Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Webcam Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.08.2012, 19:27   #1
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Hallo zusammen.
Hab mir den blöden GVU Trojaner mit dem Webcamfenster eingefangen.
Habe schon versucht das Ding mithilfe der Kaspersky Lösung und diversen Virenscannern mit dem SARDU Tool loszuwerden, aber das brachte nicht wirklich die Lösung glaube ich.
Deshalb wende ich mich nun an euch und bitte um Hilfe.
Den OTL habe ich gerade ausgeführt und packe die LOGs anbei.
What's next?
Danke.

Alt 31.08.2012, 17:31   #2
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&ss=1&affID=100365&mntrId=d0db204d0000000000000017c4be497e 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NRO2&o=&src=crm&q={searchTerms}&locale= 
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-vmn&type=youdagames6_0yach&p={searchTerms}&ei=UTF-8 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE365 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{A21218CF-F765-48A5-8B9A-7C24FD6F2E25}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://search.conduit.com/?SearchSource=10&ctid=CT2528046 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized File not found 
O4 - HKCU..\Run: [] File not found 
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.6.2) 
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0a7119a7-015f-11e0-97d9-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{0a7119a7-015f-11e0-97d9-00262d5750fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{0a7119b6-015f-11e0-97d9-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{0a7119b6-015f-11e0-97d9-00262d5750fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\Shell\AutoRun\command - "" = E:\CMADownloader.exe 
O33 - MountPoints2\{60d8dd12-090e-11e0-950d-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{60d8dd12-090e-11e0-950d-00262d5750fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{d7e6de23-0546-11e0-8351-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{d7e6de23-0546-11e0-8351-00262d5750fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{d89df384-0749-11e0-b0e1-00262d5750fb}\Shell - "" = AutoRun 
O33 - MountPoints2\{d89df384-0749-11e0-b0e1-00262d5750fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
 
[2012.08.30 08:29:22 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 

[2012.08.29 07:28:50 | 000,001,905 | ---- | M] () -- C:\Users\christin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:3991CD7D 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:B8B102B9 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:45E74272 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:54997B77 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1BC99E01 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:023F0743 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:864A52B8 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:798A3728 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E62BE020 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:981349EA 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:2ABB51D4 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3FBB88CF 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CEE4A457 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:81B52FA6 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5CE65446 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3AC42987 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2085D07D 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1E66EE85 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:FB384C06 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C1E4B166 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7EABF26C 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F7FFE8AF 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:9AB56A06 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:68DA8CC0 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:531637AD 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:436BE28C 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A3F4C22C 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:902B6A44 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:814B9485 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:63A71C6F 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:160ADF0B 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CF2C26D2 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:95B8F7F6 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:93F6D130 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:8D8F3340 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:52A42F4C 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2FBB2B9B 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6CFD36EA 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:516FF8A1 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5711EF65 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4EE323A4 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2B856118 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:943E8182 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:902C848D 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:77271429 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:61E5F0F7 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5199C971 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:33A7CC67 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FF8F1AE3 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:85376176 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:300E36AB 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:26EE282C 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:07D64CD9 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FF818E2B 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E6E9EB6C 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:D1361E51 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:550179F5 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2556A8A0 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:13B137AF 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F878F14A 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F65733F1 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D44D0CA3 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:861A898F 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5D7E5A8F 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:18AA05CB 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0D31DA45 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E55CE2D1 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D4BB0AD6 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:92C45D1A 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E6907AB 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EB68CA55 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:92D18A5E 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8924043A 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EC7C9796 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9331E9D2 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F7ECF6A 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:726A7C8D 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6FD36C4B 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CE0A077E 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8C443193 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:426796C0 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:370EF5E8 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DA3C6C07 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D88D995C 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:86A8CE8D 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:74699137 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2504A086 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E8F2A400 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C7857F06 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C36E5828 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:57B374AB 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4C528C86 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:46545F5C 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1013B07C 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F67AAFC5 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:AC95B5ED 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8AB6C1D7 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:895A78C5 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:678C1866 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:232300C2 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DB563BE7 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85526F54 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:7C3E753C 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:56C66609 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:53992C73 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:2A8A3140 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:147DA06A 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D61F920D 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B8EA2C49 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:9F38BF31 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:943971F5 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:89CC7FD8 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:57B4E612 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3BF63E4A 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:0B9176C0 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5D17C178 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4C49306C 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B285A50E 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:206470A5 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EB4FEEF5 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C3C72D5F 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7CACEF61 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:580E04D8 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:32FFF2D1 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1F7A10DD 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F1DEA771 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DF5BAC78 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BB24555F 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9290C91C 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6C031E3E 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:561568A4 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EB5BDBB0 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7547DA5B 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6FE17A89 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:104A718B 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D5DAEF21 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:EF4FB3C5 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DF0BC727 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:331B76C7 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:1CE87230 
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:5A437AC3 


