Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt Bundespolizei 100 Euro Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.07.2012, 14:04   #1
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Hallöchen Liebe Forengemeinde,

Nun hab ich auch urplötzlich diesen Bundespolizeitrojaner wo ich 100 Euro bezahlen muss und dann wird mein Pc gesperrt auf dem Rechner....Hab mich hier und bei google auch schon durchgelesen, aber bin leider in Pc Sachen absoluter Laie....

Daher brauche ich eure Hilfe, am besten Schritt für Schritt Anleitung....hab echt so gut wie keinen Schimmer von weiter gehende Pc Sachen....

Danke schon einmal im voraus für eure Hilfe


Lg eure Bella

Alt 29.07.2012, 14:39   #2
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner





Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierteen Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.07.2012, 15:07   #3
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



für die schnelle Antwort hier das OTL....hoffe das ist richtig so....
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2012 15:58:04 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,32% Memory free
7,73 Gb Paging File | 5,98 Gb Available in Paging File | 77,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,45 Gb Total Space | 387,02 Gb Free Space | 84,42% Space Free | Partition Type: NTFS
Drive D: | 458,96 Gb Total Space | 458,80 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 3,73 Gb Total Space | 3,57 Gb Free Space | 95,47% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112792&tt=280612_5_&babsrc=SP_ss&mntrId=30a55ccc000000000000000000000000
IE - HKCU\..\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=LOL&o=16439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OY&apn_dtid=YYYYYYYYDE&apn_uid=A0B52434-7354-483B-838E-B72E6153E27E&apn_sauid=45C04659-7583-49BF-906C-95EA30A8036D
IE - HKCU\..\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE394
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=1ex6anR4tqt&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp"
FF - prefs.js..browser.startup.homepage: h", "h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,hxxp://search.babylon.com/home?AF=100581"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.29 12:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 12:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.05 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.05 08:13:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:42:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 12:15:05 | 000,000,000 | ---D | M]
 
[2011.06.25 13:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions
[2010.11.20 18:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.12 10:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.05 12:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions
[2012.01.17 13:02:29 | 000,000,000 | ---D | M] (AOL DE Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}
[2012.06.28 11:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.07.29 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data
[2011.09.09 08:53:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com
[2012.01.23 07:11:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com
[2011.08.30 10:43:17 | 000,002,425 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\4-loot.xml
[2011.11.02 06:56:31 | 000,002,567 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\askcom.xml
[2011.12.15 12:25:52 | 000,000,931 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\conduit.xml
[2012.01.22 11:54:52 | 000,001,800 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
[2012.01.17 13:02:28 | 000,002,205 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
[2011.08.30 10:34:34 | 000,001,801 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\search-the-web.xml
[2012.07.04 06:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.01 14:09:58 | 000,010,924 | ---- | M] () (No name found) -- C:\USERS\MANDYMARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH90LRUM.DEFAULT\EXTENSIONS\HELPERFRAMEWORK@ZONEMEDIA.COM.XPI
[2012.07.18 11:42:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.08 19:09:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.07.04 17:51:46 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.07.04 06:40:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 07:32:17 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.01 14:09:28 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.04 06:40:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.04 06:40:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.18 19:46:39 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.07.04 06:40:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.04 06:40:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.04 06:40:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3008547
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files (x86)\Browser Helper Object\Internet Explorer\IEAddon.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell\AutoRun\command - "" = K:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 15:34:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 15:34:03 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Malwarebytes
[2012.07.29 15:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 15:08:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.29 15:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.29 15:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 12:40:21 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.07.29 12:40:21 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.07.29 12:40:21 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.29 12:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.29 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\TuneUp Software
[2012.07.29 12:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.07.29 12:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.29 12:38:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.29 12:26:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.29 12:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2012.07.29 11:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pybpfglstmboajn
[2012.07.28 10:38:45 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\CRE
[2012.07.27 07:54:16 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\Macromedia
[2012.07.27 07:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.07.26 20:00:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.26 18:59:47 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde
[2012.07.12 06:09:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 06:09:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 06:09:31 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 06:09:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 06:09:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.07 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.07.05 07:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.07.05 07:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.07.05 07:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.07.04 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Master
[2012.07.04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes
[2012.07.04 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012.07.04 18:15:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012.07.04 18:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.07.04 17:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.07.04 17:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.07.04 17:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.07.04 17:51:49 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.07.04 17:51:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.07.04 17:51:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.07.04 17:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.07.04 17:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.07.04 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Real
[2012.07.04 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\Real
[2012.07.04 17:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.07.04 06:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.04 06:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Babylon
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.01 14:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Helper Object
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 15:49:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.29 15:49:25 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.29 15:49:25 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.29 15:49:25 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.29 15:49:25 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.29 15:47:06 | 000,051,475 | ---- | M] () -- C:\Users\MandyMarco\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.29 15:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:44:13 | 000,000,120 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Download.htm
[2012.07.29 15:34:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 15:34:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 15:13:10 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 14:54:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:54:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:46:36 | 000,448,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.29 14:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 14:45:34 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 12:40:07 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.29 12:40:07 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.29 11:56:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\sqtgyljxldktzgv
[2012.07.26 19:44:44 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for MandyMarco.job
[2012.07.19 10:48:03 | 000,001,466 | ---- | M] () -- C:\Users\MandyMarco\Documents\cc_20120719_104801.reg
[2012.07.05 12:33:03 | 000,004,594 | ---- | M] () -- C:\Users\MandyMarco\Documents\cc_20120705_123301.reg
[2012.07.05 08:12:10 | 017,596,387 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.zip
[2012.07.05 07:33:59 | 000,002,273 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.04 19:51:21 | 000,000,216 | ---- | M] () -- C:\Users\MandyMarco\Desktop\SMS 2 ANDREAGermey.csv
[2012.07.04 19:48:21 | 000,001,660 | ---- | M] () -- C:\Users\MandyMarco\Desktop\SMS ANDREA Germey.csv
[2012.07.04 19:44:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.07.04 18:00:41 | 020,867,072 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.vob
[2012.07.04 17:51:49 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.07.04 17:51:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.07.04 17:51:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 14:09:41 | 000,000,988 | ---- | M] () -- C:\user.js
 
