muss ich noch machen, kann aber nicht die Firewall und Virenschutz manuell ausschalten. Bitte da nochmal um Hilfestellung.Vielen Dank. lg barioni

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.02.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ina :: PC-1 [Administrator]

Schutz: Aktiviert

02.07.2012 18:53:41
mbam-log-2012-07-02 (18-53-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217625
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe (Trojan.Agent) -> 3056 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BFC43B6-1B50-B78C-232C-82BA971720D7} (Trojan.Agent) -> Daten: C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)
Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.02.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ina :: PC-1 [Administrator]

Schutz: Aktiviert

02.07.2012 19:30:04
mbam-log-2012-07-02 (19-30-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 521184
Laufzeit: 2 Stunde(n), 57 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BFC43B6-1B50-B78C-232C-82BA971720D7} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ina\Downloads\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Geändert von barioni (08.07.2012 um 18:40 Uhr)

Alt 09.07.2012, 12:17   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Die Logs sollst du in CODE-Tags posten!
Und zgl ESET, die Windows-Firewall kann anbleiben, mit Virenscanner deaktivieren wird gemeint, dass du den Hintergrundwächter abstellst!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.07.2012, 19:51   #6
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo,
danke für die Anweisungen:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ina :: PC-1 [Administrator]

Schutz: Aktiviert

02.07.2012 18:53:41
mbam-log-2012-07-02 (18-53-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217625
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe (Trojan.Agent) -> 3056 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BFC43B6-1B50-B78C-232C-82BA971720D7} (Trojan.Agent) -> Daten: C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ina :: PC-1 [Administrator]

Schutz: Aktiviert

02.07.2012 19:30:04
mbam-log-2012-07-02 (19-30-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 521184
Laufzeit: 2 Stunde(n), 57 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BFC43B6-1B50-B78C-232C-82BA971720D7} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Ina\AppData\Roaming\Azimcoz\cucilei.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ina\Downloads\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5762912862e9564997bf14448dd66562
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 06:32:35
# local_time=2012-07-19 08:32:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16777213 100 75 1749216 7931361 0 0
# compatibility_mode=5892 16776573 100 56 193225 180229771 0 0
# compatibility_mode=8192 67108863 100 0 359 359 0 0
# scanned=342052
# found=7
# cleaned=0
# scan_time=16889
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf	INF/Autorun.gen worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMMADBDO\SoftonicDownloader_fuer_ea-download-manager[1].exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ina\Downloads\SoftonicDownloader77464.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ina\Downloads\SoftonicDownloader_for_ea-download-manager.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ina\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ina\Downloads\SoftonicDownloader_fuer_magix-videos-fur-unterwegs.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Sicherungen\SoftonicDownloader77464.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         

Freue mich auf Antwort,
Lg Ina

Alt 19.07.2012, 20:39   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.07.2012, 23:37   #8
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo,

außer dem softonic-Mist ist ja da noch "INF/Autorun.gen worm" ist das der Grund, dass beim Hochfahren des PCs, McAfee ausgeschaltet wird?


Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/20/2012 at 00:27:31
# Updated 13/07/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Ina - PC-1
# Running from : C:\Users\Ina\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Ina\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ina\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\Conduit
Folder Found : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\facemoods.com
File Found : C:\Users\Ina\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\facemoods.com
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=stonicde
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\prefs.js