:Files

C:\Users\christin\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\christin\AppData\Local\Temp\*.exe
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 31.08.2012, 20:37   #3
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Erstmal Danke für die recht fixe Antwort.
Habe Schritt 1 Durchgeführt, hier das Log.
Allerdings kam nach dem Neustart nen Popup mit der Fehlermeldung:
"Problem beim Starten von install_0_msi.exe Das angegebene Modul wurde nicht gefunden."
Hat das was zu bedeuten?

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A21218CF-F765-48A5-8B9A-7C24FD6F2E25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21218CF-F765-48A5-8B9A-7C24FD6F2E25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: personas@christopher.beard:1.6.1 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LELA deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7119a7-015f-11e0-97d9-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7119a7-015f-11e0-97d9-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7119a7-015f-11e0-97d9-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7119a7-015f-11e0-97d9-00262d5750fb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7119b6-015f-11e0-97d9-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7119b6-015f-11e0-97d9-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7119b6-015f-11e0-97d9-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7119b6-015f-11e0-97d9-00262d5750fb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9130f3-d3e9-11e1-8163-00262d5750fb}\ not found.
File E:\CMADownloader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d8dd12-090e-11e0-950d-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d8dd12-090e-11e0-950d-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d8dd12-090e-11e0-950d-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d8dd12-090e-11e0-950d-00262d5750fb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e6de23-0546-11e0-8351-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e6de23-0546-11e0-8351-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e6de23-0546-11e0-8351-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e6de23-0546-11e0-8351-00262d5750fb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d89df384-0749-11e0-b0e1-00262d5750fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d89df384-0749-11e0-b0e1-00262d5750fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d89df384-0749-11e0-b0e1-00262d5750fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d89df384-0749-11e0-b0e1-00262d5750fb}\ not found.
File E:\AutoRun.exe not found.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\christin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
ADS C:\ProgramData\Temp:3991CD7D deleted successfully.
ADS C:\ProgramData\Temp:B8B102B9 deleted successfully.
ADS C:\ProgramData\Temp:45E74272 deleted successfully.
ADS C:\ProgramData\Temp:54997B77 deleted successfully.
ADS C:\ProgramData\Temp:1BC99E01 deleted successfully.
ADS C:\ProgramData\Temp:023F0743 deleted successfully.
ADS C:\ProgramData\Temp:864A52B8 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:E62BE020 deleted successfully.
ADS C:\ProgramData\Temp:981349EA deleted successfully.
ADS C:\ProgramData\Temp:10873493 deleted successfully.
ADS C:\ProgramData\Temp:F53B274A deleted successfully.
ADS C:\ProgramData\Temp:2ABB51D4 deleted successfully.
ADS C:\ProgramData\Temp:51E83E25 deleted successfully.
ADS C:\ProgramData\Temp:3FBB88CF deleted successfully.
ADS C:\ProgramData\Temp:CEE4A457 deleted successfully.
ADS C:\ProgramData\Temp:81B52FA6 deleted successfully.
ADS C:\ProgramData\Temp:5CE65446 deleted successfully.
ADS C:\ProgramData\Temp:3AC42987 deleted successfully.
ADS C:\ProgramData\Temp:2085D07D deleted successfully.
ADS C:\ProgramData\Temp:1E66EE85 deleted successfully.
ADS C:\ProgramData\Temp:FB384C06 deleted successfully.
ADS C:\ProgramData\Temp:C1E4B166 deleted successfully.
ADS C:\ProgramData\Temp:7EABF26C deleted successfully.
ADS C:\ProgramData\Temp:F7FFE8AF deleted successfully.
ADS C:\ProgramData\Temp:9AB56A06 deleted successfully.
ADS C:\ProgramData\Temp:68DA8CC0 deleted successfully.