========== Files Created - No Company Name ==========
 
[2012.07.29 15:47:13 | 000,051,475 | ---- | C] () -- C:\Users\MandyMarco\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.29 15:44:17 | 000,000,120 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Download.htm
[2012.07.29 15:34:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:09:00 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 12:40:07 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.29 12:40:07 | 000,002,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.29 12:40:07 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.29 11:53:04 | 000,000,051 | ---- | C] () -- C:\ProgramData\sqtgyljxldktzgv
[2012.07.19 10:48:02 | 000,001,466 | ---- | C] () -- C:\Users\MandyMarco\Documents\cc_20120719_104801.reg
[2012.07.05 17:56:22 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.07.05 12:33:02 | 000,004,594 | ---- | C] () -- C:\Users\MandyMarco\Documents\cc_20120705_123301.reg
[2012.07.05 08:12:09 | 017,596,387 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.zip
[2012.07.05 07:33:59 | 000,002,273 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.04 19:51:21 | 000,000,216 | ---- | C] () -- C:\Users\MandyMarco\Desktop\SMS 2 ANDREAGermey.csv
[2012.07.04 19:48:21 | 000,001,660 | ---- | C] () -- C:\Users\MandyMarco\Desktop\SMS ANDREA Germey.csv
[2012.07.04 19:44:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.07.04 18:15:51 | 000,000,458 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for MandyMarco.job
[2012.07.04 18:15:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012.07.04 18:00:37 | 020,867,072 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.vob
[2011.07.04 15:56:41 | 000,006,144 | ---- | C] () -- C:\Users\MandyMarco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 12:36:34 | 000,000,000 | ---- | C] () -- C:\Users\MandyMarco\AppData\Local\{88895E5D-873D-4AB2-80D9-9DA5BADC5D3D}
[2011.06.07 14:39:14 | 000,065,635 | ---- | C] () -- C:\Users\MandyMarco\.recently-used.xbel
[2011.03.25 13:24:41 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2010.12.15 19:19:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.29 19:17:00 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 06:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.29 21:34:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.17 20:56:43 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010.10.15 14:09:27 | 000,000,000 | -HSD | M] -- C:\Users\MandyMarco\AppData\Roaming\.#
[2010.12.24 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Ashampoo
[2012.07.01 14:09:15 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Babylon
[2012.01.22 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\DVDVideoSoft
[2011.12.22 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.15 14:07:04 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\GameConsole
[2011.06.07 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\gtk-2.0
[2011.08.26 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Gutscheinmieze
[2012.07.04 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes
[2010.12.15 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\MAGIX
[2011.07.04 15:58:21 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Nokia
[2012.01.17 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\OpenCandy
[2010.09.01 07:43:46 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\OpenOffice.org
[2010.11.04 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Opera
[2011.07.04 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PC Suite
[2012.03.27 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PhotoScape
[2010.10.15 14:03:54 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PlayFirst
[2011.05.07 17:03:28 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Simfy
[2010.11.20 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Thunderbird
[2011.05.12 10:13:52 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\TomTom
[2012.07.29 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\TuneUp Software
[2010.10.15 14:05:44 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\ViquaSoft
[2012.01.17 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Xilisoft
[2012.01.17 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\XMedia Recode
[2012.07.26 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde
[2012.05.31 14:55:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
         
