| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.08.2012, 02:02
| #1 |
 |  Bundespolizei Trojaner Hallo, ich habe einen Rechner, der beim Starten die angebliche Sperrung durch die Bundespolizei anzeigt. Ich habe nun im abgesicherten Modus gestartet, den Defogger angewandt und OTL.exe laufen lassen. Die Logfiles habe ich angehängt. Vielen Dank im Voraus für Eure Hilfe! |
|
08.08.2012, 02:56
| #2 |
| /// Helfer-Team  | Bundespolizei Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110318143621968&tb_oid=18-03-2011&tb_mrud=10-12-2011
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=a2d0a057000000000000fee3e6c80700
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110318143621968&tb_oid=18-03-2011&tb_mrud=10-12-2011
IE - HKCU\..\SearchScopes\{EFC6703F-090C-4FF1-BB01-36CB6ED834B4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ANT&o=102823&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=4P&apn_dtid=YYYYYYYYDE&apn_uid=580aba0d-fefc-47e4-932a-9818eec10ca8&apn_sauid=A32A9DB7-C36F-42A7-97EF-DD08F743F14D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.search.yahoo.com/firefox/?fr=ffbr-sfp"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110318143621968&tb_oid=21-03-2011&tb_mrud=11-12-2011&query="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a2d0a057000000000000fee3e6c80700"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ANT&o=102823&locale=de_DE&apn_uid=580aba0d-fefc-47e4-932a-9818eec10ca8&apn_ptnrs=4P&apn_sauid=A32A9DB7-C36F-42A7-97EF-DD08F743F14D&apn_dtid=YYYYYYYYDE&&q="
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000.07.26 07:43:08 | 000,000,094 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6216764f-6787-11e0-a1b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6216764f-6787-11e0-a1b0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{85a3adb6-ff95-11de-8577-002618985a27}\Shell - "" = AutoRun
O33 - MountPoints2\{85a3adb6-ff95-11de-8577-002618985a27}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\Shell - "" = AutoRun
O33 - MountPoints2\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b2aba840-4788-11e1-8718-aba346d3fc99}\Shell - "" = AutoRun
O33 - MountPoints2\{b2aba840-4788-11e1-8718-aba346d3fc99}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{edde98e0-ff6d-11de-a245-002618985a27}\Shell - "" = AutoRun
O33 - MountPoints2\{edde98e0-ff6d-11de-a245-002618985a27}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{edde99a1-ff6d-11de-a245-002618985a27}\Shell - "" = AutoRun
O33 - MountPoints2\{edde99a1-ff6d-11de-a245-002618985a27}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
[2012.08.02 09:16:58 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- C:\ProgramData\vbyitdcd.exe
[2012.08.02 09:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\qosqbqklxapknjx
[2012.08.02 09:16:52 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- C:\Users\Pia\0.9642843453234737.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.08.02 09:16:58 | 000,000,051 | ---- | M] () -- C:\ProgramData\xgohuviqtrulikf
[2011.04.08 10:50:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com
[2012.05.25 09:03:12 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com
[2011.12.11 09:36:33 | 000,002,354 | ---- | M] () -- C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\searchplugins\aol-web-search.xml
[2012.07.31 18:52:45 | 000,002,402 | ---- | M] () -- C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\searchplugins\askcom.xml
[2012.05.23 20:18:41 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com
[2012.05.23 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\Pia\AppData\Roaming\Babylon
[2012.05.23 20:19:57 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012.05.23 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Pia\AppData\Roaming\BabylonToolbar
[2012.07.27 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2012.08.07 02:10:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 01:43:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 17:03:46 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Pia.job
[2012.07.30 01:27:01 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\FileCure.job
[2012.07.31 13:55:29 | 000,019,968 | ---- | C] () -- C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\800000cb.@
[2012.07.31 13:55:29 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\80000000.@
[2012.07.04 02:21:59 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@
[2012.06.27 19:14:38 | 000,001,696 | ---- | C] () -- C:\Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@
[2012.01.11 12:11:03 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\@
[2012.01.11 12:11:03 | 000,002,048 | -HS- | C] () -- C:\Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\@
:Files
C:\Windows\Tasks\FileCure.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
08.08.2012, 12:57
| #3 |
| | Bundespolizei Trojaner Hallo t'john,
__________________besten Dank schon mal. Der Computer startet wieder normal. Allerdings bekomme ich von Avira jetzt folgende Nachricht: "Guard: Malware gefunden ..... In der Datei C:?Windows\System32\services.exe wurde ein Virus oder unerwünschtes Programm W32/Patched.UB gefunden. ....." Ich kann nun "entfernen" auswählen, was ich bisher noch nicht gemacht habe. Hier der Inhalt des Logfiles: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFC6703F-090C-4FF1-BB01-36CB6ED834B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFC6703F-090C-4FF1-BB01-36CB6ED834B4}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp" removed from browser.startup.homepage
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110318143621968&tb_oid=21-03-2011&tb_mrud=11-12-2011&query=" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a2d0a057000000000000fee3e6c80700" removed from browser.startup.homepage