ADS C:\ProgramData\Temp:531637AD deleted successfully.
ADS C:\ProgramData\Temp:436BE28C deleted successfully.
ADS C:\ProgramData\Temp:A3F4C22C deleted successfully.
ADS C:\ProgramData\Temp:902B6A44 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:63A71C6F deleted successfully.
ADS C:\ProgramData\Temp:160ADF0B deleted successfully.
ADS C:\ProgramData\Temp:CF2C26D2 deleted successfully.
ADS C:\ProgramData\Temp:95B8F7F6 deleted successfully.
ADS C:\ProgramData\Temp:93F6D130 deleted successfully.
ADS C:\ProgramData\Temp:8D8F3340 deleted successfully.
ADS C:\ProgramData\Temp:52A42F4C deleted successfully.
ADS C:\ProgramData\Temp:2FBB2B9B deleted successfully.
ADS C:\ProgramData\Temp:6CFD36EA deleted successfully.
ADS C:\ProgramData\Temp:516FF8A1 deleted successfully.
ADS C:\ProgramData\Temp:5711EF65 deleted successfully.
ADS C:\ProgramData\Temp:4EE323A4 deleted successfully.
ADS C:\ProgramData\Temp:2B856118 deleted successfully.
ADS C:\ProgramData\Temp:943E8182 deleted successfully.
ADS C:\ProgramData\Temp:902C848D deleted successfully.
ADS C:\ProgramData\Temp:77271429 deleted successfully.
ADS C:\ProgramData\Temp:61E5F0F7 deleted successfully.
ADS C:\ProgramData\Temp:5E73E1C2 deleted successfully.
ADS C:\ProgramData\Temp:5199C971 deleted successfully.
ADS C:\ProgramData\Temp:33A7CC67 deleted successfully.
ADS C:\ProgramData\Temp:FF8F1AE3 deleted successfully.
ADS C:\ProgramData\Temp:85376176 deleted successfully.
ADS C:\ProgramData\Temp:300E36AB deleted successfully.
ADS C:\ProgramData\Temp:26EE282C deleted successfully.
ADS C:\ProgramData\Temp:07D64CD9 deleted successfully.
ADS C:\ProgramData\Temp:FF818E2B deleted successfully.
ADS C:\ProgramData\Temp:E6E9EB6C deleted successfully.
ADS C:\ProgramData\Temp:D1361E51 deleted successfully.
ADS C:\ProgramData\Temp:550179F5 deleted successfully.
ADS C:\ProgramData\Temp:2556A8A0 deleted successfully.
ADS C:\ProgramData\Temp:13B137AF deleted successfully.
ADS C:\ProgramData\Temp:F878F14A deleted successfully.
ADS C:\ProgramData\Temp:F65733F1 deleted successfully.
ADS C:\ProgramData\Temp:D44D0CA3 deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:18AA05CB deleted successfully.
ADS C:\ProgramData\Temp:0D31DA45 deleted successfully.
ADS C:\ProgramData\Temp:E55CE2D1 deleted successfully.
ADS C:\ProgramData\Temp:D4BB0AD6 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:92C45D1A deleted successfully.
ADS C:\ProgramData\Temp:0E6907AB deleted successfully.
ADS C:\ProgramData\Temp:EB68CA55 deleted successfully.
ADS C:\ProgramData\Temp:92D18A5E deleted successfully.
ADS C:\ProgramData\Temp:8924043A deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:EC7C9796 deleted successfully.
ADS C:\ProgramData\Temp:9331E9D2 deleted successfully.
ADS C:\ProgramData\Temp:8F7ECF6A deleted successfully.
ADS C:\ProgramData\Temp:726A7C8D deleted successfully.
ADS C:\ProgramData\Temp:6FD36C4B deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:940ECC98 deleted successfully.
ADS C:\ProgramData\Temp:8C443193 deleted successfully.
ADS C:\ProgramData\Temp:426796C0 deleted successfully.
ADS C:\ProgramData\Temp:370EF5E8 deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
ADS C:\ProgramData\Temp:DA3C6C07 deleted successfully.
ADS C:\ProgramData\Temp:D88D995C deleted successfully.
ADS C:\ProgramData\Temp:86A8CE8D deleted successfully.
ADS C:\ProgramData\Temp:74699137 deleted successfully.
ADS C:\ProgramData\Temp:2504A086 deleted successfully.
ADS C:\ProgramData\Temp:E8F2A400 deleted successfully.
ADS C:\ProgramData\Temp:C7857F06 deleted successfully.
ADS C:\ProgramData\Temp:C36E5828 deleted successfully.
ADS C:\ProgramData\Temp:57B374AB deleted successfully.
ADS C:\ProgramData\Temp:4C528C86 deleted successfully.
ADS C:\ProgramData\Temp:46545F5C deleted successfully.
ADS C:\ProgramData\Temp:1013B07C deleted successfully.
ADS C:\ProgramData\Temp:F67AAFC5 deleted successfully.
ADS C:\ProgramData\Temp:AC95B5ED deleted successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\Temp:895A78C5 deleted successfully.
ADS C:\ProgramData\Temp:678C1866 deleted successfully.
ADS C:\ProgramData\Temp:232300C2 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:DB563BE7 deleted successfully.