--- --- ---
__________________

Alt 29.07.2012, 19:00   #4
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112792&tt=280612_5_&babsrc=SP_ss&mntrId=30a55ccc000000000000000000000000 
IE - HKCU\..\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LOL&o=16439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OY&apn_dtid=YYYYYYYYDE&apn_uid=A0B52434-7354-483B-838E-B72E6153E27E&apn_sauid=45C04659-7583-49BF-906C-95EA30A8036D 
IE - HKCU\..\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE394 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=1ex6anR4tqt&i=26 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "foxsearch" 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "foxsearch" 
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)" 
FF - prefs.js..browser.search.selectedEngine: "foxsearch" 
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.29 12:08:16 | 000,000,000 | ---D | M] 
[2012.01.17 13:02:29 | 000,000,000 | ---D | M] (AOL DE Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932} 
[2012.06.28 11:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} 
[2012.07.29 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data 
[2011.09.09 08:53:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com 
[2012.01.23 07:11:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com 

CHR - homepage: http://search.conduit.com/?ctid=CT3008547&SearchSource=48 
CHR - default_search_provider: Conduit (Enabled) 
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3008547 
CHR - default_search_provider: suggest_url = http://search.conduit.com/ 
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll 
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll 
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. 
O4 - HKCU..\Run: [] File not found 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell - "" = AutoRun 
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () 
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell - "" = AutoRun 
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell\AutoRun\command - "" = K:\NokiaPCIA_Autorun.exe 

 
[2012.07.29 11:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pybpfglstmboajn 

[2012.07.26 18:59:47 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde 
 
[2012.07.04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes 
[2012.07.04 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec 
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Babylon 
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon 
[2012.07.29 11:56:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\sqtgyljxldktzgv 


@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4CF61E54 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AB689DEA 




:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 05:29   #5
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Guten Morgen....

Erst einmal großes Lob an dieses Forum und vor allem an tjohn, für die schnellen Antworten....

und hier das LOg

Code:
ATTFilter
 All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: S", "Search the web (Babylon)" removed from browser.search.order.1,S
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: S", "Search the web (Babylon)" removed from browser.search.selectedEngine,S
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext not found.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\META-INF folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\chrome folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932} folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface not found.
C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File K:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
File K:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
File K:\NokiaPCIA_Autorun.exe not found.
C:\ProgramData\pybpfglstmboajn folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Ykidde folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes\Mobile Master 8.1.0\install folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes\Mobile Master 8.1.0 folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\newdefs-trigger folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\BinHub folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\20120720.024 folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData folder moved successfully.
C:\ProgramData\Symantec\Definitions folder moved successfully.
C:\ProgramData\Symantec folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\sqtgyljxldktzgv moved successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MandyMarco\Desktop\cmd.bat deleted successfully.
C:\Users\MandyMarco\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MandyMarco
->Temp folder emptied: 8048162 bytes
->Temporary Internet Files folder emptied: 552175 bytes
->Java cache emptied: 411605194 bytes
->FireFox cache emptied: 500842482 bytes
->Google Chrome cache emptied: 389969490 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 13067 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4016604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.254,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MandyMarco
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07302012_061742

Files\Folders moved on Reboot...
C:\Users\MandyMarco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\MandyMarco\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         


Alt 30.07.2012, 15:08   #6
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Computer gesperrt Bundespolizei 100 Euro Trojaner

Alt 01.08.2012, 12:40   #7
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Huhu,

Sorry konnte die letzten Tage nicht antworten, jetzt bin ich wieder da....hier die gewünschten Log...