Prefs.js: ff-bmboc@bytemobile.com:4.2.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.60 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ANT&o=102823&locale=de_DE&apn_uid=580aba0d-fefc-47e4-932a-9818eec10ca8&apn_ptnrs=4P&apn_sauid=A32A9DB7-C36F-42A7-97EF-DD08F743F14D&apn_dtid=YYYYYYYYDE&&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@canon.com/EPPEX\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6216764f-6787-11e0-a1b0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6216764f-6787-11e0-a1b0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6216764f-6787-11e0-a1b0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6216764f-6787-11e0-a1b0-806e6f6e6963}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85a3adb6-ff95-11de-8577-002618985a27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85a3adb6-ff95-11de-8577-002618985a27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85a3adb6-ff95-11de-8577-002618985a27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85a3adb6-ff95-11de-8577-002618985a27}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94958d7d-ac57-11e0-ae97-9691ed4aab97}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2aba840-4788-11e1-8718-aba346d3fc99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2aba840-4788-11e1-8718-aba346d3fc99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2aba840-4788-11e1-8718-aba346d3fc99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2aba840-4788-11e1-8718-aba346d3fc99}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edde98e0-ff6d-11de-a245-002618985a27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edde98e0-ff6d-11de-a245-002618985a27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edde98e0-ff6d-11de-a245-002618985a27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edde98e0-ff6d-11de-a245-002618985a27}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edde99a1-ff6d-11de-a245-002618985a27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edde99a1-ff6d-11de-a245-002618985a27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edde99a1-ff6d-11de-a245-002618985a27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edde99a1-ff6d-11de-a245-002618985a27}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\ProgramData\vbyitdcd.exe moved successfully.
C:\ProgramData\qosqbqklxapknjx folder moved successfully.
C:\Users\Pia\0.9642843453234737.exe moved successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\ProgramData\xgohuviqtrulikf moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-30-Nov-2011-15-12-27-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-10-08-26-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-07-Sep-2011-21-22-02-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-27-Sep-2011-11-24-16-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-26-Jan-2012-09-25-41-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-16-Feb-2012-15-56-56-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-03-May-2012-10-00-02-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-26-Feb-2012-14-48-50-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-11-Sep-2011-23-35-30-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-04-Mar-2012-08-55-42-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-23-Jun-2012-09-17-37-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-07-Apr-2012-13-21-01-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-21-Nov-2011-11-43-25-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-09-Jul-2012-06-18-49-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-26-Aug-2011-19-47-05-GMT folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\searchplugins\aol-web-search.xml moved successfully.
C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\searchplugins\askcom.xml moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Pia\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\Pia\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Pia\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Pia\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Pia\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Pia\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Program Files\softonic-de3 folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Norton Security Scan for Pia.job moved successfully.
C:\Windows\Tasks\FileCure.job moved successfully.
C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\80000000.@ moved successfully.
C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@ moved successfully.
C:\Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@ moved successfully.
C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\@ moved successfully.
C:\Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\@ moved successfully.
========== FILES ==========
File\Folder C:\Windows\Tasks\FileCure.job not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Pia\Desktop\cmd.bat deleted successfully.