ADS C:\ProgramData\Temp:85526F54 deleted successfully.
ADS C:\ProgramData\Temp:7C3E753C deleted successfully.
ADS C:\ProgramData\Temp:56C66609 deleted successfully.
ADS C:\ProgramData\Temp:53992C73 deleted successfully.
ADS C:\ProgramData\Temp:2A8A3140 deleted successfully.
ADS C:\ProgramData\Temp:147DA06A deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:F7862839 deleted successfully.
ADS C:\ProgramData\Temp:D61F920D deleted successfully.
ADS C:\ProgramData\Temp:B8EA2C49 deleted successfully.
ADS C:\ProgramData\Temp:9F38BF31 deleted successfully.
ADS C:\ProgramData\Temp:943971F5 deleted successfully.
ADS C:\ProgramData\Temp:89CC7FD8 deleted successfully.
ADS C:\ProgramData\Temp:57B4E612 deleted successfully.
ADS C:\ProgramData\Temp:3BF63E4A deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:5D17C178 deleted successfully.
ADS C:\ProgramData\Temp:4C49306C deleted successfully.
ADS C:\ProgramData\Temp:B285A50E deleted successfully.
ADS C:\ProgramData\Temp:206470A5 deleted successfully.
ADS C:\ProgramData\Temp:EB4FEEF5 deleted successfully.
ADS C:\ProgramData\Temp:C3C72D5F deleted successfully.
ADS C:\ProgramData\Temp:7CACEF61 deleted successfully.
ADS C:\ProgramData\Temp:580E04D8 deleted successfully.
ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully.
ADS C:\ProgramData\Temp:1F7A10DD deleted successfully.
ADS C:\ProgramData\Temp:F1DEA771 deleted successfully.
ADS C:\ProgramData\Temp:DF5BAC78 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:9290C91C deleted successfully.
ADS C:\ProgramData\Temp:6C031E3E deleted successfully.
ADS C:\ProgramData\Temp:561568A4 deleted successfully.
ADS C:\ProgramData\Temp:EB5BDBB0 deleted successfully.
ADS C:\ProgramData\Temp:7547DA5B deleted successfully.
ADS C:\ProgramData\Temp:6FE17A89 deleted successfully.
ADS C:\ProgramData\Temp:104A718B deleted successfully.
ADS C:\ProgramData\Temp:D5DAEF21 deleted successfully.
ADS C:\ProgramData\Temp:EF4FB3C5 deleted successfully.
ADS C:\ProgramData\Temp:DF0BC727 deleted successfully.
ADS C:\ProgramData\Temp:331B76C7 deleted successfully.
ADS C:\ProgramData\Temp:1CE87230 deleted successfully.
ADS C:\ProgramData\Temp:5A437AC3 deleted successfully.
========== FILES ==========
File\Folder C:\Users\christin\AppData\Local\{*} not found.
C:\ProgramData\FullRemove.exe moved successfully.
C:\ProgramData\Temp\{AAF84FAD-5236-4A83-BA62-7D098FE1B8FA} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\christin\AppData\Local\Temp\5A04.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe moved successfully.
C:\Users\christin\AppData\Local\Temp\cci.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\EAD5541.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\EdManagerAuto.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\ffunzip.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\GLF8E5E.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\install_0_msi.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\lame.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\MyBabylonTB.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\SearchWithGoogleUpdate.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\setup_3.0.5606.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\setup_3.2.10.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\softonic-de3.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\symcdefsv5i64.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\winload_community_tb.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\_is40E6.exe moved successfully.
C:\Users\christin\AppData\Local\Temp\_is905.exe moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\christin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\christin\Desktop\cmd.bat deleted successfully.
C:\Users\christin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: christin
->Temp folder emptied: 5335295773 bytes
->Temporary Internet Files folder emptied: 484099759 bytes
->FireFox cache emptied: 60693205 bytes
->Apple Safari cache emptied: 2239488 bytes
->Flash cache emptied: 57072 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678184349 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 577374869 bytes
 