Found : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1351351.CTID", "CT1351351");
Found : user_pref("CT1351351.CurrentServerDate", "4-7-2010");
Found : user_pref("CT1351351.DialogsAlignMode", "LTR");
Found : user_pref("CT1351351.DownloadReferralCookieData", "");
Found : user_pref("CT1351351.EMailNotifierPollDate", "Sun Jul 04 2010 09:34:20 GMT+0200");
Found : user_pref("CT1351351.FeedLastCount4950394486774855536", 482);
Found : user_pref("CT1351351.FeedPollDate129212076548066820", "Sun Jul 04 2010 23:34:22 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066826", "Sun Jul 04 2010 23:34:22 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066832", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066838", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066844", "Sun Jul 04 2010 23:34:22 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066850", "Sun Jul 04 2010 23:34:22 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066856", "Sun Jul 04 2010 23:34:22 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066862", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066868", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066874", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066880", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066886", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066892", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548066898", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223154", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223160", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223166", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223172", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223178", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223184", "Mon Jul 05 2010 00:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223190", "Sun Jul 04 2010 23:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223196", "Mon Jul 05 2010 00:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223202", "Mon Jul 05 2010 00:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223208", "Mon Jul 05 2010 00:34:23 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223214", "Mon Jul 05 2010 00:34:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate129212076548223220", "Mon Jul 05 2010 00:34:24 GMT+0200");
Found : user_pref("CT1351351.FeedTTL129212076548066832", 5);
Found : user_pref("CT1351351.FeedTTL129212076548066838", 5);
Found : user_pref("CT1351351.FeedTTL129212076548066868", 2);
Found : user_pref("CT1351351.FeedTTL129212076548066898", 5);
Found : user_pref("CT1351351.FeedTTL129212076548223160", 30);
Found : user_pref("CT1351351.FirstServerDate", "4-7-2010");
Found : user_pref("CT1351351.FirstTime", true);
Found : user_pref("CT1351351.FirstTimeFF3", true);
Found : user_pref("CT1351351.FirstTimeSettingsDone", true);
Found : user_pref("CT1351351.FixPageNotFoundErrors", true);
Found : user_pref("CT1351351.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1351351.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1351351.Initialize", true);
Found : user_pref("CT1351351.InitializeCommonPrefs", true);
Found : user_pref("CT1351351.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT1351351.InstallationType", "ConduitIntegration");
Found : user_pref("CT1351351.InstalledDate", "Sun Jul 04 2010 09:34:20 GMT+0200");
Found : user_pref("CT1351351.InvalidateCache", false);
Found : user_pref("CT1351351.IsGrouping", false);
Found : user_pref("CT1351351.IsMulticommunity", false);
Found : user_pref("CT1351351.IsOpenThankYouPage", true);
Found : user_pref("CT1351351.IsOpenUninstallPage", true);
Found : user_pref("CT1351351.LanguagePackLastCheckTime", "Sun Jul 04 2010 09:34:26 GMT+0200");
Found : user_pref("CT1351351.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1351351.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1351351.LastLogin_2.7.1.3", "Sun Jul 04 2010 09:34:22 GMT+0200");
Found : user_pref("CT1351351.LatestVersion", "2.1.0.18");
Found : user_pref("CT1351351.Locale", "de-de");
Found : user_pref("CT1351351.LoginCache", 4);
Found : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Found : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Found : user_pref("CT1351351.RadioIsPodcast", false);
Found : user_pref("CT1351351.RadioLastCheckTime", "Sun Jul 04 2010 09:34:23 GMT+0200");
Found : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Found : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Found : user_pref("CT1351351.RadioMediaID", "10531746");
Found : user_pref("CT1351351.RadioMediaType", "Media Player");
Found : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Found : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Found : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Found : user_pref("CT1351351.SavedHomepage", "hxxp://www.facebook.com/index.php?lh=e8e1fde2adafcca077aa9aaa7[...]
Found : user_pref("CT1351351.SearchEngine", "Websuche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_T[...]
Found : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Found : user_pref("CT1351351.SearchInNewTabEnabled", true);
Found : user_pref("CT1351351.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1351351.SearchInNewTabLastCheckTime", "Sun Jul 04 2010 09:34:23 GMT+0200");
Found : user_pref("CT1351351.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1351351.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1351351.SettingsCheckIntervalMin", 120);
Found : user_pref("CT1351351.SettingsLastCheckTime", "Sun Jul 04 2010 09:34:20 GMT+0200");
Found : user_pref("CT1351351.SettingsLastUpdate", "1277822588");
Found : user_pref("CT1351351.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Sun Jul 04 2010 09:34:19 GMT+0200");
Found : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1277822588");
Found : user_pref("CT1351351.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT1351351.UserID", "UN17565984240705135");
Found : user_pref("CT1351351.WeatherNetwork", "");
Found : user_pref("CT1351351.WeatherPollDate", "Sun Jul 04 2010 09:34:27 GMT+0200");
Found : user_pref("CT1351351.WeatherUnit", "C");
Found : user_pref("CT1351351.alertChannelId", "669");
Found : user_pref("CT1351351.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT1351351.backendstorage.hxxp://topix_cachefly_net/static.topix-localnodejson", "7B226C6F[...]
Found : user_pref("CT1351351.clientLogIsEnabled", true);
Found : user_pref("CT1351351.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT1351351.myStuffEnabled", true);
Found : user_pref("CT1351351.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1351351.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1351351.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1351351.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1351351.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "4-8-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 04 2010 17:18:32 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "4-8-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Wed Aug 04 2010 17:18:32 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 04 2010 17:18:42 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.1.3", "Wed Aug 04 2010 17:18:33 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 04 2010 17:18:33 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 04 2010 17:18:33 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 04 2010 17:18:30 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Aug 04 2010 17:18:29 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN60396639973738870");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Wed Aug 04 2010 17:18:33 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://go.gmx.net/suchbox/gmxsuche?su=")[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2269050");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 04 2010 17:18:32 GMT+0200");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1351351");
Found : user_pref("browser.search.defaultthis.engineName", "Softonic Deutsch Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&Sea[...]
Found : user_pref("extensions.facemoods.aflt", "_#stonicde");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "30");
Found : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=stonicde&q=");