C:\Users\Pia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pia
->Temp folder emptied: 140626860 bytes
->Temporary Internet Files folder emptied: 1036153821 bytes
->Java cache emptied: 49748860 bytes
->FireFox cache emptied: 95385791 bytes
->Google Chrome cache emptied: 214281000 bytes
->Flash cache emptied: 12744813 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312818271 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.776,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Pia
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08082012_130729
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.08.2012, 14:51
| #4 |
| /// Helfer-Team | Bundespolizei Trojaner Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
08.08.2012, 18:03
| #5 |
| | Bundespolizei Trojaner Malwarebytes hat einige infizierte Objekte gefunden und dann entfernt. Hier der Inhalt des Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.08.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pia :: PIA-PC [Administrator] Schutz: Aktiviert 08.08.2012 16:55:39 mbam-log-2012-08-08 (16-55-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 353487 Laufzeit: 1 Stunde(n), 41 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Pia\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08082012_130729\C_ProgramData\vbyitdcd.exe (Trojan.Phex.THAGen7) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08082012_130729\C_Users\Pia\0.9642843453234737.exe (Trojan.Phex.THAGen7) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08082012_130729\C_Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/08/2012 at 18:58:57
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Pia - PIA-PC
# Running from : C:\Users\Pia\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Pia\AppData\Local\Conduit
Folder Found : C:\Users\Pia\AppData\Local\OpenCandy
Folder Found : C:\Users\Pia\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Pia\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Pia\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pia\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Pia\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Pia\AppData\Roaming\Media Finder
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Pia\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\Conduit
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\ConduitCommon
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\ConduitEngine
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\CT2431245
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\WinampToolbarData
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\extensions\staged
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\softonic-de3
Key Found : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{472B25EF-7301-4D8D-A351-F27C9E6AD7E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF9F6EA4-B0DF-4ED3-8AA6-03786D7EE054}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF9F6EA4-B0DF-4ED3-8AA6-03786D7EE054}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472B25EF-7301-4D8D-A351-F27C9E6AD7E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v11.0 (de)
Profile name : default
File : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\prefs.js
Found : user_pref("CT2431245..clientLogIsEnabled", false);
Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "31-7-2012");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DialogsGetterLastCheckTime", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Wed Aug 08 2012 18:52:15 GMT+0200");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 1185);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Mon Jun 14 2010 00:41:33 GMT+0200");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FirstServerDate", "30-3-2010");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.HasUserGlobalKeys", true);
Found : user_pref("CT2431245.HomePageProtectorEnabled", false);
Found : user_pref("CT2431245.HomepageBeforeUnload", "");
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2431245.InstallationType", "Unknown");
Found : user_pref("CT2431245.InstalledDate", "Tue Mar 30 2010 13:15:01 GMT+0200");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsAlertDBUpdated", true);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_2.5.8.6", "Mon Jun 14 2010 00:41:31 GMT+0200");
Found : user_pref("CT2431245.LastLogin_3.11.0.3", "Sat May 05 2012 12:04:16 GMT+0200");
Found : user_pref("CT2431245.LastLogin_3.12.2.3", "Thu May 24 2012 09:11:11 GMT+0200");
Found : user_pref("CT2431245.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:13:36 GMT+0200");
Found : user_pref("CT2431245.LastLogin_3.14.1.0", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.LatestVersion", "3.14.1.0");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.LoginCache", 4);
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Wed Aug 08 2012 16:14:15 GMT+0200");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503672");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Found : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Found : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2431245.SearchEngineBeforeUnload", "Ask.com");
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.SearchProtectorEnabled", false);
Found : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2431245.SettingsLastCheckTime", "Wed Aug 08 2012 18:52:15 GMT+0200");
Found : user_pref("CT2431245.SettingsLastUpdate", "1339926569");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Thu Jul 19 2012 17:26:47 GMT+0200");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1265977679");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Found : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2431245.UserID", "UN56752056103728380");
Found : user_pref("CT2431245.ValidationData_Search", 2);
Found : user_pref("CT2431245.ValidationData_Toolbar", 2);
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Mon Jun 14 2010 00:41:32 GMT+0200");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2431245.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Found : user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6D6E6F716E766F72");
Found : user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747373747577747C7578242F4B4947[...]