Total Files Cleaned = 7.761,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08312012_202414

Files\Folders moved on Reboot...
C:\Users\christin\AppData\Local\Temp\7zS5A19\HPSLPSVC64.DLL moved successfully.
C:\Users\christin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Schritt 2 erledigt.
Malwarebytes hat 3 Dateien gefunden und gelöscht bzw in Quarantäne gestellt. Log anbei.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
christin :: SCHÄTZEKEN [Administrator]

Schutz: Aktiviert

31.08.2012 21:01:07
mbam-log-2012-08-31 (21-01-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389258
Laufzeit: 1 Stunde(n), 14 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\Local\Temp\install_0_msi.exe (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\76ce35e7-54cf6f6e (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Schritt 3 erledigt. Log von Adw Cleaner:
Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/31/2012 um 22:39:13 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : christin - SCHÄTZEKEN
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\christin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\christin\AppData\Local\Babylon
Ordner Gefunden : C:\Users\christin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\christin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\christin\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\christin\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\christin\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\Conduit
Ordner Gefunden : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\ConduitEngine

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2528046
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9B2207B-C27E-4CC2-B143-312D345CE52B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDFDE2C2-B572-4570-A60E-A6A26C8AAB7A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\prefs.js

Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search,DVDVideoSoftTB Custom[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\christin\\AppData\\Roaming\\Mozilla[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 20:27:17 GMT+01[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 18:57:30 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "9a78d234-8c86-47a0-bb67-09942903edf9");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 29 2011 16:22:36 GMT+0200");
Gefunden : user_pref("CommunityToolbar.globalUserId", "67989d2f-abd1-4d0e-bcd1-4b5b36c95e58");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 13 2012 18:50:2[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 16 2012 23:38:40 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 16 2012 20:22:07 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "df573ff5-2181-442c-af67-27354c89f9a6");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "about:home");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Gefunden : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 21 2011 18:30:47 GMT+0200");
Gefunden : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 19 2011 21:17:50 GMT+0200");
Gefunden : user_pref("ConduitEngine.FirstServerDate", "03/24/2011 22");
Gefunden : user_pref("ConduitEngine.FirstTime", true);
Gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gefunden : user_pref("ConduitEngine.Initialize", true);
Gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gefunden : user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 20:27:18 GMT+0100");
Gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gefunden : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 21 2011 21:30:26 GMT+0200");
Gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 21 2011 21:30:26 GMT+0200");
Gefunden : user_pref("ConduitEngine.UserID", "UN33830497190182385");
Gefunden : user_pref("ConduitEngine.approveUntrustedApps", false);
Gefunden : user_pref("ConduitEngine.componentAlertEnabled", false);
Gefunden : user_pref("ConduitEngine.engineLocale", "de");
Gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 21 2011 18:30:26 GMT+0200");
Gefunden : user_pref("ConduitEngine.initDone", true);
Gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gefunden : user_pref("ConduitEngine.usageEnabled", false);
Gefunden : user_pref("ConduitEngine.usagesFlag", 2);
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gefunden : user_pref("extensions.BabylonToolbar.firstRun", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "726930C0C474CD3FD04F5429E31E7312");
Gefunden : user_pref("extensions.BabylonToolbar.lastActv", "28");
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 28);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.214:37:32");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\christin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15340 octets] - [31/08/2012 22:39:13]