Hat den Malwarebytes schon vorher mal durchlaufen lassen also hier 2 Logs

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
MandyMarco :: MANDYMARCO-PC [Administrator]

Schutz: Aktiviert

29.07.2012 16:41:44
mbam-log-2012-07-29 (17-39-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 421956
Laufzeit: 56 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\AppID\IEAddon.DLL (Rogue.UnVirex) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MandyMarco\Downloads\SoftonicDownloader_fuer_xmedia-recode.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
MandyMarco :: MANDYMARCO-PC [Administrator]

Schutz: Aktiviert

30.07.2012 16:41:50
mbam-log-2012-07-30 (16-41-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 142632
Laufzeit: 26 Minute(n), 46 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und hier der adwcleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 08/01/2012 at 13:36:27
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MandyMarco - MANDYMARCO-PC
# Running from : C:\Users\MandyMarco\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\MandyMarco\AppData\Local\Conduit
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Conduit
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Funmoods
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Incredibar.com
Folder Found : C:\Users\MandyMarco\AppData\Roaming\OpenCandy
Folder Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\ConduitCommon
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files (x86)\Conduit
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Askcom.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Conduit.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112792&tt=280612_5_&babsrc=nt_ss&mntrid=30a55ccc000000000000000000000000

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "29-7-2012");
Found : user_pref("CT2269050.DSInstall", true);
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Jul 26 2012 19:52:33 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Thu Dec 22 2011 10:55:34 GMT+0100");
Found : user_pref("CT2269050.FirstServerDate", "22-12-2011");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HPInstall", true);
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.HomePageProtectorEnabled", true);
Found : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Thu Dec 22 2011 10:45:32 GMT+0100");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsInitSetupIni", true);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.IsProtectorsInit", true);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 17:54:29 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:32:26 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 10:28:39 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Jul 29 2012 19:30:57 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.8.1.0", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "hxxp://search.babylon.com/home?AF=8836");
Found : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 15:30:01 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2269050.SearchProtectorEnabled", true);
Found : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jul 29 2012 19:30:55 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Found : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Dec 22 2011 10:45:30 GMT+0100");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN20331080851063832");
Found : user_pref("CT2269050.ValidationData_Toolbar", 1);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Thu Dec 22 2011 10:45:33 GMT+0100");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.autoDisableScopes", -1);
Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6E6E706E747675");
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375747476747A7C7B242F4B4947[...]
Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B6D694274726F7A74777347207D4B4C7D257E7C537E2A20[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6F6A6F3C6B7040737A46454475737D7A4B797A7A4F");
Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6E6E706E75737672747A");
Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652044656320323720323031312031303A[...]
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.isAppTrackingManagerOn", true);
Found : user_pref("CT2269050.isFirstRadioInstallation", false);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CT2724407..clientLogIsEnabled", true);
Found : user_pref("CT2724407..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2724407..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2724407.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2724407.CTID", "ct2724407");
Found : user_pref("CT2724407.CurrentServerDate", "31-8-2011");
Found : user_pref("CT2724407.DialogsAlignMode", "LTR");
Found : user_pref("CT2724407.DialogsGetterLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.DownloadReferralCookieData", "");
Found : user_pref("CT2724407.FirstServerDate", "26-8-2011");
Found : user_pref("CT2724407.FirstTime", true);
Found : user_pref("CT2724407.FirstTimeFF3", true);
Found : user_pref("CT2724407.FixPageNotFoundErrors", false);
Found : user_pref("CT2724407.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2724407.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2724407.HasUserGlobalKeys", true);
Found : user_pref("CT2724407.Initialize", true);
Found : user_pref("CT2724407.InitializeCommonPrefs", true);
Found : user_pref("CT2724407.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2724407.InstallationId", "ConduitStubGeneric");
Found : user_pref("CT2724407.InstallationType", "ConduitStubIntegration");
Found : user_pref("CT2724407.InstalledDate", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.InvalidateCache", false);
Found : user_pref("CT2724407.IsAlertDBUpdated", true);
Found : user_pref("CT2724407.IsGrouping", false);
Found : user_pref("CT2724407.IsInitSetupIni", true);
Found : user_pref("CT2724407.IsMulticommunity", false);
Found : user_pref("CT2724407.IsOpenThankYouPage", false);
Found : user_pref("CT2724407.IsOpenUninstallPage", true);
Found : user_pref("CT2724407.LanguagePackLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200");
Found : user_pref("CT2724407.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2724407.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2724407.LastLogin_3.6.0.10", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.LatestVersion", "3.6.0.10");
Found : user_pref("CT2724407.Locale", "de");
Found : user_pref("CT2724407.MCDetectTooltipHeight", "83");
Found : user_pref("CT2724407.MCDetectTooltipShow", false);
Found : user_pref("CT2724407.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2724407.MCDetectTooltipWidth", "295");
Found : user_pref("CT2724407.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2724407.OriginalFirstVersion", "3.6.0.10");
Found : user_pref("CT2724407.RadioIsPodcast", false);
Found : user_pref("CT2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2724407.RadioMediaID", "21080119");
Found : user_pref("CT2724407.RadioMediaType", "Media Player");
Found : user_pref("CT2724407.RadioMenuSelectedID", "EBRadioMenu_CT272440721080119");
Found : user_pref("CT2724407.RadioShrinked", "shrinked");