Found : user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cj4<hlh@bl%oo", "247E61393F236B256F78757A2A212C6E414F44[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cj7fk;kg#oqq;igi+vkn", "247E61393F236B25737471722A212C6[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT2431245.backendstorage./9b+7e31;cji8a k@c", "247E61393F236B256F75287E2A6C3F4D424B307832[...]
Found : user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2431245.backendstorage./9b-0?3g>d", "6B6E6A71416F42717A78717A722075774C4C25204D7D522A25[...]
Found : user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Found : user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6C706E3F40726C747A714672774A7549497C4B2350");
Found : user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6E6F716E766F76767777");
Found : user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2431245.backendstorage.ct2431245current_term", "");
Found : user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
Found : user_pref("CT2431245.backendstorage.ct2431245sdate", "38");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041756720313320323031322031363A[...]
Found : user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT2431245.clientLogIsEnabled", false);
Found : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Tue Jul 31 2012 18:52:56 GMT+0200");
Found : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2431245.initDone", true);
Found : user_pref("CT2431245.isAppTrackingManagerOn", true);
Found : user_pref("CT2431245.isFirstRadioInstallation", false);
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129[...]
Found : user_pref("CT2431245.revertSettingsEnabled", true);
Found : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Found : user_pref("CT2431245.testingCtid", "");
Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Wed Aug 08 2012 16:14:12 GMT+0200");
Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Tue Jul 31 2012 18:52:56 GMT+0200");
Found : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2431245.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Pia\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 08 2011 10:52:06 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 13 2011 20:22:19 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 23:14:46 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "face8c81-0a1d-40fa-b4e8-2366c4a516bb");
Found : user_pref("CommunityToolbar.globalUserId", "6112b02e-4b4f-4f79-856e-0ed1409bf9a6");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 08 2012 16:14:1[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 08 2012 17:14:23 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 08 2012 16:51:14 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "81b94c72-67a0-4e5b-bfc3-b0dd462784f5");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 03 2011 11:40:12 GMT+0200");
Found : user_pref("ConduitEngine.BrowserCompStateIsOpen_3976808699496931956", true);
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "04/08/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Fri Apr 08 2011 10:50:49 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jul 01 2011 23:14:46 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN55961162417493152");
Found : user_pref("ConduitEngine.backendstorage.ytapp_dailyactivity", "31333035373836343834373538");
Found : user_pref("ConduitEngine.backendstorage.ytapp_lifetimesent", "54525545");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.counterAppsAdded", 1);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);
Found : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 131);
Found : user_pref("aol_toolbar.surf.date", "9");
Found : user_pref("aol_toolbar.surf.lastDate", "31");
Found : user_pref("aol_toolbar.surf.lastMonth", "6");
Found : user_pref("aol_toolbar.surf.lastYear", "2012");
Found : user_pref("aol_toolbar.surf.month", "162");
Found : user_pref("aol_toolbar.surf.prevMonth", "1");
Found : user_pref("aol_toolbar.surf.total", "2188");
Found : user_pref("aol_toolbar.surf.week", "9");
Found : user_pref("aol_toolbar.surf.year", "314");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "a2d0a057000000000000fee3e6c80700");
Found : user_pref("extensions.BabylonToolbar_i.id", "a2d0a057000000000000fee3e6c80700");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15483");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:19:04");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Found : user_pref("extensions.asktb.cbid", "4P");
Found : user_pref("extensions.asktb.config-updated", true);
Found : user_pref("extensions.asktb.cr-o", "");
Found : user_pref("extensions.asktb.crumb", "2011.08.26+12.33.29-toolbar005iad-DE-RnJhbmtmdXJ0IEFtIE1haW4sR2[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0040");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/redirecto[...]