########## EOF - C:\AdwCleaner[R1].txt - [15401 octets] ##########
         
Schritt 4 erledigt. 2tes ADW log:
Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/31/2012 um 22:46:40 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : christin - SCHÄTZEKEN
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\christin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\christin\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\christin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\christin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\christin\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\christin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\christin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\Conduit
Ordner Gelöscht : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\ConduitEngine

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2528046
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9B2207B-C27E-4CC2-B143-312D345CE52B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDFDE2C2-B572-4570-A60E-A6A26C8AAB7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\christin\AppData\Roaming\Mozilla\Firefox\Profiles\99rj8sry.default\prefs.js

Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search,DVDVideoSoftTB Custom[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\christin\\AppData\\Roaming\\Mozilla[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 20:27:17 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 18:57:30 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "9a78d234-8c86-47a0-bb67-09942903edf9");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 29 2011 16:22:36 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "67989d2f-abd1-4d0e-bcd1-4b5b36c95e58");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 13 2012 18:50:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 16 2012 23:38:40 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 16 2012 20:22:07 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "df573ff5-2181-442c-af67-27354c89f9a6");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "about:home");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 21 2011 18:30:47 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 19 2011 21:17:50 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "03/24/2011 22");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 20:27:18 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 21 2011 21:30:26 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 21 2011 21:30:26 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN33830497190182385");
Gelöscht : user_pref("ConduitEngine.approveUntrustedApps", false);
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 21 2011 21:17:49 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 21 2011 18:30:26 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usageEnabled", false);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "726930C0C474CD3FD04F5429E31E7312");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "28");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 28);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.214:37:32");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\christin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15467 octets] - [31/08/2012 22:39:13]
AdwCleaner[S1].txt - [15835 octets] - [31/08/2012 22:46:40]

########## EOF - C:\AdwCleaner[S1].txt - [15896 octets] ##########
         
Wars das? Ist mein PC nun sauber?
__________________

Alt 01.09.2012, 01:08   #4
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 01:31   #5
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Rechner läuft ausser das nach dem Neustart jetzt oben links ein kleines weisses Fenster kam ganz gut, danke. Mache mich jetzt mal an den nächsten Schritt.


Alt 01.09.2012, 01:39   #6
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Gut, Emsisoft!
__________________
--> GVU Webcam Trojaner eingefangen

Alt 01.09.2012, 03:16   #7
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Emisoft findet 13 Dateien. Log:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 01.09.2012 01:34:35

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	01.09.2012 01:35:08

Value: hkey_current_user\software\jollybear\big city adventure san francisco\3dsettings --> driver 	gefunden: Trace.Registry.gamefiesta big city adventure san francisco!E1
Value: hkey_current_user\software\jollybear\big city adventure san francisco\3dsettings --> driverdate 	gefunden: Trace.Registry.gamefiesta big city adventure san francisco!E1
Value: hkey_current_user\software\jollybear\big city adventure san francisco\3dsettings --> driverdescription 	gefunden: Trace.Registry.gamefiesta big city adventure san francisco!E1
Key: hkey_local_machine\software\trymedia systems 	gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software 	gefunden: Trace.Registry.trymedia!E1
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaaa.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaaf.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaad.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaag.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaae.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaab.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89 -> faaaaa\faaaac.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\Users\christin\AppData\Roaming\Move Networks\uninstall.exe 	gefunden: Trojan-Clicker.Win32.NSIS!E1

