GEMA Virus Win 7 OTL Fix erbeten

# AdwCleaner v1.703 - Logfile created 08/02/2012 at 19:59:57
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Vincent - ROCKLAND
# Running from : C:\Users\Vincent\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Vincent\AppData\Local\TempDir
Folder Deleted : C:\Users\Vincent\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\Conduit
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vshare.tv
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\prefs.js

Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CurrentServerDate", "9-5-2011");
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Mon May 09 2011 22:03:36 GMT+0200");
Deleted : user_pref("CT2319825.FirstServerDate", "9-5-2011");
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2319825.InstalledDate", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", true);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_3.3.3.2", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1300873232");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.UserID", "UN20907014336751295");
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "38393938313533");
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 22:03:24 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "5e2f58a0-86eb-4967-b628-94147b6660cd");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "7947bc24-0370-49c1-9872-0b9d85c32fcb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("extensions.aniweather.timeShifted", 373687);
Deleted : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [13107 octets] - [02/08/2012 19:30:28]
AdwCleaner[R2].txt - [13168 octets] - [02/08/2012 19:59:51]
AdwCleaner[S1].txt - [12563 octets] - [02/08/2012 19:59:57]

########## EOF - C:\AdwCleaner[S1].txt - [12692 octets] ##########
         

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.08.2012 20:12:01

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	02.08.2012 20:12:19

Key: hkey_local_machine\software\trymedia systems 	gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software 	gefunden: Trace.Registry.trymedia!E1
C:\Users\Vincent\Pictures\Wallpaper\WallPaper HD3\WallPaper HD - 3143.jpg 	gefunden: JPG.IframeRef!E2
C:\Users\Vincent\Documents\Tools\FLACToMP3ConverterSetup.exe 	gefunden: Trojan.Win32.DeFile.AMN!E1
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> b.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\3a5dfb24-27a4d8e7 -> a\Msgs.class 	gefunden: Trojan.Java.Agent!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\3a5dfb24-27a4d8e7 -> a\Test.class 	gefunden: Exploit.Java.CVE!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> a.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> Field.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> Photo.class 	gefunden: Exploit.Java.CVE!E2


Gescannt	898822
Gefunden	10

Scan Ende:	03.08.2012 00:02:05
Scan Zeit:	3:49:46