*************************

AdwCleaner[R1].txt - [26199 octets] - [20/07/2012 00:27:31]

########## EOF - C:\AdwCleaner[R1].txt - [26328 octets] ##########
         
Nochmals Danke für Deine Hilfe,
Lg Ina

Alt 20.07.2012, 14:30   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.07.2012, 14:52   #10
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo,
Code:
ATTFilter
 
# AdwCleaner v1.702 - Logfile created 07/20/2012 at 15:42:43
# Updated 13/07/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Ina - PC-1
# Running from : C:\Users\Ina\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Ina\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Ina\AppData\LocalLow\facemoods.com
Deleted on reboot : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\Conduit
Deleted on reboot : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\facemoods.com
Deleted on reboot : C:\Users\Ina\AppData\Local\TempC:\Program Files (x86)\Software
File Deleted : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=stonicde --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\prefs.js

C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\user.js ... Deleted !

Deleted : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1351351.CTID", "CT1351351");
Deleted : user_pref("CT1351351.CurrentServerDate", "4-7-2010");
Deleted : user_pref("CT1351351.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1351351.DownloadReferralCookieData", "");
Deleted : user_pref("CT1351351.EMailNotifierPollDate", "Sun Jul 04 2010 09:34:20 GMT+0200");
Deleted : user_pref("CT1351351.FeedLastCount4950394486774855536", 482);
Deleted : user_pref("CT1351351.FeedPollDate129212076548066820", "Sun Jul 04 2010 23:34:22 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066826", "Sun Jul 04 2010 23:34:22 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066832", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066838", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066844", "Sun Jul 04 2010 23:34:22 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066850", "Sun Jul 04 2010 23:34:22 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066856", "Sun Jul 04 2010 23:34:22 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066862", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066868", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066874", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066880", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066886", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066892", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548066898", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223154", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223160", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223166", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223172", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223178", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223184", "Mon Jul 05 2010 00:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223190", "Sun Jul 04 2010 23:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223196", "Mon Jul 05 2010 00:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223202", "Mon Jul 05 2010 00:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223208", "Mon Jul 05 2010 00:34:23 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223214", "Mon Jul 05 2010 00:34:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate129212076548223220", "Mon Jul 05 2010 00:34:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedTTL129212076548066832", 5);
Deleted : user_pref("CT1351351.FeedTTL129212076548066838", 5);
Deleted : user_pref("CT1351351.FeedTTL129212076548066868", 2);
Deleted : user_pref("CT1351351.FeedTTL129212076548066898", 5);
Deleted : user_pref("CT1351351.FeedTTL129212076548223160", 30);
Deleted : user_pref("CT1351351.FirstServerDate", "4-7-2010");
Deleted : user_pref("CT1351351.FirstTime", true);
Deleted : user_pref("CT1351351.FirstTimeFF3", true);
Deleted : user_pref("CT1351351.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1351351.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1351351.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1351351.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1351351.Initialize", true);
Deleted : user_pref("CT1351351.InitializeCommonPrefs", true);
Deleted : user_pref("CT1351351.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT1351351.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT1351351.InstalledDate", "Sun Jul 04 2010 09:34:20 GMT+0200");
Deleted : user_pref("CT1351351.InvalidateCache", false);
Deleted : user_pref("CT1351351.IsGrouping", false);
Deleted : user_pref("CT1351351.IsMulticommunity", false);
Deleted : user_pref("CT1351351.IsOpenThankYouPage", true);
Deleted : user_pref("CT1351351.IsOpenUninstallPage", true);
Deleted : user_pref("CT1351351.LanguagePackLastCheckTime", "Sun Jul 04 2010 09:34:26 GMT+0200");
Deleted : user_pref("CT1351351.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1351351.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1351351.LastLogin_2.7.1.3", "Sun Jul 04 2010 09:34:22 GMT+0200");