Found : user_pref("extensions.asktb.first-launch-url", "hxxps://websessions.vodafone.de/welcome.do");
Found : user_pref("extensions.asktb.first-restart-after-config-update", true);
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "580aba0d-fefc-47e4-932a-9818eec10ca8");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1343753565058");
Found : user_pref("extensions.asktb.last-search-timestamp", "1343753802226");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.location", "Frankfurt Am Main,Germany");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "102823");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "5");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "A32A9DB7-C36F-42A7-97EF-DD08F743F14D");
Found : user_pref("extensions.asktb.search-history-queries", "irie reggae||GOOGLE");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "5000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "03.05.2012 11:13:59");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.15.1.100010");
Found : user_pref("extensions.asktb.version", "5.15.1.22229");
Found : user_pref("extensions.asktb.volume", "");
-\\ Google Chrome v21.0.1180.60
File : C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a2d0a0[...]
Found : "name": "Winamp Application Detector",
Found : "name": "Winamp Application Detector"
*************************
AdwCleaner[R1].txt - [43935 octets] - [08/08/2012 18:58:58]
########## EOF - C:\AdwCleaner[R1].txt - [44064 octets] ##########
|
|
08.08.2012, 19:23
| #6 |
| /// Helfer-Team | Bundespolizei Trojaner Eher weniger guten Eindruck 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Bundespolizei Trojaner |
|
09.08.2012, 00:56
| #7 |
| | Bundespolizei Trojaner Hehe ok. Hier das AwdCleaner Logfile: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/09/2012 at 01:11:21
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Pia - PIA-PC
# Running from : C:\Users\Pia\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Pia\AppData\Local\Conduit
Folder Deleted : C:\Users\Pia\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Pia\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pia\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pia\AppData\LocalLow\softonic-de3
Folder Deleted : C:\Users\Pia\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Pia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Pia\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\Conduit
Folder Deleted : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\ConduitEngine
Folder Deleted : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\WinampToolbarData
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Deleted : HKLM\SOFTWARE\softonic-de3
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472B25EF-7301-4D8D-A351-F27C9E6AD7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF9F6EA4-B0DF-4ED3-8AA6-03786D7EE054}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF9F6EA4-B0DF-4ED3-8AA6-03786D7EE054}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472B25EF-7301-4D8D-A351-F27C9E6AD7E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v11.0 (de)
Profile name : default
File : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\prefs.js
C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\user.js ... Deleted !
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Pia\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 08 2011 10:52:06 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 13 2011 20:22:19 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 23:14:46 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "face8c81-0a1d-40fa-b4e8-2366c4a516bb");
Deleted : user_pref("CommunityToolbar.globalUserId", "6112b02e-4b4f-4f79-856e-0ed1409bf9a6");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 08 2012 16:14:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 08 2012 17:14:23 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 08 2012 16:51:14 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "81b94c72-67a0-4e5b-bfc3-b0dd462784f5");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 03 2011 11:40:12 GMT+0200");
Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_3976808699496931956", true);
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "04/08/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Apr 08 2011 10:50:49 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jul 01 2011 23:14:46 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN55961162417493152");
Deleted : user_pref("ConduitEngine.backendstorage.ytapp_dailyactivity", "31333035373836343834373538");
Deleted : user_pref("ConduitEngine.backendstorage.ytapp_lifetimesent", "54525545");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.counterAppsAdded", 1);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jul 01 2011 23:14:47 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 131);
Deleted : user_pref("aol_toolbar.surf.date", "9");
Deleted : user_pref("aol_toolbar.surf.lastDate", "31");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "6");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "162");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "1");
Deleted : user_pref("aol_toolbar.surf.total", "2188");
Deleted : user_pref("aol_toolbar.surf.week", "9");
Deleted : user_pref("aol_toolbar.surf.year", "314");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a2d0a057000000000000fee3e6c80700");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "a2d0a057000000000000fee3e6c80700");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15483");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:19:04");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "4P");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.cr-o", "");
Deleted : user_pref("extensions.asktb.crumb", "2011.08.26+12.33.29-toolbar005iad-DE-RnJhbmtmdXJ0IEFtIE1haW4sR2[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0040");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/redirecto[...]