Found : user_pref("CT2724407.RadioShrinkedFromSetup", true);
Found : user_pref("CT2724407.RadioStationName", "Royal-Radio%20");
Found : user_pref("CT2724407.RadioStationURL", "");
Found : user_pref("CT2724407.SHRINK_TOOLBAR", 0);
Found : user_pref("CT2724407.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2724407.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2724407.SearchInNewTabEnabled", true);
Found : user_pref("CT2724407.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2724407.SearchInNewTabLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2724407.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2724407.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2724407.ServiceMapLastCheckTime", "Wed Aug 31 2011 11:13:38 GMT+0200");
Found : user_pref("CT2724407.SettingsLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.SettingsLastUpdate", "1312118218");
Found : user_pref("CT2724407.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2724407.ToolbarShrinkedFromSetup", true);
Found : user_pref("CT2724407.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724407");
Found : user_pref("CT2724407.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2724407.Uninstall", true);
Found : user_pref("CT2724407.UserID", "UN99675830740635277");
Found : user_pref("CT2724407.ValidationData_Toolbar", 2);
Found : user_pref("CT2724407.WeatherNetwork", "");
Found : user_pref("CT2724407.WeatherPollDate", "Fri Aug 26 2011 15:52:03 GMT+0200");
Found : user_pref("CT2724407.WeatherUnit", "C");
Found : user_pref("CT2724407.alertChannelId", "1116673");
Found : user_pref("CT2724407.approveUntrustedApps", false);
Found : user_pref("CT2724407.components.1000082", false);
Found : user_pref("CT2724407.components.1000234", false);
Found : user_pref("CT2724407.ct2724407.DialogsAlignMode", "LTR");
Found : user_pref("CT2724407.ct2724407.InvalidateCache", false);
Found : user_pref("CT2724407.ct2724407.LanguagePackLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.ct2724407.Locale", "de");
Found : user_pref("CT2724407.ct2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.ct2724407.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2724407.ct2724407.RadioLastUpdateServer", "129249047784100000");
Found : user_pref("CT2724407.ct2724407.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Found : user_pref("CT2724407.ct2724407.SettingsLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Found : user_pref("CT2724407.ct2724407.SettingsLastUpdate", "1314539878");
Found : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2724407.ct2724407.components.129248972442534223", false);
Found : user_pref("CT2724407.ct2724407.components.129248974835231354", false);
Found : user_pref("CT2724407.ct2724407.components.129248976574606681", false);
Found : user_pref("CT2724407.ct2724407.components.129248977510712757", false);
Found : user_pref("CT2724407.ct2724407.globalFirstTimeInfoLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200[...]
Found : user_pref("CT2724407.ct2724407.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200"[...]
Found : user_pref("CT2724407.ct2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200"[...]
Found : user_pref("CT2724407.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2724407.globalFirstTimeInfoLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2724407.initDone", true);
Found : user_pref("CT2724407.isAppTrackingManagerOn", true);
Found : user_pref("CT2724407.isFirstRadioInstallation", false);
Found : user_pref("CT2724407.myStuffEnabled", true);
Found : user_pref("CT2724407.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2724407.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2724407.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2724407.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2724407.oldAppsList", "129248971186128163,129248971186128164,111,129248972442534223,129[...]
Found : user_pref("CT2724407.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2724407.searchProtectorEnableByLogin", true);
Found : user_pref("CT2724407.testingCtid", "");
Found : user_pref("CT2724407.toolbarAppMetaDataLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:03 GMT+0200");
Found : user_pref("CT2724407.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724407", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724407",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724407&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724407&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"975[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MandyMarco\\AppData\\Roaming\\Mozil[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.globalUserId", "155c99a6-27af-48ed-8045-6dcecac0ca59");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 10:45:3[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 11:45:39 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "f85c0e72-ff58-45e4-bb19-32802318bd58");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home?AF=8836");
Found : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.babylon.HPOnNewTab,s", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112792&tt=280612_5_&babsrc=NT_ss&m[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112792&tt=280612_5_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:09:40");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.funmoods_i.aflt", "ironto");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
Found : user_pref("extensions.funmoods_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.funmoods_i.instlDay", "15361");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.1");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.110:54:55");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.1");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10604");
Found : user_pref("extensions.incredibar_i.excTlbr", "false");
Found : user_pref("extensions.incredibar_i.hardId", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.incredibar_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15356");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1ex6anR4tqt&loc=I[...]
Found : user_pref("extensions.incredibar_i.upn2", "1ex6anR4tqt");
Found : user_pref("extensions.incredibar_i.upn2n", "1036045520545591981");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2712:02:56");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Found :          "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48"[...]
Found :       "icon_url": "hxxp://search.conduit.com/fav.ico",
Found :       "keyword": "search.conduit.com",
Found :       "name": "Conduit",
Found :       "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Found :       "suggest_url": "hxxp://search.conduit.com/"
Found :    "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Found :          "name": "Conduit Chrome Plugin",
Found :          "path": "C:\\Users\\MandyMarco\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensi[...]
Found :          "name": "Conduit Chrome Plugin"
Found :          "path": "C:\\Users\\MandyMarco\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dl[...]
Found :       "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [42163 octets] - [01/08/2012 13:36:27]