Deleted : user_pref("CT1351351.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT1351351.Locale", "de-de");
Deleted : user_pref("CT1351351.LoginCache", 4);
Deleted : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1351351.RadioIsPodcast", false);
Deleted : user_pref("CT1351351.RadioLastCheckTime", "Sun Jul 04 2010 09:34:23 GMT+0200");
Deleted : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1351351.RadioMediaID", "10531746");
Deleted : user_pref("CT1351351.RadioMediaType", "Media Player");
Deleted : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Deleted : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Deleted : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Deleted : user_pref("CT1351351.SavedHomepage", "hxxp://www.facebook.com/index.php?lh=e8e1fde2adafcca077aa9aaa7[...]
Deleted : user_pref("CT1351351.SearchEngine", "Websuche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_T[...]
Deleted : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Deleted : user_pref("CT1351351.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1351351.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1351351.SearchInNewTabLastCheckTime", "Sun Jul 04 2010 09:34:23 GMT+0200");
Deleted : user_pref("CT1351351.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1351351.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1351351.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1351351.SettingsLastCheckTime", "Sun Jul 04 2010 09:34:20 GMT+0200");
Deleted : user_pref("CT1351351.SettingsLastUpdate", "1277822588");
Deleted : user_pref("CT1351351.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Sun Jul 04 2010 09:34:19 GMT+0200");
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1277822588");
Deleted : user_pref("CT1351351.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT1351351.UserID", "UN17565984240705135");
Deleted : user_pref("CT1351351.WeatherNetwork", "");
Deleted : user_pref("CT1351351.WeatherPollDate", "Sun Jul 04 2010 09:34:27 GMT+0200");
Deleted : user_pref("CT1351351.WeatherUnit", "C");
Deleted : user_pref("CT1351351.alertChannelId", "669");
Deleted : user_pref("CT1351351.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT1351351.backendstorage.hxxp://topix_cachefly_net/static.topix-localnodejson", "7B226C6F[...]
Deleted : user_pref("CT1351351.clientLogIsEnabled", true);
Deleted : user_pref("CT1351351.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1351351.myStuffEnabled", true);
Deleted : user_pref("CT1351351.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1351351.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1351351.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1351351.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1351351.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "4-8-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 04 2010 17:18:32 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "4-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Wed Aug 04 2010 17:18:32 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 04 2010 17:18:42 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.1.3", "Wed Aug 04 2010 17:18:33 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 04 2010 17:18:33 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 04 2010 17:18:33 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 04 2010 17:18:30 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Aug 04 2010 17:18:29 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN60396639973738870");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Aug 04 2010 17:18:33 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://go.gmx.net/suchbox/gmxsuche?su=")[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2269050");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 04 2010 17:18:32 GMT+0200");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1351351");
Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic Deutsch Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&Sea[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#stonicde");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "30");
Deleted : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=stonicde&q=");

*************************

AdwCleaner[R1].txt - [26231 octets] - [20/07/2012 00:27:31]
AdwCleaner[S1].txt - [22337 octets] - [20/07/2012 15:42:43]

########## EOF - C:\AdwCleaner[S1].txt - [22466 octets] ##########
         
Gruß
Ina

Alt 21.07.2012, 13:03   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.07.2012, 18:01   #12
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo Arne,

Windows läuft ganz normal, ich entdecke auch keine leeren Ordner im Startmenue.
Die einzigen Sachen die mir auffallen sind:
1. Beim Hochfahren wird die Antivirensoftware automatisch ausgeschaltet, es dauert Minuten nach dem manuellen Einschalten bis ich im Windows-Sicherheitscenter sehe, dass sie jetzt aktiv ist.
2.Nach dem Ruhezustand oder manchmal nach dem normalen Start klappt die automatische Internetverbindung nicht. Ich muss dann über "Diagnose" "Reparatur" die Verbindung herstellen. Das ist aber schon lange so, schon vor der Postbank Phishing Sache.