Gescannt	620945
Gefunden	13

Scan Ende:	01.09.2012 02:51:58
Scan Zeit:	1:16:50
         

Alt 01.09.2012, 03:31   #8
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 18:32   #9
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Logfile Eset found 2 Files:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=feef0651c730b74c85ece4427fe69862
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 04:24:56
# local_time=2012-09-01 06:24:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 98123197 0 0
# compatibility_mode=8192 67108863 100 0 165 165 0 0
# scanned=184655
# found=2
# cleaned=2
# scan_time=23349
C:\Users\christin\Downloads\SoftonicDownloader12536.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\08312012_202414\C_Users\christin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2b4a5f22-112b6e89	a variant of Java/Exploit.CVE-2012-4681.B trojan (deleted - quarantined)	00000000000000000000000000000000	C
         

Alt 02.09.2012, 10:57   #10
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 12:19   #11
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Neuste Java installiert und eingestellt:

Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 14.0.1 ist aktuell

    Flash (11,4,402,265) ist aktuell.

    Java (1,7,0,7) ist aktuell.

    Adobe Reader 10,1,4,38 ist aktuell.
         
Java Plugin deaktiviert:

Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 14.0.1 ist aktuell

    Flash (11,4,402,265) ist aktuell.

    Java ist Installiert aber nicht aktiviert.

    Adobe Reader 10,1,4,38 ist aktuell.
         

Geändert von TiefimWesten (02.09.2012 um 12:27 Uhr)

Alt 02.09.2012, 15:27   #12
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 19:14   #13
TiefimWesten
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



Super
Vielen dank für die Kompetente und schnelle Hilfe.
Habe auch die letzten Schritte problemlos ausgeführt und Werde mir dann mal die Lektüre zur Gemüte führen.
Herzlichen Dank ich werde euch weiterempfehlen.

Alt 02.09.2012, 21:32   #14
t'john
/// Helfer-Team
 
GVU Webcam Trojaner eingefangen - Standard

GVU Webcam Trojaner eingefangen



wir wuenschen eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Webcam Trojaner eingefangen
eingefangen, gefangen, gvu trojaner, kaspersky, lösung, scan, scanner, tool, trojaner, virenscan, virenscanner, virenscannern, webcam



Ähnliche Themen: GVU Webcam Trojaner eingefangen


  1. GUV-Trojaner mit Webcam
    Log-Analyse und Auswertung - 20.07.2014 (3)
  2. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  3. Trojahner eingefangen mit Webcam funktion
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (1)
  4. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (9)
  5. GUV Trojaner mit Webcam
    Log-Analyse und Auswertung - 16.12.2012 (14)
  6. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (1)
  7. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (10)
  8. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  9. Variante des Bundespilzei Trojaner mit Webcam eingefangen
    Log-Analyse und Auswertung - 21.11.2012 (8)
  10. GVU Trojaner mit Webcam eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  11. GVU Trojaner mit Webcam-Bild eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (14)
  12. GVU Trojaner Version mit Webcam eingefangen
    Log-Analyse und Auswertung - 16.08.2012 (1)
  13. GVU Trojaner mit Webcam eingefangen :-(
    Log-Analyse und Auswertung - 02.08.2012 (18)
  14. GVU-Trojaner mit Wasse(?)/Webcam eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (12)
  15. GVU-Trojaner mit Webcam eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (11)
  16. GVU-BKA Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (14)
  17. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (3)

Zum Thema GVU Webcam Trojaner eingefangen - Hallo zusammen. Hab mir den blöden GVU Trojaner mit dem Webcamfenster eingefangen. Habe schon versucht das Ding mithilfe der Kaspersky Lösung und diversen Virenscannern mit dem SARDU Tool loszuwerden, aber - GVU Webcam Trojaner eingefangen...
Archiv
Du betrachtest: GVU Webcam Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.