########## EOF - C:\AdwCleaner[R1].txt - [42292 octets] ##########
         
und der Rechner läuft jetzt besser als zu vor DANKE

Alt 01.08.2012, 12:46   #8
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 14:15   #9
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



so fertig....

hier der von emsi:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 01.08.2012 14:15:53

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	01.08.2012 14:16:09


Gescannt	618050
Gefunden	0

Scan Ende:	01.08.2012 15:11:44
Scan Zeit:	0:55:35
         
und adwcleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 08/01/2012 at 13:50:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MandyMarco - MANDYMARCO-PC
# Running from : C:\Users\MandyMarco\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\MandyMarco\AppData\Local\Conduit
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Incredibar.com
Folder Deleted : C:\Users\MandyMarco\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\ConduitCommon
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Askcom.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Conduit.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112792&tt=280612_5_&babsrc=nt_ss&mntrid=30a55ccc000000000000000000000000 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\prefs.js

C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "29-7-2012");
Deleted : user_pref("CT2269050.DSInstall", true);
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Jul 26 2012 19:52:33 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Thu Dec 22 2011 10:55:34 GMT+0100");
Deleted : user_pref("CT2269050.FirstServerDate", "22-12-2011");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HPInstall", true);
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Thu Dec 22 2011 10:45:32 GMT+0100");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsInitSetupIni", true);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.IsProtectorsInit", true);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 17:54:29 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:32:26 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 10:28:39 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Jul 29 2012 19:30:57 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.8.1.0", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://search.babylon.com/home?AF=8836");
Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 15:30:01 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2269050.SearchProtectorEnabled", true);
Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jul 29 2012 19:30:55 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Dec 22 2011 10:45:30 GMT+0100");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN20331080851063832");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Thu Dec 22 2011 10:45:33 GMT+0100");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6E6E706E747675");
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375747476747A7C7B242F4B4947[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B6D694274726F7A74777347207D4B4C7D257E7C537E2A20[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6F6A6F3C6B7040737A46454475737D7A4B797A7A4F");
Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6E6E706E75737672747A");
Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652044656320323720323031312031303A[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2724407..clientLogIsEnabled", true);
Deleted : user_pref("CT2724407..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2724407..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2724407.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724407.CTID", "ct2724407");
Deleted : user_pref("CT2724407.CurrentServerDate", "31-8-2011");
Deleted : user_pref("CT2724407.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724407.DialogsGetterLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724407.FirstServerDate", "26-8-2011");
Deleted : user_pref("CT2724407.FirstTime", true);
Deleted : user_pref("CT2724407.FirstTimeFF3", true);
Deleted : user_pref("CT2724407.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2724407.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724407.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724407.HasUserGlobalKeys", true);
Deleted : user_pref("CT2724407.Initialize", true);
Deleted : user_pref("CT2724407.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724407.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724407.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2724407.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2724407.InstalledDate", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.InvalidateCache", false);
Deleted : user_pref("CT2724407.IsAlertDBUpdated", true);
Deleted : user_pref("CT2724407.IsGrouping", false);
Deleted : user_pref("CT2724407.IsInitSetupIni", true);
Deleted : user_pref("CT2724407.IsMulticommunity", false);
Deleted : user_pref("CT2724407.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724407.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724407.LanguagePackLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200");
Deleted : user_pref("CT2724407.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724407.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724407.LastLogin_3.6.0.10", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2724407.Locale", "de");
Deleted : user_pref("CT2724407.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724407.MCDetectTooltipShow", false);
Deleted : user_pref("CT2724407.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724407.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724407.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2724407.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2724407.RadioIsPodcast", false);
Deleted : user_pref("CT2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2724407.RadioMediaID", "21080119");
Deleted : user_pref("CT2724407.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724407.RadioMenuSelectedID", "EBRadioMenu_CT272440721080119");
Deleted : user_pref("CT2724407.RadioShrinked", "shrinked");
Deleted : user_pref("CT2724407.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT2724407.RadioStationName", "Royal-Radio%20");
Deleted : user_pref("CT2724407.RadioStationURL", "");
Deleted : user_pref("CT2724407.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2724407.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724407.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724407.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724407.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724407.SearchInNewTabLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724407.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2724407.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2724407.ServiceMapLastCheckTime", "Wed Aug 31 2011 11:13:38 GMT+0200");