Übrigens mache ich kein online-Banking mehr, bis du mir grünes Licht gibst.
Viele Grüße
Ina

Hallo,

am 1.8.12 läuft mein McAfee Abo aus, welche Schutzsoftware empfiehlst du mir?
Vielen Dank.

Viele Grüße
Ina

Alt 23.07.2012, 14:36   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



McAfee kannst du erstmal deinstallieren. Wenn wir durch sind kannst du dich um einen anderen Scanner kümmern. Gib Bescheid wenn du McAfee runtergeschmissen hast
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.07.2012, 22:16   #14
barioni
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Hallo Arne,

auf dem Desktop habe ich zwischen den normalen Icons, transparente Icons entdeckt:
2 Mal desktop.ini
3 word-Dokumente, die, wenn ich sie aufrufe, etwas von kodierung japanisch anzeigen,
und ein weißer Order mit der Bezeichnung: ~WRL0001.temp

McAfee habe ich deinstalliert. Es ist jetzt noch eine Testversion von Malwarebytes installiert.

Viele GRüße
Ina

Alt 24.07.2012, 15:51   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phishing Postbank, McAfee  meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Standard

Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe
achtung, appdata, betriebssystem, dateien, geblockt, gefälschte, hochfahren, ide, internet, meldet, meldung, pcs, phishing, phishingversuch, pup.netcat, roaming, seite, software, tan, trojaner, verbindung, virus, vista




Ähnliche Themen: Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe


  1. WIN 7 / E-Mail-ZIP ausgeführt / KIS meldet Trojaner C:\Users\Büro\AppData\Local\Temp\Grade_born\grade-try.exe
    Log-Analyse und Auswertung - 13.06.2015 (28)
  2. Microsoft Security Essentials meldet Fund: C:\Users\Eric\AppData\Local\lollipop\ und Browser zeigt: feed.helperbar.com
    Log-Analyse und Auswertung - 09.02.2014 (7)
  3. Avira meldet TR/Kryptik.58880145 unter C:\Users\test\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (32)
  4. Avira meldet APPL/DomaIQ.Gen in C:\Users\Alex\AppData\Local\Temp\5sumi_bh.exe.part
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (23)
  5. 2x Avira meldet APPL/DomaIQ.Gen in C:\Users\Alex\AppData\Local\Temp\5sumi_bh.exe.part
    Mülltonne - 09.05.2013 (1)
  6. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  7. Adware Agent in C:\Users\xxxxx\AppData\Local\Temp\814044.Uninstall\Uninstall.exe ;Adware.Agent in C:\Users\xxxxxx\Downloads\FLV
    Log-Analyse und Auswertung - 30.12.2012 (32)
  8. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  9. Avira meldet TR/Spy.ZBot.edgy in C:/Users/***/AppData/Roaming/Yguq/xyyk.exe
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. Malwarebytes meldet ständig, dass es eine unsichere ip blockt, aber findet nichts
    Log-Analyse und Auswertung - 10.02.2012 (11)
  12. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  13. AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (9)
  14. Postbank 20 Tans-Phishing-Overlay
    Log-Analyse und Auswertung - 25.04.2011 (35)
  15. falsche Postbank Online Banking Seite
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (3)
  16. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  17. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)

Zum Thema Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe - Hallo, ich bitte um Eure Hilfe: habe mich blöderweise auf einer Postbank-Phishingseite eingeloggt (war täuschend echt), dann erschien ein Fenster zur Eingabe einer TAN zur "Identifizierung". Kurz darauf erhielt ich - Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe...
Archiv
Du betrachtest: Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.