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxps://websessions.vodafone.de/welcome.do");
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "580aba0d-fefc-47e4-932a-9818eec10ca8");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1343753565058");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1343753802226");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Frankfurt Am Main,Germany");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "102823");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "5");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "A32A9DB7-C36F-42A7-97EF-DD08F743F14D");
Deleted : user_pref("extensions.asktb.search-history-queries", "irie reggae||GOOGLE");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "03.05.2012 11:13:59");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.1.100010");
Deleted : user_pref("extensions.asktb.version", "5.15.1.22229");
Deleted : user_pref("extensions.asktb.volume", "");
-\\ Google Chrome v21.0.1180.60
File : C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a2d0a0[...]
Deleted : "name": "Winamp Application Detector",
Deleted : "name": "Winamp Application Detector"
*************************
AdwCleaner[R1].txt - [44066 octets] - [08/08/2012 18:58:58]
AdwCleaner[S1].txt - [22792 octets] - [09/08/2012 01:11:21]
########## EOF - C:\AdwCleaner[S1].txt - [22921 octets] ##########
Habe nach dem Fehler gesucht aber noch keine Lösung gefunden. Andere Programme können installiert werden. Betriebssystem ist Windows 7. |
|
09.08.2012, 07:33
| #8 |
| /// Helfer-Team | Bundespolizei Trojaner Versuche mal mit Rechtsklick "als Administrator starten". |
|
14.08.2012, 19:27
| #9 |
| | Bundespolizei Trojaner So jetzt habe ich es geschafft das Emisoft Programm zu installieren. Der Fehler lag im falschen Registry Eintrag für den Dokumente Ordner. War auf ein nicht existierendes Laufwerk gerichtet. Hier der Bericht des Scans: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 14.08.2012 13:50:44
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 14.08.2012 13:50:59
Key: hkey_current_user\software\microsoft\windows\currentversion\uninstall\smart fortress 2012 gefunden: Trace.Registry.smartfortress2012!E1
c:\users\pia\desktop\smart fortress 2012.lnk gefunden: Trace.File.smartfortress2012!E1
c:\users\pia\appdata\roaming\microsoft\windows\start menu\programs\smart fortress 2012\smart fortress 2012.lnk gefunden: Trace.File.smartfortress2012!E1
C:\_OTL\MovedFiles\08082012_130729\C_Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08082012_130729\C_Windows\Installer\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08082012_130729\C_Users\Pia\AppData\Local\{a2afcad0-7336-7df3-913d-1c62aa2abbcc}\U\00000001.@ gefunden: Trojan.Win32.Agent.AMN!E1
D:\fashion\CHIFFON KLEID ZIPFEL FEEN ELFEN LOOK blau gold 38 40 bei eBay.de Abendmode (endet 03.04.11 15 32 06 MESZ)_files\4hcsjfq.gif gefunden: Attached PE/Script!E2
Gescannt 613759
Gefunden 7
Scan Ende: 14.08.2012 15:52:46
Scan Zeit: 2:01:47
|
|
14.08.2012, 20:31
| #10 |
| /// Helfer-Team | Bundespolizei Trojaner Wie beschrieben ausfuehren: http://www.trojaner-board.de/114276-...s-remover.html |
|
14.08.2012, 21:02
| #11 |
| | Bundespolizei Trojaner Hier das Logfile vom Avg Remover. |
|
15.08.2012, 08:55
| #12 |
| /// Helfer-Team | Bundespolizei Trojaner Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
15.08.2012, 13:03
| #13 |
| | Bundespolizei Trojaner Ich habe ComboFix ausgeführt. Das Programm hat mich gewarnt, AntiVir Desktop sei noch aktiv, obwohl ich es vorher deaktiviert hatte. Daraufhin habe ich es deinstalliert und nach Klicken auf "ok" kam eine zweite Meldung, es sei immer noch aktiv. Das Programm wurde dann ausgeführt, nachdem ich auf "x" geklickt hatte. Hier die Logs: log.txt Code:
ATTFilter ComboFix 12-08-14.05 - Pia 15.08.2012 13:10:24.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2013.932 [GMT 2:00]
ausgeführt von:: c:\users\Pia\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pia\AppData\Roaming\Help\coredb\storage
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-15 bis 2012-08-15 ))))))))))))))))))))))))))))))
.
.