Deleted : user_pref("CT2724407.SettingsLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.SettingsLastUpdate", "1312118218");
Deleted : user_pref("CT2724407.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2724407.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT2724407.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724407");
Deleted : user_pref("CT2724407.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2724407.Uninstall", true);
Deleted : user_pref("CT2724407.UserID", "UN99675830740635277");
Deleted : user_pref("CT2724407.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2724407.WeatherNetwork", "");
Deleted : user_pref("CT2724407.WeatherPollDate", "Fri Aug 26 2011 15:52:03 GMT+0200");
Deleted : user_pref("CT2724407.WeatherUnit", "C");
Deleted : user_pref("CT2724407.alertChannelId", "1116673");
Deleted : user_pref("CT2724407.approveUntrustedApps", false);
Deleted : user_pref("CT2724407.components.1000082", false);
Deleted : user_pref("CT2724407.components.1000234", false);
Deleted : user_pref("CT2724407.ct2724407.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724407.ct2724407.InvalidateCache", false);
Deleted : user_pref("CT2724407.ct2724407.LanguagePackLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.Locale", "de");
Deleted : user_pref("CT2724407.ct2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724407.ct2724407.RadioLastUpdateServer", "129249047784100000");
Deleted : user_pref("CT2724407.ct2724407.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.SettingsLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.SettingsLastUpdate", "1314539878");
Deleted : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2724407.ct2724407.components.129248972442534223", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248974835231354", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248976574606681", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248977510712757", false);
Deleted : user_pref("CT2724407.ct2724407.globalFirstTimeInfoLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200[...]
Deleted : user_pref("CT2724407.ct2724407.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200"[...]
Deleted : user_pref("CT2724407.ct2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200"[...]
Deleted : user_pref("CT2724407.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2724407.globalFirstTimeInfoLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2724407.initDone", true);
Deleted : user_pref("CT2724407.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2724407.isFirstRadioInstallation", false);
Deleted : user_pref("CT2724407.myStuffEnabled", true);
Deleted : user_pref("CT2724407.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724407.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724407.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724407.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724407.oldAppsList", "129248971186128163,129248971186128164,111,129248972442534223,129[...]
Deleted : user_pref("CT2724407.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2724407.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2724407.testingCtid", "");
Deleted : user_pref("CT2724407.toolbarAppMetaDataLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:03 GMT+0200");
Deleted : user_pref("CT2724407.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724407", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724407",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724407&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724407&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"975[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MandyMarco\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.globalUserId", "155c99a6-27af-48ed-8045-6dcecac0ca59");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 10:45:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 11:45:39 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "f85c0e72-ff58-45e4-bb19-32802318bd58");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home?AF=8836");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.babylon.HPOnNewTab,s", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112792&tt=280612_5_&babsrc=NT_ss&m[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112792&tt=280612_5_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:09:40");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.funmoods_i.aflt", "ironto");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
Deleted : user_pref("extensions.funmoods_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15361");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.1");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.110:54:55");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.1");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10604");
Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");
Deleted : user_pref("extensions.incredibar_i.hardId", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.incredibar_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15356");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1ex6anR4tqt&loc=I[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "1ex6anR4tqt");
Deleted : user_pref("extensions.incredibar_i.upn2n", "1036045520545591981");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2712:02:56");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Deleted :          "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48"[...]
Deleted :       "icon_url": "hxxp://search.conduit.com/fav.ico",
Deleted :       "keyword": "search.conduit.com",
Deleted :       "name": "Conduit",
Deleted :       "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Deleted :       "suggest_url": "hxxp://search.conduit.com/"
Deleted :    "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Deleted :          "name": "Conduit Chrome Plugin",
Deleted :          "path": "C:\\Users\\MandyMarco\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensi[...]
Deleted :          "name": "Conduit Chrome Plugin"
Deleted :          "path": "C:\\Users\\MandyMarco\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dl[...]
Deleted :       "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [42234 octets] - [01/08/2012 13:36:27]
AdwCleaner[S1].txt - [40669 octets] - [01/08/2012 13:50:09]

########## EOF - C:\AdwCleaner[S1].txt - [40798 octets] ##########
         
DANKE SCHÖN nochmals für die schnelle und kompetente Hilfe.....

Alt 01.08.2012, 14:41   #10
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 19:29   #11
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



So hier der Log von Eset.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=770a7e4a4a792f4a92bb029f62d81987
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-01 06:04:30
# local_time=2012-08-01 08:04:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 132495 80376216 209051 0
# compatibility_mode=5893 16776573 100 94 893 95469210 0 0
# compatibility_mode=8192 67108863 100 0 511 511 0 0
# scanned=180797
# found=3
# cleaned=3
# scan_time=4910
C:\Users\MandyMarco\Downloads\registrybooster.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\MandyMarco\Downloads\WinZip165International.exe	a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07302012_061742\C_ProgramData\pybpfglstmboajn\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
Vielen herzlichen Dank...

Alt 02.08.2012, 04:00   #12
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 05:20   #13
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Guten Morgen T-John,


auch das hab ich jetzt erfolgreich erledigt, Danke für deine Hilfe.....

Alt 02.08.2012, 05:29   #14
t'john
/// Helfer-Team
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Sehr gut!

damit bist Du sauber und entlassen!


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 05:49   #15
BellaSwan79
 
Computer gesperrt Bundespolizei 100 Euro Trojaner - Standard

Computer gesperrt Bundespolizei 100 Euro Trojaner



Vielen Vielen Dank für deine Hilfe T-John.....

Sehr gute Hilfeseite, auch für Computerlaien...DANKE DANKE DANKE


Lg Bella

Antwort

Themen zu Computer gesperrt Bundespolizei 100 Euro Trojaner
100 euro, absoluter, bella, beste, besten, bezahlen, brauche, bundespolizei, bundespolizeitrojaner, compu, computer, computer gesperrt, euro, gemeinde, gesperrt, google, liebe, pc gesperrt, sache, sachen, schritt, troja, trojane, trojaner



Ähnliche Themen: Computer gesperrt Bundespolizei 100 Euro Trojaner


  1. Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (27)
  2. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  3. GVU Trojaner - Computer gesperrt - 100 Euro Paysafe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (11)
  4. 100 Euro Paysafe Virus / Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  5. Bundespolizei Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (30)
  6. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 03.11.2012 (16)
  7. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  8. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  9. Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  10. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  11. Computer gesperrt - 100 Euro überweisen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (4)
  12. http://www.trojaner-board.de/116052-bundespolizei-computer-wurde-gesperrt.html
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. POLIZEI - Ihr Computer wurde gesperrt - 100 Euro Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)
  14. Computer gesperrt 50 euro strafe
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (18)
  15. Trojaner der Bundespolizei, 100 Euro, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  16. Computer gesperrt!! GEMA verlangt 100 Euro
    Log-Analyse und Auswertung - 24.03.2012 (1)
  17. Security Center 100 Euro, Computer gesperrt
    Log-Analyse und Auswertung - 03.02.2012 (17)

Zum Thema Computer gesperrt Bundespolizei 100 Euro Trojaner - Hallöchen Liebe Forengemeinde, Nun hab ich auch urplötzlich diesen Bundespolizeitrojaner wo ich 100 Euro bezahlen muss und dann wird mein Pc gesperrt auf dem Rechner....Hab mich hier und bei google - Computer gesperrt Bundespolizei 100 Euro Trojaner...
Archiv
Du betrachtest: Computer gesperrt Bundespolizei 100 Euro Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.