2012-08-15 11:20 . 2012-08-15 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 01:16 . 2012-08-14 23:10 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-08-08 11:07 . 2012-08-08 11:07 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 00:46 . 2010-02-06 22:33 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-27 00:46 . 2010-05-19 05:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-27 00:46 . 2010-02-06 22:33 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-22 07:05 . 2010-02-08 11:46 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-22 07:05 . 2010-06-02 23:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-22 07:05 . 2010-02-22 18:23 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-03 11:46 . 2012-04-07 13:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 02:40 . 2012-07-12 01:03 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 07:27 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:27 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:27 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 05:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:37 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:37 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:37 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 01:08 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 07:27 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:27 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:27 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:27 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:27 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 03:41 . 2012-07-02 07:08 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F44A12-6D06-44BB-AEF9-9CBCDC439696}\mpengine.dll
2012-04-13 11:16 . 2011-05-16 21:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-12 39408]
"WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-02-22 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-01-29 273544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 23:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\p6srcfhk.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-vbyitdcdxfwlcny - c:\programdata\vbyitdcd.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
AddRemove-Burn4Free - c:\program files\Burn4Free\uninstall.exe
AddRemove-Burn4Free CD & DVD_is1 - c:\program files\Burn4Free\unins000.exe
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe
AddRemove-RealPlayer 12.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Smart Fortress 2012 - c:\programdata\F4D55F3B000027CC00014604B4EB23C1\F4D55F3B000027CC00014604B4EB23C1.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\dinotify.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-15 13:34:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-15 11:34
.
Vor Suchlauf: 7.213.707.264 Bytes frei
Nach Suchlauf: 6.672.384.000 Bytes frei
.
- - End Of File - - 690BD4B70CA431436F33046F57791B9A
Code:
ATTFilter 32 Bit HP CIO Components Installer ABBYY FineReader 6.0 Sprint Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.4 - Deutsch Adobe Shockwave Player 11.5 Amazon MP3-Downloader 1.0.9 B010 B110 Brother MFL-Pro Suite DCP-J515W BufferChm Burn4Free CD & DVD 4.9.0.0 Burn4Free CD and DVD Canon MP250 series MP Drivers CDBurnerXP Destinations DeviceDiscovery Druckerdeinstallation für EPSON SX110 Series Emsisoft Anti-Malware Epson Easy Photo Print 2 EPSON Scan Express Burn Disc Burning Software Express Rip Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply Java Auto Updater Java(TM) 6 Update 24 Malwarebytes Anti-Malware Version 1.62.0.1300 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 11.0 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network Norton Security Scan OpenOffice.org 3.1 PCFriendly PS_AIO_07_B010_SW_Min PS_AIO_07_B110_SW_Min QuickTransfer RealNetworks - Microsoft Visual C++ 2005 Runtime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Shop for HP Supplies Skype Click to Call Skype™ 5.8 Smart Fortress 2012 SmartWebPrinting SolutionCenter SRWare Iron 4.0.280 Status Toolbox TrayApp Uniblue RegistryBooster 2010 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.1.9 Vodafone Mobile Broadband WeatherBug Alert WebReg Win7codecs Winamp Winamp Erkennungs-Plug-in Windows Live ID Sign-in Assistant WinZip 14.5 Yahoo! BrowserPlus 2.9.8 Bsp.: "C:\Program Files\Mozilla Firefox\firefox.exe Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde." |
|
15.08.2012, 14:39
| #14 |
| /// Helfer-Team | Bundespolizei Trojaner Neustarten, dann: 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
16.08.2012, 11:32
| #15 |
| | Bundespolizei Trojaner Hier das Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.15.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pia :: PIA-PC [Administrator] Schutz: Aktiviert 16.08.2012 02:34:10 mbam-log-2012-08-16 (02-34-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 360168 Laufzeit: 1 Stunde(n), 24 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Bundespolizei Trojaner |
| abgesicherte, abgesicherten, abgesicherten modus, angebliche, arten, beim starten, bundespolizei, bundespolizei trojaner, defogger, gestartet, gewand, hilfe!, laufe, laufen, logfiles, modus, otl.exe, rechner, sperrung, starte, starten, troja, trojane, trojaner |
Hybrid-Darstellung
